Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Initial Evidence of Elevated Reconnaissance Attacks Against Nodes in P2P Overlay Networks

Scott Seidenberger, Anindya Maiti

TL;DR

This work investigates the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points, finding that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services.

Abstract

We hypothesize that peer-to-peer (P2P) overlay network nodes can be attractive to attackers due to their visibility, sustained uptime, and resource potential. Towards validating this hypothesis, we investigate the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points. We find that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services. Furthermore, we find evidence that the threat assessment on our nodes is applicable to the wider P2P network by having performed port scans on other reachable peers. Our findings provide insights into potential mitigation strategies to improve the security of the P2P networking layer.

Initial Evidence of Elevated Reconnaissance Attacks Against Nodes in P2P Overlay Networks

TL;DR

This work investigates the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points, finding that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services.

Abstract

We hypothesize that peer-to-peer (P2P) overlay network nodes can be attractive to attackers due to their visibility, sustained uptime, and resource potential. Towards validating this hypothesis, we investigate the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points. We find that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services. Furthermore, we find evidence that the threat assessment on our nodes is applicable to the wider P2P network by having performed port scans on other reachable peers. Our findings provide insights into potential mitigation strategies to improve the security of the P2P networking layer.

Paper Structure

This paper contains 17 sections, 8 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Related Works
  3. Experimental Setup
  4. Global Vantage Points
  5. Ethereum Node Deployment
  6. Honeypot Deployment
  7. Findings
  8. Ethereum Nodes are Targeted
  9. Specific Port and Process Targeting
  10. Distribution of Attack Sources
  11. Scanning Data
  12. Discussion
  13. Limitations and Future Work
  14. Conclusion
  15. Ethics
  16. ...and 2 more sections

Figures (8)

  • Figure 1: Top 10% of peers by data volume with underlying heatmap of all scanned Ethereum nodes.
  • Figure 2: Peer tenure distribution, measured as non-consecutive connection days for peers grouped by unique IPs across regions. The distribution highlights stable, recurrent connections, suggesting P2P nodes provide a platform for long-term adversarial access.
  • Figure 3: Boxplot highlighting increased reconnaissance against RPC and discovery ports of experimental group.
  • Figure 4: Significant categories of HTTP URI requests with request examples.
  • Figure 5: Dual-density plot overlaying adjusted attack densities (red) and Ethereum node densities (blue) in IPv4 space. Areas of overlap appear purple, with an 80% density overlap contour line, indicates IP space where attacks originate and nodes co-occur.
  • ...and 3 more figures