<s​ervers.guru:matrix.servers.guru> We don't rent lxc at the moment, only vps but hmm. Could be an idea actually.

<s​ervers.guru:matrix.servers.guru> If you are interested you can reach out and I can check if that is something we can offer in a reasonable time-frame.

<s​ervers.guru:matrix.servers.guru> > <@m-relay:monero.social> <b​oldsuck> maybe servers.guru or rantech/buyVM, both accept XMR

<s​ervers.guru:matrix.servers.guru> We don't offer lxc at the moment, only vps but hmm. Could be an idea actually.

<s​yntheticbird:monero.social> matrix.monero.social/_matrix/media/…ero.social/BDqlSqNRnxQWxzinuawSRJCQ

<3​21bob321:monero.social> Is that ruck?

<b​oog900:monero.social> it was me and I have found more - we are over 400 now

<r​ottenwheel:kernal.eu> boog900 thanks for that. SyntheticBird pinged me in another room. Sharing in this next week's Revuo issue. Nudge me if you'd like me to run the news byte through you, or would like to add extra commentary, instructions.

<r​ottenwheel:kernal.eu> Can vouch for servers.guru's boxes quality. They are speedy and reliable. <3

<r​ecanman:kernal.eu> Will you publish a report?

<b​oog900:monero.social> Thanks, right now I think the best advice is just to ban all the nodes here: paste.debian.net/hidden/1fa6bb72

<b​oog900:monero.social> there will probably be an updated list by whenever the next issue is, I'll let you know.

<b​oog900:monero.social> Yes, right now though I am still finding nodes so I don't want to make the method public just yet.

<r​ecanman:kernal.eu> As I anticipated. Your work is highly appreciated

<r​ecanman:kernal.eu> Great job!

<b​oog900:monero.social> If any Monero devs want to PM to ask for the technique, I'll be happy to tell them.

<b​oog900:monero.social> Also If anyone is willing to share their nodes peer list I would be grateful.

<r​ottenwheel:kernal.eu> Sounds good. Should be published some time on Thursday!

<s​yntheticbird:monero.social> matrix.monero.social/_matrix/media/…ero.social/HIbwWmLaNQktRBIJwgvVnNvt

<b​oog900:monero.social> I think they have gone balls to the walls

<b​oog900:monero.social> I have just picked up an extra ~300 IPs

<b​oog900:monero.social> we are almost at 800

<b​oog900:monero.social> We are over 1000

<b​oog900:monero.social> that number is seen IPs running bad nodes

<s​yntheticbird:monero.social> I don't know who you are at Chainanalysis but that wasn't reason the be angry

<s​yntheticbird:monero.social> blame your boss not us

<r​ottenwheel:kernal.eu> boog900: you are only sharing IP addresses, aye? No regular domain addresses? Asking because I generally add my remote nodes that way... E.g. boogxmr.node.com:18081

<r​ottenwheel:kernal.eu> Is there a quick guide for node operators to ban this list easily? If not, planning on releasing one?

<b​oog900:monero.social> I am making a list of IPs now

<b​oog900:monero.social> paste.debian.net/hidden/359f2fb0

<b​oog900:monero.social> rottenwheel: create a file with that data from that and start monerod with `--ban-list FILE_NAME`

<b​oog900:monero.social> everyone running nodes should do this!

<r​ottenwheel:kernal.eu> boog900: I know, I am looking at the list already haha, I am asking more for actual domain names, not only IP addresses...

<r​ottenwheel:kernal.eu> monero.fail and node indexers often list them as the example, not their IP addresses. `boogxmr.node.com:18081`.

<r​ottenwheel:kernal.eu> I guess between nodes themselves they don't operate with regular domain names like plebs do, so banning them works with just their IP addresses. 👍️

<b​oog900:monero.social> yes exactly

<r​ottenwheel:kernal.eu> Playing devil's advocate here... has this been discussed in length with MRL or other adjacent contributors? Just so when I make the call for it in Revuo, it's just not a one-man band thing (you), it's a collaborative, loose consensus initiative.

