00:41:48 I am pretty sure servers in the same array are very likely to be the same underlying node 00:41:50 https://gist.github.com/stnby/648269512433774458df9d2d37d197e6 01:02:12 Rucknium and tux are prob false positives 01:14:52 Written in go. Such a shocker. 02:20:41 https://xcancel.com/rottenwheel1/status/1832604183674962246 02:20:42 😂 02:24:31 https://gist.github.com/stnby/648269512433774458df9d2d37d197e6 02:24:32 Updated with a bit more info. Now I go over every IP in the record. 02:24:34 Script I used: 02:24:36 https://gist.github.com/stnby/253dea429c82eb37843d6ae8f0b5bcee 02:25:05 Any suggestions what other endpoints in monerod I could use for more accuracy? 03:19:10 Final update 03:19:10 I used combination of /get_info, /get_limit and /get_alt_blocks_hashes to identify nodes. 03:19:12 https://gist.github.com/stnby/648269512433774458df9d2d37d197e6 03:23:52 Only possible reverse proxy offenders :D 03:23:52 Host group 47 03:23:54 37.27.89.118 static.118.89.27.37.clients.your-server.de. http://37.27.89.118:18089 03:23:56 95.217.178.183 static.183.178.217.95.clients.your-server.de. http://95.217.178.183:18089 03:23:58 Host group 54 03:24:00 23.137.57.100 nil http://node.sethforprivacy.com:18089 03:24:02 23.137.57.100 nil https://node.sethforprivacy.com:18089 03:24:04 68.118.241.70 syn-068-118-241-070.res.spectrum.com. http://68.118.241.70:18089 03:24:06 Host group 60 03:24:08 185.218.124.120 vmi2088507.contaboserver.net. http://185.218.124.120:18989 03:24:10 23.154.81.12 mail.yuuta.moe. https://xmr.winslow.cloud:18081 03:45:15 <321bob321:monero.social> send drone? 03:54:12 185.218.124.120 is weird for proxying multiple nodes on different ports 03:56:54 this is the general vibe but I don't think there's any good reason for it. 03:56:54 I've used IVPN for years. except for slight differences they offer the same thing no? 04:02:02 ``` 04:02:02 10240/tcp open unknown 04:02:04 18080/tcp open unknown 04:02:06 18089/tcp open unknown 04:02:08 18180/tcp open unknown 04:02:10 18189/tcp open unknown 04:02:12 18280/tcp open unknown 04:02:14 18289/tcp open unknown 04:02:16 18380/tcp open unknown 04:02:18 18389/tcp open unknown 04:02:20 18480/tcp open unknown 04:07:06 It's owned by this person who is proxying some others (if Stnby's method is accurate) alongside his own nodes. https://captaincanaryllc.com/ 04:22:37 "Legal Inquiries" hmm. 07:01:31 all of my nodes are being MITM'd... they grow up so fast, brings a tear to my eye 07:19:44 <321bob321:monero.social> Stnby pentesting 08:53:30 yes, i've also used ivpn for years without any issues except speed, tho no one beat ProtonVPN on that. I trust them as well 08:53:40 ^ 09:31:02 Do we have an idea why chainalysis was able to rule out so many decoy inputs in their video? 09:39:38 Info from.external.source e.g. a cex handed over a data dump of of their monero deposits/withdraws so they know those decoys are spent and cant be used 09:41:09 Off-by-one bug existed then... Maybe coinbase outputs. There is a report showing some.other ways which would habe worked around that time 09:42:06 https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=233 theres a nice graph 11:46:04 Havr you tried doing a p2p scan of nodes as well? Last year I saw multiple /24 ip ranges that were pretty clearly proxies of the same underlying node, but I did not dig too deep into the network graph to see how they would work their way into everyone's peerlists. 11:46:06 Maybe I should publish the updated version of my p2p scanner https://github.com/endorxmr/monero-node-p2p-scanner 11:48:35 Good indicators were the pruning "group" (i.e. they would all belong to the same pruning group) and the fact that each ip would have several ports open, and they would show up en masse on some peerlists 11:51:10 https://b10c.me/observations/06-linkinglion/ 11:51:16 I’ve thought about this for years, ISPs generally block this kind of IPv4 scanning behaviour and do not follow internet etiquette. Granted you could ban certain ASNs to recuse the amount then segregate the scanning across all 7000 running nodes but it just puts you at risk of getting your IP null routed for abuse. Some datacenters will allow it for special conditions if requested formally. 11:52:10 I’ve thought about this for years, ISPs generally block this kind of IPv4 scanning behaviour and do not follow internet etiquette. Granted you could ban certain ASNs to reduce the amount then segregate the scanning across all 7000 running nodes but it just puts you at risk of getting your IP null routed for abuse. Some datacenters will allow it for special conditions if requested formally. 