<s​tnby:kernal.eu> I am pretty sure servers in the same array are very likely to be the same underlying node

<s​tnby:kernal.eu> gist.github.com/stnby/648269512433774458df9d2d37d197e6

<o​frnxmr:monero.social> Rucknium and tux are prob false positives

<r​ottenwheel:kernal.eu> Written in go. Such a shocker.

<r​ottenwheel:kernal.eu> xcancel.com/rottenwheel1/status/1832604183674962246

<r​ottenwheel:kernal.eu> 😂

<s​tnby:kernal.eu> gist.github.com/stnby/648269512433774458df9d2d37d197e6

<s​tnby:kernal.eu> Updated with a bit more info. Now I go over every IP in the record.

<s​tnby:kernal.eu> Script I used:

<s​tnby:kernal.eu> gist.github.com/stnby/253dea429c82eb37843d6ae8f0b5bcee

<s​tnby:kernal.eu> Any suggestions what other endpoints in monerod I could use for more accuracy?

<s​tnby:kernal.eu> Final update

<s​tnby:kernal.eu> I used combination of /get_info, /get_limit and /get_alt_blocks_hashes to identify nodes.

<s​tnby:kernal.eu> gist.github.com/stnby/648269512433774458df9d2d37d197e6

<s​tnby:kernal.eu> Only possible reverse proxy offenders :D

<s​tnby:kernal.eu> Host group 47

<s​tnby:kernal.eu> 37.27.89.118 static.118.89.27.37.clients.your-server.de. 37.27.89.118:18089

<s​tnby:kernal.eu> 95.217.178.183 static.183.178.217.95.clients.your-server.de. 95.217.178.183:18089

<s​tnby:kernal.eu> Host group 54

<s​tnby:kernal.eu> 23.137.57.100 nil node.sethforprivacy.com:18089

<s​tnby:kernal.eu> 23.137.57.100 nil node.sethforprivacy.com:18089

<s​tnby:kernal.eu> 68.118.241.70 syn-068-118-241-070.res.spectrum.com. 68.118.241.70:18089

<s​tnby:kernal.eu> Host group 60

<s​tnby:kernal.eu> 185.218.124.120 vmi2088507.contaboserver.net. 185.218.124.120:18989

<s​tnby:kernal.eu> 23.154.81.12 mail.yuuta.moe. xmr.winslow.cloud:18081

<3​21bob321:monero.social> send drone?

<s​iren:kernal.eu> 185.218.124.120 is weird for proxying multiple nodes on different ports

<h​anshan:monero.social> this is the general vibe but I don't think there's any good reason for it.

<h​anshan:monero.social> I've used IVPN for years. except for slight differences they offer the same thing no?

<s​iren:kernal.eu> ```

<s​iren:kernal.eu> 10240/tcp open unknown

<s​iren:kernal.eu> 18080/tcp open unknown

<s​iren:kernal.eu> 18089/tcp open unknown

<s​iren:kernal.eu> 18180/tcp open unknown

<s​iren:kernal.eu> 18189/tcp open unknown

<s​iren:kernal.eu> 18280/tcp open unknown

<s​iren:kernal.eu> 18289/tcp open unknown

<s​iren:kernal.eu> 18380/tcp open unknown

<s​iren:kernal.eu> 18389/tcp open unknown

<s​iren:kernal.eu> 18480/tcp open unknown

<s​iren:kernal.eu> It's owned by this person who is proxying some others (if Stnby's method is accurate) alongside his own nodes. captaincanaryllc.com

<r​ottenwheel:kernal.eu> "Legal Inquiries" hmm.

all of my nodes are being MITM'd... they grow up so fast, brings a tear to my eye

<3​21bob321:monero.social> Stnby pentesting

<s​yntheticbird:monero.social> yes, i've also used ivpn for years without any issues except speed, tho no one beat ProtonVPN on that. I trust them as well

<s​yntheticbird:monero.social> ^

<a​tori_0xbdc3ab4e:matrix.org> Do we have an idea why chainalysis was able to rule out so many decoy inputs in their video?