<b​oog900:monero.social> ngl it's just me

<s​yntheticbird:monero.social> its just us

<r​ottenwheel:kernal.eu> I'm aware of global ban lists from prior hardforks, et. al., but since this seems more like a manual hotfix, we don't lose anything by getting more eyes on it.

<s​yntheticbird:monero.social> i agree

<s​yntheticbird:monero.social> i agree too

<s​yntheticbird:monero.social> were twi

<b​oog900:monero.social> gui.xmr.pm/files/block.txt

<s​yntheticbird:monero.social> were two

<r​ottenwheel:kernal.eu> Sick! lol.

<r​ottenwheel:kernal.eu> boog900: considered adding this item to forthcoming MRL meeting on Wednesday? Cc. Rucknium

<r​ottenwheel:kernal.eu> boog900: considered adding this item to forthcoming MRL meeting agenda on Wednesday? Cc. Rucknium

<r​ottenwheel:kernal.eu> Ah, no open issue yet... monero-project/meta #1092

<b​oog900:monero.social> a lot of IPs overlap with those there, which is selsta's list

<b​oog900:monero.social> If you want me to - I am not going to discuss the method I found these nodes publicly though

<r​ottenwheel:kernal.eu> boog900: I don't care much about disclosing method publicly, I care more about other contributors going over the method, privately, if that is your choice, but then posting their approval/recommendations for improvement!

<r​ottenwheel:kernal.eu> That's more what I mean by adding it to the agenda items, nudging other MRL and XMR contributors so they go over what you came up with and either approve or disapprove, helping it not be a one-man band thing, like I said above.

<r​ottenwheel:kernal.eu> Peer review. :)

<b​oog900:monero.social> That's fair, I understand, any dev is free to message me.

<b​oog900:monero.social> I suspect they own `23.92.36.0/24` as well

<system> file goodmorning.mp4 too big to download (2098304 > allowed size: 1000000)

<s​yntheticbird:monero.social> goodmorning.mp4

<a​mmortel:monero.social> I hope you are sure these are all chainanalysis'. Banning even one single innocent IP would be very bad

<s​yntheticbird:monero.social> There is no virtual doubt. Tho thx for the concerns.

<3​21bob321:monero.social> Rip luigi

<b​oog900:monero.social> A false positive is not possible, although we don't actually know who is running these nodes

<b​oog900:monero.social> They share IPs with LinkingLion

<a​mmortel:monero.social> Oh I See

<a​mmortel:monero.social> You're sure that they are malicious but have no idea If it's chainanalysis or not

boog900 you can share your method with selsta, he maintains a ban list. Not sure if you can DM from matrix to IRC, but you can share it with me too, maybe I'll have valuable comments

are they still using our old sponsor - forkednetworking?

They often have incoming ports open, and users actually connect _to_ them

Rotten - nodes on monero.fail are rpc ports. This is about p2p. These spy nodes dont typically usually use standard p2p ports, so the chance of someone manually adding the node to their peerlist is slim

Nobody ask how --enable-dns-blocklist is created or "approved". the subject of the spy nodes might be good for mrl, but i dont see why we'd need to tread lightly with issuing a banlist. Either you trust the lists or you dont (and create your own)

<s​yntheticbird:monero.social> i agree on the trust part. And i trust boog. Checkmates.

Boog900 - any reason why youre banning specific ips and not the whole range? (23.92.36.0/24)

<b​oog900:monero.social> sech1 I'll DM you soon

<b​oog900:monero.social> Ofrnxmr I don't want to accidentally ban a real node

Anyone try to ddos 1 node and see if it effects the others 🥴

<b​oog900:monero.social> No don't do that

<b​oog900:monero.social> They are proxies to other, real, nodes

I think they run some of those real nodes themselves - am i wrong?

