1/ Unconfirmed report on IRC of "a significant (400+) number of peers on the bitcoin p2p network that are currently engaging in a sybil attack. They pretend to be running various versions of Bitcoin software, but are not. They respond with compact blocks handshakes, pings and pongs, but never respond to headers, get blocks, or inventory messages."
2/ Unconfirmed report (continued): "The addr messages they push are stuffed with like-peers, and in general seem to be over-represented in outgoing connections of normal nodes. The current discovered peers are all on VPS hosts, carefully chosen to evade the logic which prevents connecting to multiple peers in the same /24. There's a sample of them here, representing GCE, AWS, DigitalOcean, and Hetzner."
3/ If you run a Bitcoin node, consider updating its banlist with the latest one from GMaxwell I tooted a couple hours ago. It only takes a few seconds to copy-paste the list into your bitcoin-qt GUI console, or in the terminal with bitcoin-cli running.
4/ GMaxwell's new banlist includes the bad actor IP addresses in the reported pastebin sample.
@jon Thanks for alerting us to this.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!