Full nodes are the backbone of transaction and block verification, but they can only do their job if they follow the consensus rules and manage the UTXO set along with P2P gossip. To build a reliable infrastructure, you need good disk performance, enough memory to handle the mempool, and sufficient bandwidth to stay in sync with the network. The way nodes are set up really boosts the network's reliability, keeping things simple.
The real security benefits of running a full node kick in when the host is secure and the network is isolated. That's why it's crucial for node operators to cut down on any services that might expose their network. To enhance network privacy and ensure the security of the node functions properly, using tools like 12P or Tor for P2P traffic is a smart move. This helps bolster security, boosts privacy, and lowers the risk of eclipse attacks and IP tracking.
In short, enhancing privacy and securing your host is key for solid security, as full nodes thrive on minimal outside interference.
WHY PRIVACY AND NETWORK SECURITY MATTER FOR FULL NODES
7 replies 353 views
paul.ninjaFull Member
Posts: 152 · Reputation: 539
#2Nov 24, 2018, 11:03 AM
Most privacy leaks and compromises is just simple stuff like accidentally exposing RPC, leaving default ports open, UPnP doing you "favors", or running the node on the same box you use to click random links.
Tor/I2P for P2P traffic is a good move if you care about hiding your home IP and reducing cheap network surveillance, but I'd pair that with basic host hygiene. Keep RPC bound to localhost only, don't run bitcoind as root, patch the OS, and lock down inbound with a firewall so the only thing listening is what you intentionally want listening.
People love talking about eclipse attacks, but the real eclipse is when your router configuration is doing stand-up comedy behind your back.
1. I don't see correlation between trusting (Bitcoin network) and disk performance/certain memory, when other node unable to know what disk and memory you use.
2. What does trusted bandwidth mean?
I wouldn't worry about eclipse attack. Even on 2021, Bitcoin Core already put countermeasure for 5 out of 6 known weakness[1]. As for IP tracking, it's worth to mention it's hard to know whether your node is first node to broadcast certain TX/block.
[1] https://web.archive.org/web/20211208221646/http://cs-people.bu.edu/heilman/eclipse/
They can view this information, if you left an unauthenticated public-facing RPC server running for your node. They can just view getblockchaininfo and getnetworkinfo command or something like that to estimate the amount of memory and disk space used by Core, and in some cases maybe they can run an RCE exploit on the JSON-RPC port to get the total resource usage of your entire system.
Those are good points. But last time i checked, Bitcoin Core doesn't enable RPC server by default. And even if you enable RPC server, it only listen to localhost by default. So it require poor configuration from the node operator/owner side.
Yeah, a user's trust in the Bitcoin network and disk performance /memory don't really have a direct correlation just like you have pointed out.
Howbeit, just like I said, FULL NODE. where it's the choice of a user to navigate or let me say run a full nodes that's non-pruned, it pushes need for independence and trustlessness and it makes it need great amount of disk performance and as well memory.
I am not saying there's a direct correlation just like that.
As for TRUSTED BANDWIDTH, it's an informal word usage because I don't think it's formal. It means basically a type of connection or let me put simply networking that exists in nodes in which there is speculation of non interference. Here, the data transmitted is seen to be authentic and not tampered with.
You can achieve this by wrapping all node communication around SSL, but this doesn't really work for the P2P port because it's unencrypted by default since nodes expect it that way, however the same effect can be achieved by running an onlynet=tor node, that listens on Tor only, since Tor provides its own encryption. Also works with i2p, cdjns (or whatever it's called), and other traffic layers.
At least for the encryption part, you could just use recent version of Bitcoin Core (26.0[1] or newer). It use BIP 324 (also called transport protocol v2), which encrypt connection without authentication.
[1] https://bitcoincore.org/en/releases/26.0/