Some/all

<b​oog900:monero.social> Not all probably some. I have the addresses of some of the nodes they proxied to and one of them is plowsof

rip plowsof

forked / linkinglion predated plowsof's nodes, so clearly an active attack

<b​oog900:monero.social> They seem to choose random nodes, there was a lot of addresses used

hm. running a giant MITM + sybil

dandelion attack

.. ppl should add tx-proxy and anonymous-inbound to their nodes

So these nodes are proxies for port 18080 - p2p? Not RPC?

Yea, p2p

<s​yntheticbird:monero.social> sech1 yes

<s​yntheticbird:monero.social> p2p proxies

<s​yntheticbird:monero.social> And rpc proxies

<a​mmortel:monero.social> Where can we see this banlist?

rpc proxies a diff issue and diff nodes

<s​yntheticbird:monero.social> #monero-dev

<s​yntheticbird:monero.social> ofrnxmr im saying these fake nodes are both proxying rpc and p2p

<s​yntheticbird:monero.social> Tho no one will use their RPC

I dont think they are using rpc (?)

<b​oog900:monero.social> Some of the nodes had an RPC port open and serving requests

These nodes likely arent chainalysis. Linkinglion nodes were visible in the video, but didnt have any special indicators that they were used to ruke out tx

--public-node @boog?

<b​oog900:monero.social> I can check

<a​mmortel:monero.social> Sorry. Is this a mention to another chat ?

<s​yntheticbird:monero.social> List is on #monero-dev channel

List is here paste.debian.net/hidden/359f2fb0

<a​mmortel:monero.social> I thought that is boog900's recent list

<b​asses:matrix.org> boog900 keep the method private, make it public when they change their way

Hmmmm. My matrix isnt updating some chats

<b​oog900:monero.social> That's my plan but some devs need to know so more people can trust me

Boog idk if just me, but my monero.social acct cant see any msgs in this room since yesterday

<s​yntheticbird:monero.social> Average synapse experience

I'm logged in on 2 sessions and both show diff history

One since oct14 :/ other 19th

Dev oct 10 on one, and completely missing on the other

<b​oog900:monero.social> It doesn't look like they are giving their RPC port to P2P peers

thanks

<b​asses:matrix.org> let me know if SGP DMs you tho

<b​asses:matrix.org> educational purposes

😂

Seriously, i think ppl should consider making better use of tx-proxy and anonymous-inbound tho

<s​yntheticbird:monero.social> Yes it is a good immediate recommendation

Uh oh. Found a mistake

when you run your own xmr node, is there a reason to use https instead of http? and if yes, is there some Linux guide related to do this ?

<s​yntheticbird:monero.social> Core2528_ depends on how you access your node. Is it remotely? if yes, then you should use https, if not (node is on localhost or local network in which you trust) then no need to.

<a​mmortel:monero.social> M'y wallet uses http to retrieve the node's data?

<a​mmortel:monero.social> Doesn't it use port 18081 or something

port 18081 can be plain text, or encrypted (depends on monerod command line)

<a​mmortel:monero.social> I have - -rpc-bind-ip, - - confirm-external-bind, - - restricted-rpc, - - rpc-login as arguments to the command line. Am I encrypted?

<s​yntheticbird:monero.social> nope

<s​yntheticbird:monero.social> you have to use the gencert something binary in the download folder of monero and use that binary to generate new certificates then you can use the `--rpc-ssl-*` arguments

<s​yntheticbird:monero.social> i know very vague

Rpc-ssl is set to autodetect by default

<a​mmortel:monero.social> Thank you

If you just add "https" to the url when conencting, it will use monerod's self-signed certs

If you want to use CA signed certs, you need to specify them manually on the node

And your node will need to have a domain address

*need* ?

For a properly signed certificate

No need for a domain if you use self-signed certificate

<s​yntheticbird:monero.social> Would someone be kind enough to make a post on r/monero about the discovery of bad node IPs and provide link to the ip list for people to start using `--ban-list`. Also recommend `--tx-proxy` or `--anonymous-inbound`

Moneromooo, CA's issue certs w/o a domain name?

I do not know.

I dont know either :D

But needing a CA means a barrier to privacy.

