Initial Evidence of Elevated Reconnaissance Attacks Against Nodes in P2P Overlay Networks

TL;DR

This paper presents initial evidence that nodes in P2P overlay networks, such as Ethereum, are increasingly targeted by reconnaissance attacks, highlighting security vulnerabilities and suggesting mitigation strategies.

Contribution

It provides empirical data on the prevalence and types of reconnaissance attacks against Ethereum P2P nodes using honeypots and port scans.

Findings

Ethereum nodes face increased targeted attacks

Specific ports and services are targeted

Threats extend to other P2P peers

Abstract

We hypothesize that peer-to-peer (P2P) overlay network nodes can be attractive to attackers due to their visibility, sustained uptime, and resource potential. Towards validating this hypothesis, we investigate the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points. We find that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services. Furthermore, we find evidence that the threat assessment on our nodes is applicable to the wider P2P network by having performed port scans on other reachable peers. Our findings provide insights into potential mitigation strategies to improve the security of the P2P networking layer.