diff options
| -rw-r--r-- | src/main.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/main.cpp b/src/main.cpp index d77eb2877e..9295c81ce8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3976,7 +3976,12 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, } - else if (strCommand == "getaddr") + // This asymmetric behavior for inbound and outbound connections was introduced + // to prevent a fingerprinting attack: an attacker can send specific fake addresses + // to users' AddrMan and later request them by sending getaddr messages. + // Making users (which are behind NAT and can only make outgoing connections) ignore + // getaddr message mitigates the attack. + else if ((strCommand == "getaddr") && (pfrom->fInbound)) { pfrom->vAddrToSend.clear(); vector<CAddress> vAddr = addrman.GetAddr(); |