/python-bitcoinlib:0.12.2/ client getting addr-ratelimited (since 2026-04-10)

Observations
1

Since 2026-04-10 at about 16:30 UTC I’ve seen multiple IPv4 addresses connect to my monitoring nodes gossiping addresses via addr (and not addrv2) at a higher rate. These addresses are frequently rate-limited.

IPs are:

image
image1129×762 42.6 KB

My node erin is receiving about 40 addresses per minute now.

image
image843×458 51.6 KB

Looking at the addrman of erin, the seems to be only the normal background noise of additions and replacements in the new and tried table:

image
image1050×620 119 KB

2

My first impression is that this is a rather unsuccessful research project from someone at uzh.ch.

Could investigate a bit more by looking at the addresses they are sending.

3

From getpeerinfo:

...
    "addr_relay_enabled": true,
    "addr_processed": 24650,
    "addr_rate_limited": 14316,
    "permissions": [
    ],
    "minfeefilter": 0.00000000,
    "bytessent_per_msg": {
      "addr": 294645,
      "alert": 192,
      "getheaders": 1053,
      "inv": 54973514,
      "ping": 66176,
      "pong": 238336,
      "verack": 24,
      "version": 126
    },
    "bytesrecv_per_msg": {
      "addr": 1272375,
      "inv": 122183,
      "ping": 238368,
      "pong": 66176,
      "verack": 24,
      "version": 136
    },
...

Could investigate a bit more by looking at the addresses they are sending.

At 2026-04-13T13:47:00Z I received a addr message with exactly 10 entries. All timestamps were recent (not older than 10min). The IPs seemed reasonable from locations where real nodes could be hosted / run from, the ports were mostly 8333, and the services seemed to be reasonable ones too.

I also noticed that they always send a ping with value zero and we do announce transactions to them, but they don’t seem to request any (spy-node behavior).