I thought yes, but happy to be corrected

<a​mmortel:monero.social> So I did something, let me know if I should edit or delete

<s​yntheticbird:monero.social> Thanks for doing so. I would appreciate an edit:

<s​yntheticbird:monero.social> > These malicious nodes were revealing to Linking Lion the IPs of monero users who connected to them. Presumably they're all from chainanalysis.

<s​yntheticbird:monero.social> to

<s​yntheticbird:monero.social> > These malicious nodes could potentially reveal the IP address of the monero node from which originated a user transaction. Some of the IPs have been linked to Linking Lion infrastructure. They're all presumably from chainanalysis tho nothing is confirmed at this point.

<s​yntheticbird:monero.social> Thanks for doing so ammortel . I would appreciate an edit:

<s​yntheticbird:monero.social> > These malicious nodes were revealing to Linking Lion the IPs of monero users who connected to them. Presumably they're all from chainanalysis.

<s​yntheticbird:monero.social> to

<s​yntheticbird:monero.social> > These malicious nodes could potentially reveal the IP address of the monero node from which originated a user transaction. Some of the IPs have been linked to Linking Lion infrastructure. They're all presumably from chainanalysis tho nothing is confirmed at this point.

<s​yntheticbird:monero.social> sorry for spam IRC

<s​yntheticbird:monero.social> saw the edit thx ammortel

chainalysis isnt linking lion

again, you can see in the chainalysis video their there are cameos of linkinglions ip adresses, and they arent labeled in any way

they arent being used at all (by chainalysis) in the attempts to trace tx

i believe linkinglion is am entirely different entity.

chainalysis is far from the only chain analytics company, and chainalysis didnt _randomly_ forward nodes, they manually used nodes with domain names

I think claiming "chainalysis presumed to be linkinglion" is a baseless accusation

More likely to be a false accusation as well, since we _do_ have some information that would contradict that statement

<s​yntheticbird:monero.social> Ok thanks for the heads up. There will be a future post on reddit hopefully this was just so that people could be aware of the issue. Feel free to make a comment or propose an edit to ammortel on that.

on reddit? banned. on town? no tor

Left a comment

<s​yntheticbird:monero.social> Thx rbrunner. I take full responsibility for the misinformation on it. I was confused.

No problem :)

<s​yntheticbird:monero.social> Im burning to answer reddit comments please someone borrow me their residential IP

<s​yntheticbird:monero.social> \/s

<r​ucknium:monero.social> MRL agenda this week is pretty full. I can put the node IP banlist on next week.

<s​yntheticbird:monero.social> What about Two MRL meeting in a week

<s​yntheticbird:monero.social> Everyone knows N factories build a single car N times faster

<b​oog900:monero.social> I don't think it needs to be discussed in MRL - it can be if people want to though. I have told sech1 the method of finding these nodes.

<b​oog900:monero.social> any other dev is free to message me as well

<b​oog900:monero.social> I am still finding new IPs, the total count of seen IPs running bad nodes is 1227. Although most of the new ones are already in the ranges banned.

<r​ottenwheel:kernal.eu> It doesn't need to... It must. 😂

<r​ottenwheel:kernal.eu> Where's the logic behind a single individual pointing fingers at 1k+ IP addresses and telling the whole network to ban them without anyone else backing the theory up?

<r​ottenwheel:kernal.eu> I could do the same and claim it doesn't have to be discussed anywhere too. What would you think about that?

<s​yntheticbird:monero.social> well i think other devs are backing it up

<s​yntheticbird:monero.social> fortunately

<r​ottenwheel:kernal.eu> Yeah? Only one that he shared the method with. One.

<r​ottenwheel:kernal.eu> I'm not sharing this in revuo till MRL and at least 5 contributors +1 the method and ban list.

<r​ottenwheel:kernal.eu> I've said my piece. 👍

I can back it up, this method doesn't give false positives for real nodes

<b​oog900:monero.social> No. I am saying I will happily discuss it if other people want to. I don't think it needs to be though what are we going to say publicly

<r​ottenwheel:kernal.eu> Two people is not enough peer review.

