-
ZZZZ
The last few days, I keep seeing messages in monerod that my node is 4 years behind. It seems my node is connecting to quite a few nodes that are around block height 4155000. Has anyone else seen this?
-
m-relay
<rbrunner7:monero.social> Yes. Nobody knows who or what is behind this, but it's harmless for Monero daemons. Chance has it that I just today I had a look into this and saw that the daemon disconnects almost immediately after such a node claims that it is 4 years ahead because it submits a different genesis block.
-
ZZZZ
Good to know. Does the daemon ban IP's that do that?
-
m-relay
<rbrunner7:monero.social> Not sure, but I would suspect: There is nothing to recover from, because it's known that it's not a correct chain.
-
ZZZZ
Got it. Thanks rbrunner7 :)
-
m-relay
<rbrunner7:monero.social> The whole thing is a bit puzzling: If a Monero code fork forgets to change the so-called *network id* and starts with a fresh chain, which would trigger this behavior, the chain would be short. If somebody forks code *and* chain, why should they be ahead of us already so many blocks? Maybe somebody really, really does not know what they are doing ...
-
ZZZZ
So in that case it's just an attempt at an attack, but it seems not worth it at all from what I can tell. The IP's I looked at appeared unrelated and possibly widely distributed (I didn't look too close)
-
ZZZZ
I'd be happy to make a list of the IP's and keep a closer eye on it going forward if anyone would find that data useful.
-
m-relay
<rbrunner7:monero.social> Well, an attacker that is worth anything wouldn't do something that makes our daemons disconnect immediately, in a reliable way, no?
-
m-relay
<rbrunner7:monero.social> If the attack is "confuse those people" maybe :)
-
ZZZZ
lol
-
m-relay
<rbrunner7:monero.social> Watching this can't do any harm, and with such things you are never really sure. Might be interesting to collect some data, yes.
-
ZZZZ
Cool I'll keep an eye on my node and see what else I might be able to find out
-
ZZZZ
Since 2/22 my node has connected to 130 other distinct nodes that report being ahead. On 2/22 they were 3.2 years ahead, and now they're 4.x years ahead. Many of the addresses seem to be related to each other. 30 of the clients I connected to since 2/22 are in the 49.12.22x.xxx range.
-
m-relay
<rbrunner7:monero.social> Our software looks at how many blocks the daemon is ahead and multiplies that with our average blocktime of 2 minutes to arrive at something like 4 years. If they raced through nearly 1 "year" of blocks in 10 days or so, they would have an average time between blocks of 4 seconds or so, if I calculated correctly.
-
ZZZZ
Strange that there would be so many and so widely dispersed, and to have continued this long. I have to wonder if maybe they're getting some valuable data back in responses maybe, or maybe all the responses in aggregate. I imagine they're able to reach just about the whole network with 130 seperate nodes. I could be way off but I'm imagining block propagation research. Maybe it's simpler than that.
-
ZZZZ
130 and counting actually
-
m-relay
<endor00:matrix.org> Hmmm, that ip range you mentioned seems different from the LinkingLion stuff I've seen in my network scans
-
m-relay
<endor00:matrix.org> Any chance you could put on a pastebin somewhere a list of the ip addresses in question? I'd like to see how they're connected to the rest of the network