11:53:07 https://b10c.me/blog/013-one-year-update-on-linkinglion/ 11:57:50 The network is only ~ 45k nodes on far fewer ip addresses, of which only half or so are "genuine". It's not like I'm pinging a million hosts per minute (and also the script's performance is not that great 👀) 11:58:54 A full network scan took me 15-30 mins iirc 11:59:44 (With the connection capped to 100 Mbps, and it was still kinda bursty, non sustained the whole time) 12:42:04 Which ISP? 12:42:56 Data centre or residential ASN? 12:47:44 They might get themselves a new customer today 😂 12:49:27 aw, moneroblocks.info is ded 12:49:58 and monerobase 12:50:57 and moneroaddress.org redirects..... 12:51:27 and it went to xmraddress.org .... 12:51:32 well, that exists now. 12:58:28 i know some of this is old news.... 13:01:01 I only scanned public nodes from monero.fail and xmr.ditatompel.com. 13:01:02 By trial and error. I found that /get_alt_blocks_hashes endpoint is 100% reliable. But I still kept /get_info + /get_limit + /get_alt_blocks_hashes to be damn well sure it's correct. 13:01:04 Code is here https://gist.github.com/stnby/253dea429c82eb37843d6ae8f0b5bcee 13:02:29 eeewwwww Go 13:03:35 Please go rewrite it in python or cpp, megamind. 13:04:31 why are you purposefully avoiding to quote Rust. This is the ultimate language and religion. Come Stnby, join us in spreading Ferris glory upon this heretic world. 13:05:40 I avoided mentioning Rust as its not even worth mentioning. Let it exit alpha state first. 13:06:55 Ooooh poor soul, may the crab aura save you from heresy and let you reveall your true potential. As a member of Rust church I pardon you of your sin. 13:27:13 Please can someone message me the cypherpunk's manifesto image with monero background? 13:33:10 Oh I found it on 4chan. I'm good 14:04:23 looks like nothing burger 14:04:54 Monero mentioned once with how it works for a couple of secs in the whole course 14:05:11 they only showcased Zcash and Dash in thei reactor 14:05:18 their* 14:07:00 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/yyeCwZjBNNLLJbgWgWBlrEjW 14:07:18 "Most Zcash users don't use the privacy functionality" 14:07:18 opt-in privacy lol 14:30:29 Zcash is a joke, trusted setup and optional privacy 14:51:18 Its not trusted setup anymore, right? 14:51:47 new addresses aren't 15:00:22 it was way obvious where they are going with that weird woke interview and zooko blocking everyone 15:01:24 and strangely, some of these anti privacy groups are promoting Zcash while ignoring monero when it comes to privacy topics 15:06:58 what anti privacy groups? 15:08:08 is Zcash PoS or PoW ? 15:08:21 I remember they expressed some want to migrate to PoS 15:08:27 going PoS, I think still PoW 15:17:27 Does anyone know who this person is or how to contact them? https://www.reddit.com/user/rupeee/ 15:17:28 He was (is?) operating the *.xmrnode.com nodes. 15:17:50 rupee: is this you? 15:18:56 Yes 15:21:15 What is happening with your nodes? https://libreddit.privacydev.net/r/Monero/comments/1f9h7rw/xmrnodecom_is_very_sus 15:21:58 The reddit post was deleted? Why? 15:22:17 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/LlxJAQQedodrbscnXiywHyUc 15:23:51 Why was your node dallas.xmrnode.com serving this strange "fn.likauction.com" certificate? 15:24:16 Hmm. I will take a look. I don’t think I’m running nodes anymore but there are bunch of old dns records 15:24:27 1000008498.png 15:25:56 It points to the IP address of a VPS I used to rent but no longer rent 15:26:04 The servers who have this strange self signed certificate all have monero RPC ports open 15:27:25 You're either a fed or feds went to your VPS provider and asked to be assigned your old IPs and abused your dangling DNS records. 15:27:51 Chainanalysis took advantage of your leftover records and hosted malicious nodes in there. 15:27:53 😬 15:28:30 For how long your nodes have been non operational? When was the last time you remember them working? 15:28:47 And have you ever submitted them to monero.fail before? 15:28:50 🍿 15:29:55 Yeah, I think I did submit them there, but most of those VPSes I stopped paying for years ago. Probably 2018 I would guess 15:30:54 Please don't leave unused DNS records 15:31:14 Good advice. :( 15:32:16 plowsof monerobull: I dunno who the reddit mods are but why was this deleted? It was important information for the community 15:33:16 lol 15:33:25 it was reported as pornography so many times it got auto-deleted 15:33:42 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/LanopwizwgqjzZHSrQLEjWOA 15:34:02 wtf 15:34:19 What the fuck, that's chainanalysis censoring it quite literally 15:34:21 i swear to god if these reports come from chainalysis employees lmao 15:34:38 Meaning it was correct, those were actual malicious nodes 15:34:56 re-approved it 15:37:17 rupee: the reddit link is back up if you're curious what happened https://libreddit.privacydev.net/r/Monero/comments/1f9h7rw/xmrnodecom_is_very_sus 15:38:05 Thanks very much for the heads up. Can’t believe that happened or that I never deleted those DNS records. 