We have one or more incoming topology peers (not in our
topology.json & always connecting with high random port numbers) that connect infrequently (in this case either 70 or 75 minutes between connections) flagged like this in our logs:
[relay-ny:cardano.node.ErrorPolicy:Warning:66] [2020-08-26 06:16:35.56 UTC] [String "ErrorPolicySuspendPeer (Just (ApplicationExceptionTrace (MuxError MuxBearerClosed \"<socket: 55> closed when reading data, waiting on next header True\"))) 20s 20s",String "ErrorPolicyTrace",String "<OFFENDING-IP>:46832"]
My instincts are: this is not a hacking or DoS attempt: otherwise it would be more frequent and/or less regular, and this is probably just some old or misconfigured node software listing our relay in its own topology.
We can blacklist IPs easily in our VPC but I first wanted to ask opinions from other SPOs about what’s best for both our relay & the network in this case:
- whether it’s sensible to blacklist these nodes by hand (if so, it may be worth filtering the logs for these nodes)
- what people have heard about the automatic topology generation handling protocol quality issues like this (i.e.: whether we will automatically drop topology links with non compliant peers)