Merge pull request #5442

dca799e Ignore getaddr messages on Outbound connections. (Ivan Pustogarov)
author: Wladimir J. van der Laan <laanwj@gmail.com> 2015-03-09 12:24:47 +0100
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2015-03-09 12:24:53 +0100
commit: c1b723c30a57811ad5801ab8a839186b654ae2bf (patch)
tree: 9cf000e1909f3b08ab90fc2f982e6f2996b8e58c
parent: f50120ab4d244f52efbe37996dbc086ee698ee6b (diff)
parent: dca799e1db6e319fdd47e0bfdb038eab0efabb85 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/main.cpp b/src/main.cpp
index fdbcfa52fa..a2043dd9cb 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -4021,7 +4021,12 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
     }
 
 
-    else if (strCommand == "getaddr")
+    // This asymmetric behavior for inbound and outbound connections was introduced
+    // to prevent a fingerprinting attack: an attacker can send specific fake addresses
+    // to users' AddrMan and later request them by sending getaddr messages. 
+    // Making users (which are behind NAT and can only make outgoing connections) ignore 
+    // getaddr message mitigates the attack.
+    else if ((strCommand == "getaddr") && (pfrom->fInbound))
     {
         pfrom->vAddrToSend.clear();
         vector<CAddress> vAddr = addrman.GetAddr();
author	Wladimir J. van der Laan <laanwj@gmail.com>	2015-03-09 12:24:47 +0100
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2015-03-09 12:24:53 +0100
commit	c1b723c30a57811ad5801ab8a839186b654ae2bf (patch)
tree	9cf000e1909f3b08ab90fc2f982e6f2996b8e58c
parent	f50120ab4d244f52efbe37996dbc086ee698ee6b (diff)
parent	dca799e1db6e319fdd47e0bfdb038eab0efabb85 (diff)