15:39:20 so did chainalysis actually do dns hijacking? 15:41:05 The records were already there, Chainanalysis got assigned the IPs (by going for the same hosting provider and most likely kindly asking for it) and abused it yes. 15:41:54 It's been chainanalysis operated since at least 2020 15:42:03 yeah that is pretty much the dns poisoning attack 15:42:12 And node.moneroworld.com was pointing to few 15:43:40 I was running 40-50 nodes for a few years in moneros early days and eventually stopped maintaining most of them in 2018-2019. Very unfortunate I didn’t update dns. 15:44:53 archive anything u find it informing 15:50:27 Yeah did https://web.archive.org/web/20240908153815/https://libreddit.privacydev.net/r/Monero/comments/1f9h7rw/xmrnodecom_is_very_sus 15:50:36 Also dl'ed 15:50:51 And will make a blog post somewhere else anyway 15:52:49 May I ask why you needed so many? 15:54:03 There were only a couple hundred nodes worldwide when I started hosting nodes. I was trying help the network. I had servers in places where there weren’t many other nodes like Venezuela and Bosnia 15:57:14 what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld? 15:57:31 There is only barely over a 100 nodes nowadays as well. Having 50% of nodes sounds more like trying to harm the network to me 15:57:46 Did you operate nodes under different domain names other than xmrnode.com? 15:58:15 when the gui got released i registered guinode.com and and hosted nodes there. that domain is now available 15:58:54 Nothing. It's just that you're nodes were hardcoded in wallet apps for years. 15:59:10 seriously?! I haven't checked in years, but that seems very unlikely 15:59:24 > <@rupee:monero.social> what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld? 15:59:26 Nothing. It's just that your nodes were hardcoded in wallet apps for years. 15:59:59 Nothing. I'm not sure if you have seen the now removed and heavily censored Chainanalysis training video but in that video they showed RPC logs from moneroworld.com. Moneroworld.com itself is not a real node itself but it points to different nodes via A records. Few of your nodes were included in the round-robin. People then noticed the unusual behavior on your nodes and here we are. 16:00:22 You asked moneroworld to point to your nodes 16:00:26 > <@rupee:monero.social> what is stopping chainalysis from creating malicious nodes and pointing a new domain to it and then registering that domain with monero.fail and moneroworld? 16:00:28 Nothing. I'm not sure if you have seen the now removed and heavily censored Chainanalysis training video but in that video they showed RPC logs from node.moneroworld.com. node.moneroworld.com itself is not a real node itself but it points to different nodes via A records. Few of your nodes were included in the round-robin. People then noticed the unusual behavior on your nodes and here we are. 16:00:54 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/ElLFppkjHbgplQEEuuxenVbm 16:01:11 Open from cakewallet to monerujo. They are listed there. 16:01:20 damn 16:02:25 I meant when i started hosting nodes there were only a couple hundred nodes in the monero network. I forgot where to see maps of all the nodes, but there has to be thousands now, right? 16:02:43 lol. yeah, over 12,000 16:02:51 so 40-50 is not half the network 16:03:32 anyway, i'm only running a couple now and deleted those dns records. very regrettable 16:04:26 These are all running public nodes I could find 16:04:26 https://gist.github.com/stnby/648269512433774458df9d2d37d197e6 16:04:28 110 16:05:32 this says 12,951. 16:05:34 https://monero.fail/map 16:05:48 you must be counting different things 16:08:50 We are talking about public nodes. Not peers. Public nodes is what you plug into your android wallet 16:09:54 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/VHPJLPgUYRjqXJLhoZAGzLqn 16:10:16 peers are used to download the blockchain. my intention at the time was to make it faster to download the blockchain 16:12:33 why is there like 4 plowsof prefixed onion nodes in monero.fail 16:14:52 Idk I didn't check onion and i2p nodes. But those are most likely same clearnet nodes but under torrd. 