Closed hb020 closed 2 years ago
I saw something today that may be related to this issue, or maybe not.
While debugging why connected peers seem so badly out-of-sync with one another, I tried something I had never thought of doing before: adding the regional introducer as a peer. (In config.yaml
, the introducer exists at its default value, introducer.chia.net.) I did this:
(venv) ~$ chia show -a introducer-va.chia.net:8444
The first unexpected result was that, in the connections list, I now had a peer of type introducer
with the ip-address replaced by "introducer-va.chia.net". I had never seen a connection type of anything other than wallet
, farmer
, or full_node
before. Puzzled, I watched the connection list for awhile, looking to see if this had any effect.
Within a minute or so, I had a new connection, a WALLET with a foreign IP address! This was alarming, as it said the ports on the connection were 3xxxx/8449, implying the connection was incoming (else we presume it would be 8449/8449). And there is no NAT mechanism in place to allow incoming connection on port 8449! This had all the feeling of a security compromise, possibly with some exfiltration of my normal wallet?
My first response was to remove the introducer
connection. That worked, but left the foreign wallet in place. Next, I shut down, deleted mainnet/db/peer_table_node.sqlite
, and restarted. All seemed well for an hour or so as I went off to read bedtime stories to my little one. Coming back to my desktop, I see that the foreign wallet is back again?! Currently, the foreign wallet sits at 73.87.101.66
.
Investigating further, I see no evidence of any communication on port 8449 at the firewall. There is no NAT mechanism in place on that port, confirmed by conntrack -L
on the border router showing no connections open on 8449; there is however a connection open on port 8444 to that IP address, which would indicate a normal remote node/peer.
I'm left wondering if the association between adding "introducer-va.chia.net" and this mysterious wallet is just a red herring, that the mystery wallet would have appeared anyway? Can an incoming wallet connect on the full_node port, 8444, and then morph itself into a wallet after the connection is established? Right there, that sounds like a pretty big security hole.
I have blocked the offending IP address at the firewall, and will keep tabs on any future occurrences. The wallet in the GUI indicates no transactions have occurred.
EDIT: I just noticed that this issue has been reported before, in one of the discussions, #4050
@moonlitbugs your issue looks like a separate issue to me. I created 1 transaction, and the same time I executed it, a second transaction to an unknown destination went out. It may be the result of what you have seen, but it may also be just a bug in 1.2.10 aggravated by the present dust storm. It does look like so to me.
Describe the bug
On a freshly updated 1.2.10 install (from 1.2.9): Both chiaexplorer and xchscan show outgoing transactions that do not show up in my wallet, and that I did NOT initiate. The transaction went to a destination unknown to me.
Explanation This is apparently to be expected, no funds are lost, and with the dust storm, the resync of the wallet took very long, not showing the funds "coming back"
Closing as this is not a bug, just something one must be aware of.