Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node performs peer scanning using private subnets #4046

Closed
alexeirbv opened this issue Feb 2, 2022 · 0 comments · Fixed by #4151
Closed

Node performs peer scanning using private subnets #4046

alexeirbv opened this issue Feb 2, 2022 · 0 comments · Fixed by #4151

Comments

@alexeirbv
Copy link

Describe the bug
Hello! Harmony node performs peer scanning using private subnets which cause much problems with our server's hosting company. From their side this behaviour looks like malicious netscan and we get abuse reports. Can we disable this? Maybe in harmony.conf config?

Some network dump info:

 TCP OUR_SERVER_IP 9500  =>      10.42.2.63 30206
 TCP OUR_SERVER_IP 9500  =>      10.42.2.63 30206
 TCP OUR_SERVER_IP 9500  =>       10.0.0.48 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.145 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.228 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.233 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.233 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.235 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.0.235 9000
 TCP OUR_SERVER_IP 9500  =>       10.0.1.58 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.14.38 9000
 TCP OUR_SERVER_IP 9500  =>      10.0.14.38 9000

To Reproduce
Just run Harmony node with default config

Expected behavior
Harmony nodes does not perform peer scaning using private subnets

Environment (please complete the following information):

  • OS: Ubuntu Server 20.04
MaxMustermann2 added a commit to MaxMustermann2/harmony that referenced this issue Apr 25, 2022
@MaxMustermann2
[p2p]: feat: allow disable scan of private ips
975840a 
Add a command line flag `--p2p.no-private-ip-scan` or config file option
in P2P `DisablePrivateIPScan` to stop node operators from receiving
netscan abuse emails. Fixes harmony-one#4036, harmony-one#4046 and harmony-one#3788. After this change,
node operators should not need to use `iptables` to firewall out RFC1918
traffic.
@MaxMustermann2 MaxMustermann2 mentioned this issue Apr 25, 2022
Merged
@MaxMustermann2 MaxMustermann2 linked a pull request May 6, 2022 that will close this issue
[p2p]: feat: allow disable scan of private ips #4151
Merged
sophoah pushed a commit that referenced this issue May 11, 2022
@MaxMustermann2
[p2p]: feat: allow disable scan of private ips (#4151)
947c6ef 
* [p2p]: feat: allow disable scan of private ips

Add a command line flag `--p2p.no-private-ip-scan` or config file option
in P2P `DisablePrivateIPScan` to stop node operators from receiving
netscan abuse emails. Fixes #4036, #4046 and #3788. After this change,
node operators should not need to use `iptables` to firewall out RFC1918
traffic.

* [p2p] fix: Cascade disallow private scan
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[p2p]: feat: allow disable scan of private ips MaxMustermann2/harmony
1 participant
@alexeirbv