Why is my Node actively scanning external IP's?
A number of Node Operators have reported that their internal security systems have detected the EBSI Node performing port scans on external IP's - which can be concerning.As EBSI is a de-centralized network we depend upon the performance and connectivity of all the nodes. For building a full mesh peer to peer network, all the nodes have to see each other in the network. Therefore to monitor the connectivity of the nodes we developed a tool running in one of the EBSI containers which do the following:
Check if the required ports of the other nodes are reachable from your node.
Measure the latency from node to all the other nodes in the network
Record these stats to a small database which is then sent to Prometheus to populate one of our Grafana dashboards.
This is to ensure the health of the network and to have a clear overview of potential network problems.
The container is called ebsi-p2p-latency and in the docker compose file (/opt/ebsi/ebsi-p2p-latency/docker-compose.yml) you can see the IP's which are checked.Each hour the port scan is performed, below are the fixed ports which we scan:TCP: 443, 48722, 48733, 48745, 48780, 48790, 7000, 7050, 7051, 7053, 7054, 7055, 7056, 80
UDP: 47842|48733