Moved IPFS node. Result: Netscan detected from my.public.ip

evert · July 20, 2020, 11:24am

Hi all,

I had an IPFS node running locally, without any problems. This morning I decided to move it to my hosting provider, Hetzner. Shortly after that I received an email from their abuse dept. about my server running network scans.

Now I’ve read that ipfs config server should fix update the node of my configuration to prevent this. However, when I try that, all I get is: Error: failed to get config value: " key has no attributes"

How do I make my node so that Hetzner approves of it? Would a manual update of my config do the trick? If so, what do I change?

hector · July 20, 2020, 11:40am

Where did you read ipfs config server ?

It is rather ipfs config profile apply server.

This happens with Hetzner all the time because they have no VLANs and all customers are on a single LAN and IPFS tries to discover other nodes in the same LAN by default.

evert · July 20, 2020, 12:11pm

Looks like I misread there. I thought it was ipfs config ‘profile’, with ‘server’ being a possible profile.

How can I double-check my config is Hetzner-proof now? Anything I can look for in the new config?

hector · July 20, 2020, 1:31pm

Some CIDRs should have beeen added to the Swarm/AddrFilters part and one of those should match Hetzner LAN.

evert · July 20, 2020, 1:59pm

AddrFilters was null
Now it contains:

  "/ip4/10.0.0.0/ipcidr/8",
  "/ip4/100.64.0.0/ipcidr/10",
  "/ip4/169.254.0.0/ipcidr/16",
  "/ip4/172.16.0.0/ipcidr/12",
  "/ip4/192.0.0.0/ipcidr/24",
  "/ip4/192.0.0.0/ipcidr/29",
  "/ip4/192.0.0.8/ipcidr/32",
  "/ip4/192.0.0.170/ipcidr/32",
  "/ip4/192.0.0.171/ipcidr/32",
  "/ip4/192.0.2.0/ipcidr/24",
  "/ip4/192.168.0.0/ipcidr/16",
  "/ip4/198.18.0.0/ipcidr/15",
  "/ip4/198.51.100.0/ipcidr/24",
  "/ip4/203.0.113.0/ipcidr/24",
  "/ip4/240.0.0.0/ipcidr/4",
  "/ip6/100::/ipcidr/64",
  "/ip6/2001:2::/ipcidr/48",
  "/ip6/2001:db8::/ipcidr/32",
  "/ip6/fc00::/ipcidr/7",
  "/ip6/fe80::/ipcidr/10"

Looks like that covers it, right?

(Hmm,

  "/ip4/192.0.0.0/ipcidr/24",
  "/ip4/192.0.0.0/ipcidr/29",

seems a bit redundant? The /24 covers the same (and more) as the /29, or am I mistaken here? )

pataquets · September 12, 2020, 12:14pm

For more information, you might want to check out issue https://github.com/ipfs/go-ipfs/issues/1226 and linked related issues.

Topic		Replies	Views
Kubo Doker Triggers Netscan Warning with Server Profile Help kubo	2	240	November 14, 2022
Need help configuring private swarm Help	5	193	May 9, 2024
Steps to migrate IPFS node to new server	3	436	June 24, 2021
Private network with 2 nodes, unable to broadcast new CID to the other node Help go-ipfs	3	632	August 16, 2021
Installing IPFS for the First Time: failed: listen tcp4 127.0.0.1:8080: bind: address already in use go-ipfs , ipfs-cluster	4	762	January 22, 2022

Moved IPFS node. Result: Netscan detected from my.public.ip

Related topics