0

I am trying to send transactions via web3.py interface that is connected to a local geth node. Having read some comments on why using RPC is bad, I am still wondering if using -rpc option is unsafe when port 8545 is closed. According to this article (https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter/) the vulnerability is just on exposed ports, but since I am basically communicating with a node on local network this shouldn't be a problem right?

TylerH
  • 20,799
  • 66
  • 75
  • 101
WhiteHat
  • 110
  • 5

1 Answers1

1

The article covers an attack vector, where the attackers look for machines with opened port 8545 and try to run JSON-RPC commands (on these machines) that would benefit them. This attack only works if:

  1. The machine has the port 8545 opened to public
  2. The port is used by an Ethereum node (and not some arbitrary app)
  3. The node has enabled JSON-RPC
  4. The node hasn't enabled the user/password credentials for JSON-RPC

So as long as your node is only accessible on a local network, you are pretty much safe from this attack vector (assuming there's no port forwarding etc. that would actually allow accessing your node from a public network and that there's no attacker on your local network).

Petr Hejda
  • 40,554
  • 8
  • 72
  • 100