search

erigontech / erigon

Ethereum implementation on the efficiency frontier https://erigon.gitbook.io
GNU Lesser General Public License v3.0
3.12k stars 1.11k forks source link

The server was blocked by provider due to ip scan activity #7234

Closed andreykanevskoi closed 1 year ago

andreykanevskoi commented 1 year ago

After starting erigon In an e-mail message we've got something like this:

Unfortunately, we have had to lock the IP address(es) below due to network issues. The IP address(es) was/were used to perform scans on other servers. This has placed a strain on network resources and has negatively affected part of our network.

Can we limit the number of outcoming connections? I really appreciate any help you can provide.

AskAlexSharov commented 1 year ago

For some users helped next list of firewall rules https://github.com/ledgerwatch/erigon#default-ports-and-protocols--firewalls We don't know what exactly means by "port scanning activity" (erigon has many moving parts - we don't know which exactly causing problem).

andreykanevskoi commented 1 year ago

For some users helped next list of firewall rules https://github.com/ledgerwatch/erigon#default-ports-and-protocols--firewalls We don't know what exactly means by "port scanning activity" (erigon has many moving parts - we don't know which exactly causing problem).

Provider's pinned this (I've put XX instead of server's IP):

##########################################################################
#               Netscan detected from host   XX.XXX.XX.XXX               #
##########################################################################

time                protocol src_ip src_port          dest_ip dest_port
---------------------------------------------------------------------------
Sat Apr  1 08:16:58 2023 TCP   XX.XXX.XX.XXX 48340 =>      172.19.0.3 15000
Sat Apr  1 08:10:25 2023 TCP   XX.XXX.XX.XXX 40640 =>      172.18.0.3 8000 
Sat Apr  1 07:53:08 2023 TCP   XX.XXX.XX.XXX 58540 =>      172.21.0.2 10000
Sat Apr  1 08:09:15 2023 TCP   XX.XXX.XX.XXX 48284 =>      172.18.0.2 9007 
Sat Apr  1 08:02:32 2023 TCP   XX.XXX.XX.XXX 50436 =>      172.20.0.2 9007 
Sat Apr  1 08:02:40 2023 TCP   XX.XXX.XX.XXX 54712 =>      172.20.0.2 9007 
Sat Apr  1 08:05:13 2023 TCP   XX.XXX.XX.XXX 35212 =>      172.20.0.2 9007 
Sat Apr  1 08:05:27 2023 TCP   XX.XXX.XX.XXX 48840 =>      172.20.0.2 9007 
Sat Apr  1 08:06:08 2023 TCP   XX.XXX.XX.XXX 36278 =>      172.20.0.2 9007 
Sat Apr  1 08:09:23 2023 TCP   XX.XXX.XX.XXX 37720 =>      172.20.0.2 9007 
Sat Apr  1 08:14:42 2023 TCP   XX.XXX.XX.XXX 60502 =>      172.20.0.2 9007 
Sat Apr  1 08:02:02 2023 TCP   XX.XXX.XX.XXX 54218 =>      172.23.0.2 9007 
Sat Apr  1 07:54:59 2023 TCP   XX.XXX.XX.XXX 45470 =>      172.24.0.2 9007
andreykanevskoi commented 1 year ago

I have started downloading the Ethereum Mainnet blocks on the server using torrent (as indicated in your documentation). I think it's something like protecting hosting from using their servers in various network attacks.

andreykanevskoi commented 1 year ago

Finally, I've found the flag "--maxpeers" to decrease the max number of peers to 5 (default = 100). Should help...