Info from.external.source e.g. a cex handed over a data dump of of their monero deposits/withdraws so they know those decoys are spent and cant be used

Off-by-one bug existed then... Maybe coinbase outputs. There is a report showing some.other ways which would habe worked around that time

moneroresearch.info/index.php?actio…n=resource_RESOURCEVIEW_CORE&id=233 theres a nice graph

<e​ndor00:matrix.org> Havr you tried doing a p2p scan of nodes as well? Last year I saw multiple /24 ip ranges that were pretty clearly proxies of the same underlying node, but I did not dig too deep into the network graph to see how they would work their way into everyone's peerlists.

<e​ndor00:matrix.org> Maybe I should publish the updated version of my p2p scanner github.com/endorxmr/monero-node-p2p-scanner

<e​ndor00:matrix.org> Good indicators were the pruning "group" (i.e. they would all belong to the same pruning group) and the fact that each ip would have several ports open, and they would show up en masse on some peerlists

<k​ewbit:matrix.org> I’ve thought about this for years, ISPs generally block this kind of IPv4 scanning behaviour and do not follow internet etiquette. Granted you could ban certain ASNs to recuse the amount then segregate the scanning across all 7000 running nodes but it just puts you at risk of getting your IP null routed for abuse. Some datacenters will allow it for special conditions if requested formally.

<k​ewbit:matrix.org> I’ve thought about this for years, ISPs generally block this kind of IPv4 scanning behaviour and do not follow internet etiquette. Granted you could ban certain ASNs to reduce the amount then segregate the scanning across all 7000 running nodes but it just puts you at risk of getting your IP null routed for abuse. Some datacenters will allow it for special conditions if requested formally.

<b​asses:matrix.org> b10c.me/blog/013-one-year-update-on-linkinglion

<e​ndor00:matrix.org> The network is only ~ 45k nodes on far fewer ip addresses, of which only half or so are "genuine". It's not like I'm pinging a million hosts per minute (and also the script's performance is not that great 👀)

<e​ndor00:matrix.org> A full network scan took me 15-30 mins iirc

<e​ndor00:matrix.org> (With the connection capped to 100 Mbps, and it was still kinda bursty, non sustained the whole time)

<k​ewbit:matrix.org> Which ISP?

<k​ewbit:matrix.org> Data centre or residential ASN?

<k​ewbit:matrix.org> They might get themselves a new customer today 😂

<g​ingeropolous:monero.social> aw, moneroblocks.info is ded

<g​ingeropolous:monero.social> and monerobase

<g​ingeropolous:monero.social> and moneroaddress.org redirects.....

<g​ingeropolous:monero.social> and it went to xmraddress.org ....

<g​ingeropolous:monero.social> well, that exists now.

<g​ingeropolous:monero.social> i know some of this is old news....

<s​tnby:kernal.eu> I only scanned public nodes from monero.fail and xmr.ditatompel.com.

<s​tnby:kernal.eu> By trial and error. I found that /get_alt_blocks_hashes endpoint is 100% reliable. But I still kept /get_info + /get_limit + /get_alt_blocks_hashes to be damn well sure it's correct.

<s​tnby:kernal.eu> Code is here gist.github.com/stnby/253dea429c82eb37843d6ae8f0b5bcee

<s​yntheticbird:monero.social> eeewwwww Go

<s​tnby:kernal.eu> Please go rewrite it in python or cpp, megamind.

<s​yntheticbird:monero.social> why are you purposefully avoiding to quote Rust. This is the ultimate language and religion. Come Stnby, join us in spreading Ferris glory upon this heretic world.

<s​tnby:kernal.eu> I avoided mentioning Rust as its not even worth mentioning. Let it exit alpha state first.

<s​yntheticbird:monero.social> Ooooh poor soul, may the crab aura save you from heresy and let you reveall your true potential. As a member of Rust church I pardon you of your sin.

<a​mmortel:monero.social> Please can someone message me the cypherpunk's manifesto image with monero background?