I don't know what else I can share because every bit of information can be used to fix it on their side

<r​ottenwheel:kernal.eu> More than warranted to be discussed in this Wednesday's MRL meeting.

<r​ottenwheel:kernal.eu> I am not asking for the method, you jerks.

<r​ottenwheel:kernal.eu> I am asking for further per review, AKA, method shared privately with more contributors.

<b​oog900:monero.social> That doesn't need to be done in a meeting

<r​ottenwheel:kernal.eu> The meeting can be held as normal and when the item comes in, it is more about reaching loose consensus whether we make a call for ban or not.

<r​ottenwheel:kernal.eu> Okay, I'm done trying to explain something that is logic to you. Good luck.

The problem with publishing it, is that the attacker (whoever it is) will fix it and allocate new IP ranges quickly.

It's a game of whack-a-mole at this point. Eventually it will go out, it will be fixed and they'll just change IP addresses

What we can do is find who owns these IP ranges, maybe it will give another clue of why they should be banned

<r​ottenwheel:kernal.eu> sech1 are you autist?

<r​ottenwheel:kernal.eu> I am not asking you to publish the method.

<r​ottenwheel:kernal.eu> "I am asking for further per review, AKA, method shared privately with more contributors."

<r​ottenwheel:kernal.eu> "The meeting can be held as normal and when the item comes in, it is more about reaching loose consensus whether we make a call for ban or not."

<r​ottenwheel:kernal.eu> If no meeting is held, it is only two guys sitting on a chair telling the whole network to ban more than 1k IP addresses.

<r​ottenwheel:kernal.eu> If that doesn't sound wrong or centralized to you, check your neurons.

At what point it's not centralized? 2, 3, 4, 5, 6, 7, 8, 9, 10 devs checking the method and saying that it's ok?

<3​21bob321:monero.social> Ban all except mine

You can always say that "dev cabal told us to ban these IP addresses"

<b​asses:matrix.org> why you always name calling people? "autistic", "retard".

<b​asses:matrix.org> from room description:

<b​asses:matrix.org> >[XMR] Be excellent to each other and welcoming to newcomers

<3​21bob321:monero.social> Exciting

<s​yntheticbird:monero.social> rando: usual internet slang. I also make the mistake.

<r​ottenwheel:kernal.eu> sech1 yeah, I'm not doing that. Don't count for Revuo support.

rottenwheel why are you even asking something? Are you Monero master and gatekeeper?

<r​ottenwheel:kernal.eu> sech1 yeah, I'm not doing that. Don't count on Revuo support.

Did I count on it at all?

<b​asses:matrix.org> Bad attitude imo, convo can go without name calling tbh

<r​ottenwheel:kernal.eu> <s​ech1> At what point it's not centralized? 2, 3, 4, 5, 6, 7, 8, 9, 10 devs checking the method and saying that it's ok? <=== I don't know, ask prior hard forks?

sech1 has officially lost Revuo support F

<r​ottenwheel:kernal.eu> The tragedy! 😂

<3​21bob321:monero.social> And boog

btw I already banned all these IPs on my nodes

Including p2pool.io/explorer

<r​ottenwheel:kernal.eu> Guys! We're blocking 1k IP addresses from the network! Source? Two dicks and 4 balls!

<b​asses:matrix.org> plowsof

<r​ottenwheel:kernal.eu> Perfect way to word the news this week!

<b​asses:matrix.org> this is unacceptable

there are multiple methods to detect suspicious nodes, the method has circulated between those who control/update the dns ban list which has always existed and is optional . same circumstances here with the 'updated' list

Yeah, but this specific method is interesting and has 0% false positive rate because normal nodes just don't do what these proxies do

why would i trust you though, its not like you sign gitian builds for monero binaries or anything

Well, even if I know the method, we both still have to trust the actual list of IPs from boog :D

I do.

checkmates

<b​oog900:monero.social> I kept logs

<b​oog900:monero.social> although you have to trust the logs .....

