bitcoin/doc/p2p-bad-ports.md
Vasil Dimov 97208634b9
net: open p2p connections to nodes that listen on non-default ports
By default, for mainnet, the p2p listening port is 8333. Bitcoin Core
has a strong preference for only connecting to nodes that listen on that
port.

Remove that preference because connections over clearnet that involve
port 8333 make it easy to detect, analyze, block or divert Bitcoin p2p
traffic before the connection is even established (at TCP SYN time).

For further justification see the OP of:
https://github.com/bitcoin/bitcoin/pull/23306
2022-02-11 15:21:49 +01:00

114 lines
3.2 KiB
Markdown

When Bitcoin Core automatically opens outgoing P2P connections it chooses
a peer (address and port) from its list of potential peers. This list is
populated with unchecked data, gossiped over the P2P network by other peers.
A malicious actor may gossip an address:port where no Bitcoin node is listening,
or one where a service is listening that is not related to the Bitcoin network.
As a result, this service may occasionally get connection attempts from Bitcoin
nodes.
"Bad" ports are ones used by services which are usually not open to the public
and usually require authentication. A connection attempt (by Bitcoin Core,
trying to connect because it thinks there is a Bitcoin node on that
address:port) to such service may be considered a malicious action by an
ultra-paranoid administrator. An example for such a port is 22 (ssh). On the
other hand, connection attempts to public services that usually do not require
authentication are unlikely to be considered a malicious action,
e.g. port 80 (http).
Below is a list of "bad" ports which Bitcoin Core avoids when choosing a peer to
connect to. If a node is listening on such a port, it will likely receive less
incoming connections.
1: tcpmux
7: echo
9: discard
11: systat
13: daytime
15: netstat
17: qotd
19: chargen
20: ftp data
21: ftp access
22: ssh
23: telnet
25: smtp
37: time
42: name
43: nicname
53: domain
69: tftp
77: priv-rjs
79: finger
87: ttylink
95: supdup
101: hostname
102: iso-tsap
103: gppitnp
104: acr-nema
109: pop2
110: pop3
111: sunrpc
113: auth
115: sftp
117: uucp-path
119: nntp
123: NTP
135: loc-srv /epmap
137: netbios
139: netbios
143: imap2
161: snmp
179: BGP
389: ldap
427: SLP (Also used by Apple Filing Protocol)
465: smtp+ssl
512: print / exec
513: login
514: shell
515: printer
526: tempo
530: courier
531: chat
532: netnews
540: uucp
548: AFP (Apple Filing Protocol)
554: rtsp
556: remotefs
563: nntp+ssl
587: smtp (rfc6409)
601: syslog-conn (rfc3195)
636: ldap+ssl
989: ftps-data
990: ftps
993: ldap+ssl
995: pop3+ssl
1719: h323gatestat
1720: h323hostcall
1723: pptp
2049: nfs
3659: apple-sasl / PasswordServer
4045: lockd
5060: sip
5061: sips
6000: X11
6566: sane-port
6665: Alternate IRC
6666: Alternate IRC
6667: Standard IRC
6668: Alternate IRC
6669: Alternate IRC
6697: IRC + TLS
10080: Amanda
For further information see:
[pull/23306](https://github.com/bitcoin/bitcoin/pull/23306#issuecomment-947516736)
[pull/23542](https://github.com/bitcoin/bitcoin/pull/23542)
[fetch.spec.whatwg.org](https://fetch.spec.whatwg.org/#port-blocking)
[chromium.googlesource.com](https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/net/base/port_util.cc)
[hg.mozilla.org](https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsIOService.cpp)