<a​mmortel:monero.social> Oh I found it on 4chan. I'm good

<b​asses:matrix.org> looks like nothing burger

<b​asses:matrix.org> Monero mentioned once with how it works for a couple of secs in the whole course

<b​asses:matrix.org> they only showcased Zcash and Dash in thei reactor

<b​asses:matrix.org> their*

<b​asses:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/yyeCwZjBNNLLJbgWgWBlrEjW

<b​asses:matrix.org> "Most Zcash users don't use the privacy functionality"

<b​asses:matrix.org> opt-in privacy lol

<m​e:abdulocra.cy> Zcash is a joke, trusted setup and optional privacy

Its not trusted setup anymore, right?

<s​trawberry:monero.social> new addresses aren't

<r​eal_glitch:matrix.org> it was way obvious where they are going with that weird woke interview and zooko blocking everyone

<r​eal_glitch:matrix.org> and strangely, some of these anti privacy groups are promoting Zcash while ignoring monero when it comes to privacy topics

<s​trawberry:monero.social> what anti privacy groups?

<s​yntheticbird:monero.social> is Zcash PoS or PoW ?

<s​yntheticbird:monero.social> I remember they expressed some want to migrate to PoS

<s​trawberry:monero.social> going PoS, I think still PoW

<s​iren:kernal.eu> Does anyone know who this person is or how to contact them? reddit.com/user/rupeee

<s​iren:kernal.eu> He was (is?) operating the *.xmrnode.com nodes.

<s​iren:kernal.eu> rupee: is this you?

<r​upee:monero.social> Yes

<s​iren:kernal.eu> What is happening with your nodes? libreddit.privacydev.net/r/Monero/c…ents/1f9h7rw/xmrnodecom_is_very_sus

<s​iren:kernal.eu> The reddit post was deleted? Why?

<s​iren:kernal.eu> matrix.monero.social/_matrix/media/…/kernal.eu/LlxJAQQedodrbscnXiywHyUc

<s​iren:kernal.eu> Why was your node dallas.xmrnode.com serving this strange "fn.likauction.com" certificate?

<r​upee:monero.social> Hmm. I will take a look. I don’t think I’m running nodes anymore but there are bunch of old dns records

<s​iren:kernal.eu> 1000008498.png

<r​upee:monero.social> It points to the IP address of a VPS I used to rent but no longer rent

<s​iren:kernal.eu> The servers who have this strange self signed certificate all have monero RPC ports open

<s​iren:kernal.eu> You're either a fed or feds went to your VPS provider and asked to be assigned your old IPs and abused your dangling DNS records.

<s​iren:kernal.eu> Chainanalysis took advantage of your leftover records and hosted malicious nodes in there.

<r​upee:monero.social> 😬

<s​iren:kernal.eu> For how long your nodes have been non operational? When was the last time you remember them working?

<s​iren:kernal.eu> And have you ever submitted them to monero.fail before?

<s​yntheticbird:monero.social> 🍿

<r​upee:monero.social> Yeah, I think I did submit them there, but most of those VPSes I stopped paying for years ago. Probably 2018 I would guess

<s​iren:kernal.eu> Please don't leave unused DNS records

<r​upee:monero.social> Good advice. :(

<s​iren:kernal.eu> plowsof monerobull: I dunno who the reddit mods are but why was this deleted? It was important information for the community

<m​onerobull:matrix.org> lol

<m​onerobull:matrix.org> it was reported as pornography so many times it got auto-deleted

<m​onerobull:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/LanopwizwgqjzZHSrQLEjWOA

<r​upee:monero.social> wtf

<s​iren:kernal.eu> What the fuck, that's chainanalysis censoring it quite literally

<m​onerobull:matrix.org> i swear to god if these reports come from chainalysis employees lmao

<s​iren:kernal.eu> Meaning it was correct, those were actual malicious nodes

<m​onerobull:matrix.org> re-approved it

<s​iren:kernal.eu> rupee: the reddit link is back up if you're curious what happened libreddit.privacydev.net/r/Monero/c…ents/1f9h7rw/xmrnodecom_is_very_sus

<r​upee:monero.social> Thanks very much for the heads up. Can’t believe that happened or that I never deleted those DNS records.

