/python-bitcoinlib:0.12.2/ client getting addr-ratelimited (since 2026-04-10)

b10c · April 13, 2026, 1:33pm

Since 2026-04-10 at about 16:30 UTC I’ve seen multiple IPv4 addresses connect to my monitoring nodes gossiping addresses via addr (and not addrv2) at a higher rate. These addresses are frequently rate-limited.

IPs are:

130.60.24.200 (uzh.ch - University of Zurich)
3.102.33.26 (AWS New Zealand)
3.98.91.234 (AWS Canada)
51.20.80.202 (AWS Sweden)
…

My node erin is receiving about 40 addresses per minute now.

Looking at the addrman of erin, the seems to be only the normal background noise of additions and replacements in the new and tried table:

b10c · April 13, 2026, 1:34pm

My first impression is that this is a rather unsuccessful research project from someone at uzh.ch.

Could investigate a bit more by looking at the addresses they are sending.

b10c · April 13, 2026, 1:58pm

From getpeerinfo:

...
    "addr_relay_enabled": true,
    "addr_processed": 24650,
    "addr_rate_limited": 14316,
    "permissions": [
    ],
    "minfeefilter": 0.00000000,
    "bytessent_per_msg": {
      "addr": 294645,
      "alert": 192,
      "getheaders": 1053,
      "inv": 54973514,
      "ping": 66176,
      "pong": 238336,
      "verack": 24,
      "version": 126
    },
    "bytesrecv_per_msg": {
      "addr": 1272375,
      "inv": 122183,
      "ping": 238368,
      "pong": 66176,
      "verack": 24,
      "version": 136
    },
...

Could investigate a bit more by looking at the addresses they are sending.

At 2026-04-13T13:47:00Z I received a addr message with exactly 10 entries. All timestamps were recent (not older than 10min). The IPs seemed reasonable from locations where real nodes could be hosted / run from, the ports were mostly 8333, and the services seemed to be reasonable ones too.

I also noticed that they always send a ping with value zero and we do announce transactions to them, but they don’t seem to request any (spy-node behavior).

matthias · April 17, 2026, 9:14am

In our monitoring, we see that the number of unique addresses being propagated in the network has risen noticeably during the last days:

This effect is probably caused by the peers that are described above in this topic.

The observation indicates that the newly propagated addresses are unreachable and have not previously been announced in the network. Without having looked further into the set of distributed addresses I suppose that they might have been randomly generated.

b10c · April 27, 2026, 7:38pm

Bitnodes seems to be showing something similar for their “unreachable” node stats