<dennis_tra:matrix.org> Hey folks, I've had a pass through all the different links. Thanks again!

<dennis_tra:matrix.org> I've put together some notes in this HackMD document: hackmd.io/@dennis-tra/S1eM98PPZl

<dennis_tra:matrix.org> I have adjusted the crawler and gathered these numbers:[... more lines follow, see mrelay.p2pool.observer/e/gLDI4eQKS3ZmdDN5 ]

<boog900> @dennis_tra:matrix.org: the multiple pings is just a holdover from when I was investigating their behaviour, just one should be ok

<dennis_tra:matrix.org> @boog900: Great, thanks! That makes things easier and is what I’m currently doing. With that I identify many more nodes as “bad” than what’s currently shown on xmrnetscan. At the same time I identify fewer nodes with the RPC port open.

<boog900> @dennis_tra:matrix.org: here is the ban list: github.com/Boog900/monero-ban-list/blob/main/ban_list.txt have you found IPs not on that list?

<dennis_tra:matrix.org> mrelay.p2pool.observer/m/matrix.org/zKrnbUMYXEAsyuMoIpUSABEV.csv (banned.csv)

<dennis_tra:matrix.org> yes, plenty

<boog900> @dennis_tra:matrix.org: I haven't done the whole list but it says 92.113.214.139 is not banned when it is in the list as the subnet 92.113.214.0/24

<dennis_tra:matrix.org> oh let me check, maybe I made a mistake in the CIDR parsing

<dennis_tra:matrix.org> it's twice in my list (once banned, once not-banned). There's an issue in my aggregation, sorry. Let me check again

<dennis_tra:matrix.org> False alert 👍️ there's no additional IP. I really messed up the CIDR parsing.

<dennis_tra:matrix.org> Looking a bit through the data. All the addresses below are from a banned node and were shared when crawling the network. At this IP there seem to four nodes running on different ports?

<dennis_tra:matrix.org> mrelay.p2pool.observer/p/q4a45uQKTXp6Wktf/1.txt (code snippet, 13 lines)

<boog900> @dennis_tra:matrix.org: Yeah the spies allow connections on multiple ports