<m​onerobull:matrix.org> so did chainalysis actually do dns hijacking?

<s​iren:kernal.eu> The records were already there, Chainanalysis got assigned the IPs (by going for the same hosting provider and most likely kindly asking for it) and abused it yes.

<s​iren:kernal.eu> It's been chainanalysis operated since at least 2020

<m​onerobull:matrix.org> yeah that is pretty much the dns poisoning attack

<s​iren:kernal.eu> And node.moneroworld.com was pointing to few

<r​upee:monero.social> I was running 40-50 nodes for a few years in moneros early days and eventually stopped maintaining most of them in 2018-2019. Very unfortunate I didn’t update dns.

<b​asses:matrix.org> archive anything u find it informing

<s​iren:kernal.eu> Yeah did web.archive.org/web/20240908153815/…ents/1f9h7rw/xmrnodecom_is_very_sus

<s​iren:kernal.eu> Also dl'ed

<s​iren:kernal.eu> And will make a blog post somewhere else anyway

<s​tnby:kernal.eu> May I ask why you needed so many?

<r​upee:monero.social> There were only a couple hundred nodes worldwide when I started hosting nodes. I was trying help the network. I had servers in places where there weren’t many other nodes like Venezuela and Bosnia

<r​upee:monero.social> what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld?

<s​tnby:kernal.eu> There is only barely over a 100 nodes nowadays as well. Having 50% of nodes sounds more like trying to harm the network to me

<s​iren:kernal.eu> Did you operate nodes under different domain names other than xmrnode.com?

<r​upee:monero.social> when the gui got released i registered guinode.com and and hosted nodes there. that domain is now available

<s​tnby:kernal.eu> Nothing. It's just that you're nodes were hardcoded in wallet apps for years.

<r​upee:monero.social> seriously?! I haven't checked in years, but that seems very unlikely

<s​tnby:kernal.eu> > <@rupee:monero.social> what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld?

<s​tnby:kernal.eu> Nothing. It's just that your nodes were hardcoded in wallet apps for years.

<s​iren:kernal.eu> Nothing. I'm not sure if you have seen the now removed and heavily censored Chainanalysis training video but in that video they showed RPC logs from moneroworld.com. Moneroworld.com itself is not a real node itself but it points to different nodes via A records. Few of your nodes were included in the round-robin. People then noticed the unusual behavior on your nodes and here we are.

<s​tnby:kernal.eu> You asked moneroworld to point to your nodes

<s​iren:kernal.eu> > <@rupee:monero.social> what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld?

<s​iren:kernal.eu> Nothing. I'm not sure if you have seen the now removed and heavily censored Chainanalysis training video but in that video they showed RPC logs from node.moneroworld.com. node.moneroworld.com itself is not a real node itself but it points to different nodes via A records. Few of your nodes were included in the round-robin. People then noticed the unusual behavior on your nodes and here we are.

<s​iren:kernal.eu> matrix.monero.social/_matrix/media/…/kernal.eu/ElLFppkjHbgplQEEuuxenVbm

<s​tnby:kernal.eu> Open from cakewallet to monerujo. They are listed there.

<r​upee:monero.social> damn

<r​upee:monero.social> I meant when i started hosting nodes there were only a couple hundred nodes in the monero network. I forgot where to see maps of all the nodes, but there has to be thousands now, right?

<r​upee:monero.social> lol. yeah, over 12,000

<r​upee:monero.social> so 40-50 is not half the network

<r​upee:monero.social> anyway, i'm only running a couple now and deleted those dns records. very regrettable

<s​tnby:kernal.eu> These are all running public nodes I could find

<s​tnby:kernal.eu> gist.github.com/stnby/648269512433774458df9d2d37d197e6

<s​tnby:kernal.eu> 110

<r​upee:monero.social> this says 12,951.