LMAO

<b​oog900:monero.social> ehh it's better than just IPs

boog has been compiling a list of enemies since day one

<3​21bob321:monero.social> For drone strikes ?

the list is optional, no one is forced to ban the list of boogs personal enemies, no fuss needed. the existing dns ban list has the same "centralised" aura but its optional

monero.fail/map says ~12k peers, and ~10% of them are malicious/proxies, wow. Quite a bit, I would say

<b​oog900:monero.social> A lot are in the same /24 subnets

So basically anyone running a node will have one of those proxies connected to them

I confirm i own these subnets

<b​oog900:monero.social> I have a list of individual IPs I have spotted .. one second

let the record state that i added 1 of my personal enemies ip's to boogs list

<3​21bob321:monero.social> If we get an ai to ban them is that better?

<r​ucknium:monero.social> Many people running this block list won't stop the IPs from joining the Monero network. The vast majority of legitimate nodes won't use the block list, so the malicious nodes can just connect to them. The Monero docs say to not enable the DNS blocklist anyway, so most users won't be enabling it: docs.getmonero.org/interacting/monerod-reference/#legacy

don't have to worry about the lists licensing then

<b​oog900:monero.social> paste.debian.net/hidden/103efa07

<r​ucknium:monero.social> Enabling a custom block list would just improve privacy a little for the node that enables the blocklist

perhaps reduce bandwith also?

bandwidth*

<3​21bob321:monero.social> I use the dnsbl at firewall level

yes, so it's safer to push transactions through p2pool.io/explorer/rawtx , for example (available on tor as well)

thx for the advice sech1 didn't know p2pool had a tx broadcast page

also I like cabbage.

<r​ottenwheel:kernal.eu> I like ur mum.

<3​21bob321:monero.social> Is there a repo with this list?

<r​ottenwheel:kernal.eu> Nope.

<3​21bob321:monero.social> So rotten can create issues

<r​ucknium:monero.social> IIRC, `monerod` prefers subnet diversity when creating connections to peers.

<3​21bob321:monero.social> Monerod gone woke

IIRC, it just prefers different /16 ranges for IPv4

it doesn't have a full list of IP->ASN mappings

For example Hetzner alone has a dozen or so of different /16 ranges. But only one ASN.

also, stupid ass rotten doesnt know we already have cemtralized banlists?

--enable-dns-blocklist is recommended by p2pool and is managed by the wizard of oz

if you dont want to recommend in revuo, dont! nobody asked you to

the nodes will end up in the dns blocklist whether revuo supports it or not

and the ip ranges from linkinglion are already ~1000 ips deep, and already in the blocklist

dont like it? dont use it.

DYOR and make your own banlist

Being incompetent doesnt mean you need 10 devs to collectively investigate an issue. When we implement _breaking_ features, its typically 2-3 people. Either learn to do the work / make your own banlist, or stfu. Nobody at all cares if revuo says "ban" or "dont ban". Ppl will listen to a reddit post by monerobull before they listen to you

<a​mmortel:monero.social> I agree that discussion here should be mannered even if it can get boiling

Rucknium

I modified that

And moved it from legacy to p2p-network, moved ban-list as well, removed flags that dont even exist

<r​ucknium:monero.social> Makes sense 👍️

Is stress-testnet still running? Or are my nodes broken?

my logs are so quiet

boldsuck: stressnet was shutdown a bit over a week ago

<3​21bob321:monero.social> Got stressed out, needs a break

OK - a break means it will come back = I leave my server configured.

<s​yntheticbird:monero.social> boldsuck no dan is just joking. Maybe it will return maybe not but at the moment it was shutdown without any intent to restarting it.

boldsuck: they were talking about using it for FCMP so it might be awhile

Ok systemctl stop monerod-test && systemctl start xmrig

It will likely come back when we have "stable" testnet for fcmp

<d​ave.jp:matrix.org> When fcmp testnet ?

December/january

Thats test-testnet, preaudit etc