Peer-observer: A tool and infrastructure for monitoring the Bitcoin P2P network for attacks and anomalies

It leverages "honeypot nodes" to gather insightful data, ensuring privacy measures are in place to protect the identities of these nodes. A significant feature of the project is its web front end, which is intentionally not publicly accessible to safeguard the data and prevent potential identification of the nodes. Nevertheless, a list of these nodes, along with their configurations, is available for public viewing. This balance between privacy and transparency is further exemplified by the provision of a fork-observer instance connected to the nodes, enhancing the project's accessibility.

In terms of software development and availability, the Peer Observer project has made strides by making its tools publicly available on GitHub. This includes the main tooling suite, along with a NixOS package and module designed for efficient deployment and management of the tools. Although the detailed infrastructure configuration remains unpublished, there is an intention to make this information available to the public. Such a move would significantly lower the barriers for replicating the setup, enabling more individuals to run similar systems independently. This openness is a testament to the project's commitment to community engagement and collaboration.

The technical advancements of the Peer Observer project are noteworthy, particularly in its monitoring and analysis capabilities. The project initially utilized an ebpf-extractor for real-time event tracking, which has proven effective in various areas such as monitoring connections to spy nodes, analyzing transport protocols, and detecting DoS attacks. The exploration of additional data extraction methods, including an IPC-based extractor, indicates a continuous effort to refine and enhance network monitoring solutions. Moreover, the inclusion of a Knots node named nico reflects the project’s dedication to comprehensive network coverage and the accommodation of diverse network participants.

A demo instance of the peer-observer has been established, showcasing the project's utility and inviting wider participation. Sponsored by lclhost.org, this instance features two nodes and is fully accessible to the public, demonstrating the practical application of the project's tools and methodologies. The underlying infrastructure for the demo relies on a NixOS definition, highlighting the project's use of robust and scalable technologies. For those interested in exploring the project further, extensive resources and discussions are available online, covering topics from data extraction methodologies to DoS detection strategies.

For more detailed information and to engage with the project, the following resources are available: the project page, the public observer instance and fork-observer at public.peer.observer and public.peer.observer/forks/, GitHub repositories for the main tooling and NixOS package, and discussions on potential expansions and methodologies at various issue trackers and GitHub discussions linked within the text.