<r​upee:monero.social> monero.fail/map

<r​upee:monero.social> you must be counting different things

<s​tnby:kernal.eu> We are talking about public nodes. Not peers. Public nodes is what you plug into your android wallet

<s​tnby:kernal.eu> matrix.monero.social/_matrix/media/…/kernal.eu/VHPJLPgUYRjqXJLhoZAGzLqn

<r​upee:monero.social> peers are used to download the blockchain. my intention at the time was to make it faster to download the blockchain

<s​yntheticbird:monero.social> why is there like 4 plowsof prefixed onion nodes in monero.fail

<s​tnby:kernal.eu> Idk I didn't check onion and i2p nodes. But those are most likely same clearnet nodes but under torrd.

<s​tnby:kernal.eu> Maybe I'll make my own index with deduplicated list. 🤷‍♂️

syntheticbird one of the tor nodes has a https:// , so 3

<n​ononynous:monero.social> All wallets should have the fingerprint certificate feature

rupee :)

<r​upee:monero.social> o/

<n​ononynous:monero.social> Thats the same for public node providers because it's cool to have that feature but if no admin shares his fingerprint or using a certificate lol

<n​ononynous:monero.social> Even a script kiddie could listen public connections to hijack nodes

<n​ononynous:monero.social> Or an ISP 🙃

<b​asses:matrix.org> privacyguides.org/articles/2024/09/08/proton-wallet-review

<b​asses:matrix.org> >This is a huge problem for Proton Wallet, because Bitcoin is the only cryptocurrency it supports. Furthermore, Proton Wallet doesn't support the few privacy-enhancing additions to Bitcoin that do exist, like CoinJoin or even the Lightning Network. While these technologies still don't bring Bitcoin close to the levels of privacy attainable with some alternatives like Monero, to se<clipped message>

<b​asses:matrix.org> e them lacking in a product from a privacy-centric company like Proton is extremely disappointing.

<b​asses:matrix.org> >Had Proton Wallet added support for Monero or a similarly private cryptocurrency, they could have single-handedly boosted a financial system that is actually private by default by a significant degree. In my eyes, failing to do so in favor of the market leader is an unfortunate step back from their "privacy by default" mantra.

I also heard their explanation for it, seems more like an excuse.

<k​orgprivacy:matrix.org> Using Statistics to Improve Monero with Rucknium (MT 323)

<k​orgprivacy:matrix.org> TODAY'S 🎙SHOW: Douglas Tuman interviews Rucknium, an empirical microeconomist and Monero Research Lab member specializing in probability and statistical analysis who has made some very impressive contributions to Monero. Including discovering a way to speed up monero transaction confirmations by 60 seconds!

<k​orgprivacy:matrix.org> In this first ever interview, Rucknium maintains his anonymity by typing his responses and having a monero friend sit in to read his answers. Tremendous thank you to Patchy319 for doing so!

<k​orgprivacy:matrix.org> The conversation centers around Monero’s privacy technology, scalability, and Rucknium’s contributions to the project. They highlight the challenges of Monero’s scalability, including node performance and transaction volume, as well as ongoing efforts to address these issues through StressNet, Network-level privacy solutions like Dandelion++ and potential improvements throug<clipped message>

<k​orgprivacy:matrix.org> h the Clover protocol are also explored. We also get to hear a preview of Rucknium’s upcoming presentation at Monerotopia24 Confer!

<k​orgprivacy:matrix.org> Watch Here (YouTube)➡️ youtube.com/live/fXoiYmrXYJc

<k​orgprivacy:matrix.org> Watch Here (Odysee) ➡️ odysee.com/@MoneroTalk:8/using-statistics-to-improve-monero-with:d

<k​orgprivacy:matrix.org> Listen Here 🎧:monerotalk.live/monerotalk-323

<k​orgprivacy:matrix.org> Coffee & Monero, Go to Gratuitas.org today!