16:15:49 Maybe I'll make my own index with deduplicated list. 🤷‍♂️ 16:32:24 syntheticbird one of the tor nodes has a https:// , so 3 16:32:27 All wallets should have the fingerprint certificate feature 16:34:47 rupee :) 16:36:16 o/ 16:39:42 Thats the same for public node providers because it's cool to have that feature but if no admin shares his fingerprint or using a certificate lol 16:40:30 Even a script kiddie could listen public connections to hijack nodes 16:41:21 Or an ISP 🙃 17:27:50 https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/ 17:28:27 >This is a huge problem for Proton Wallet, because Bitcoin is the only cryptocurrency it supports. Furthermore, Proton Wallet doesn't support the few privacy-enhancing additions to Bitcoin that do exist, like CoinJoin or even the Lightning Network. While these technologies still don't bring Bitcoin close to the levels of privacy attainable with some alternatives like Monero, to se 17:28:28 e them lacking in a product from a privacy-centric company like Proton is extremely disappointing. 17:28:30 >Had Proton Wallet added support for Monero or a similarly private cryptocurrency, they could have single-handedly boosted a financial system that is actually private by default by a significant degree. In my eyes, failing to do so in favor of the market leader is an unfortunate step back from their "privacy by default" mantra. 17:40:46 I also heard their explanation for it, seems more like an excuse. 19:04:17 Using Statistics to Improve Monero with Rucknium (MT 323) 19:04:18 TODAY'S 🎙SHOW: Douglas Tuman interviews Rucknium, an empirical microeconomist and Monero Research Lab member specializing in probability and statistical analysis who has made some very impressive contributions to Monero. Including discovering a way to speed up monero transaction confirmations by 60 seconds! 19:04:20 In this first ever interview, Rucknium maintains his anonymity by typing his responses and having a monero friend sit in to read his answers. Tremendous thank you to Patchy319 for doing so! 19:04:22 The conversation centers around Monero’s privacy technology, scalability, and Rucknium’s contributions to the project. They highlight the challenges of Monero’s scalability, including node performance and transaction volume, as well as ongoing efforts to address these issues through StressNet, Network-level privacy solutions like Dandelion++ and potential improvements throug 19:04:24 h the Clover protocol are also explored. We also get to hear a preview of Rucknium’s upcoming presentation at Monerotopia24 Confer! 19:04:26 Watch Here (YouTube)➡️ https://youtube.com/live/fXoiYmrXYJc 19:04:28 Watch Here (Odysee) ➡️ https://odysee.com/@MoneroTalk:8/using-statistics-to-improve-monero-with:d 19:04:30 Listen Here 🎧:https://www.monerotalk.live/monerotalk-323 19:04:32 Coffee & Monero, Go to Gratuitas.org today! 19:04:34 {Buy your MoneroTopia 24 Mexico City Confer tickets TODAY at MoneroTopia.com! } 19:04:36 FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk 19:05:27 Using Statistics to Improve Monero with Rucknium (MT 323) 19:05:28 TODAY'S 🎙SHOW: Douglas Tuman interviews Rucknium, an empirical microeconomist and Monero Research Lab member specializing in probability and statistical analysis who has made some very impressive contributions to Monero. Including discovering a way to speed up monero transaction confirmations by 60 seconds! 19:05:30 In this first ever interview, Rucknium maintains his anonymity by typing his responses and having a monero friend sit in to read his answers. Tremendous thank you to Patchy319 for doing so! 19:05:32 The conversation centers around Monero’s privacy technology, scalability, and Rucknium’s contributions to the project. They highlight the challenges of Monero’s scalability, including node performance and transaction volume, as well as ongoing efforts to address these issues through StressNet, Network-level privacy solutions like Dandelion++ and potential improvements throug 19:05:34 h the Clover protocol are also explored. We also get to hear a preview of Rucknium’s upcoming presentation at Monerotopia24 Confer! 19:05:36 Watch Here (YouTube)➡️ https://youtube.com/live/fXoiYmrXYJc 19:05:38 Watch Here (Odysee) ➡️ https://odysee.com/@MoneroTalk:8/using-statistics-to-improve-monero-with:d 19:05:40 Listen Here 🎧:https://www.monerotalk.live/monerotalk-323 19:05:42 Coffee & Monero, Go to Gratuitas.org today! 19:05:44 {Buy your MoneroTopia 24 Mexico City Confer tickets TODAY at MoneroTopia.com! } 19:05:46 FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk 19:36:16