diff options
| -rw-r--r-- | src/main.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/main.cpp b/src/main.cpp index fdbcfa52fa..a2043dd9cb 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -4021,7 +4021,12 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, } - else if (strCommand == "getaddr") + // This asymmetric behavior for inbound and outbound connections was introduced + // to prevent a fingerprinting attack: an attacker can send specific fake addresses + // to users' AddrMan and later request them by sending getaddr messages. + // Making users (which are behind NAT and can only make outgoing connections) ignore + // getaddr message mitigates the attack. + else if ((strCommand == "getaddr") && (pfrom->fInbound)) { pfrom->vAddrToSend.clear(); vector<CAddress> vAddr = addrman.GetAddr(); |