<k​orgprivacy:matrix.org> {Buy your MoneroTopia 24 Mexico City Confer tickets TODAY at MoneroTopia.com! }

<k​orgprivacy:matrix.org> FOLLOW US monero.town/u/monerotalk & mastodon.social/@monerotalk

<k​orgprivacy:matrix.org> Using Statistics to Improve Monero with Rucknium (MT 323)

<k​orgprivacy:matrix.org> TODAY'S 🎙SHOW: Douglas Tuman interviews Rucknium, an empirical microeconomist and Monero Research Lab member specializing in probability and statistical analysis who has made some very impressive contributions to Monero. Including discovering a way to speed up monero transaction confirmations by 60 seconds!

<k​orgprivacy:matrix.org> In this first ever interview, Rucknium maintains his anonymity by typing his responses and having a monero friend sit in to read his answers. Tremendous thank you to Patchy319 for doing so!

<k​orgprivacy:matrix.org> The conversation centers around Monero’s privacy technology, scalability, and Rucknium’s contributions to the project. They highlight the challenges of Monero’s scalability, including node performance and transaction volume, as well as ongoing efforts to address these issues through StressNet, Network-level privacy solutions like Dandelion++ and potential improvements throug<clipped message>

<k​orgprivacy:matrix.org> h the Clover protocol are also explored. We also get to hear a preview of Rucknium’s upcoming presentation at Monerotopia24 Confer!

<k​orgprivacy:matrix.org> Watch Here (YouTube)➡️ youtube.com/live/fXoiYmrXYJc

<k​orgprivacy:matrix.org> Watch Here (Odysee) ➡️ odysee.com/@MoneroTalk:8/using-statistics-to-improve-monero-with:d

<k​orgprivacy:matrix.org> Listen Here 🎧:monerotalk.live/monerotalk-323

<k​orgprivacy:matrix.org> Coffee & Monero, Go to Gratuitas.org today!

<k​orgprivacy:matrix.org> {Buy your MoneroTopia 24 Mexico City Confer tickets TODAY at MoneroTopia.com! }

<k​orgprivacy:matrix.org> FOLLOW US monero.town/u/monerotalk & mastodon.social/@monerotalk

<r​ucknium:monero.social> korgprivacy: I'm in this one, which is great, but in the future with the Matrix posts, you can shorten the messages to include only the essentials. I think people in this room would prefer that.

<3​21bob321:monero.social> Wow thats research paper length

its just noise at this point, a reminder and link to more details is acceptable

<3​21bob321:monero.social> Do we charge for this ad space?

<3​21bob321:monero.social> You notice monerotalk only advert here never converse

<s​trawberry:monero.social> +1, nobody reads the full message

<s​trawberry:monero.social> Also, why post video link after the stream is ended? Why not when it starts so people don't miss it?

echo

<s​iren:kernal.eu> k4r4b3y o/

hey hello

<n​ononynous:monero.social> A mass campaign should be done to push public node runners publishing their certificate fingerprints on their website or whatever way they used to advertise their node

<v​iktor_ivpn:matrix.org> I'd venture to guess mullvad is considered more trustworthy by some as they are used by more people, as they are a lot bigger than us (IVPN)

<v​iktor_ivpn:matrix.org> they've done a great job over the years in building that reputation, their ethics/expertise/execution is top notch.

<v​iktor_ivpn:matrix.org> since we are in this channel I have to point out that we've been sponsoring Monero conferences for 3 years and I've personally attended a lot of them, never seen anyone from Mullvad:) they were pretty late with accepting XMR.

<v​iktor_ivpn:matrix.org> I don't like to point out anything negative about them, since I'd be using them as my provider if I was not working on running IVPN. there are hundreds of other providers who deserve that energy.

<v​iktor_ivpn:matrix.org> and yeah I hang around here, mostly lurk and chime in with VPN related stuff if you have any suggestions/concerns etc. just hit me up

<d​ave.jp:matrix.org> youtube.com/watch?v=KaTSgv1EC6Q