Interesting observation, would it be difficult to detect such anomalies automatically?
Monero
This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.
Wallets
Android (Cake Wallet) / (Monero.com)
iOS (Cake Wallet) / (Monero.com)
Instance tags for discoverability:
Monero, XMR, crypto, cryptocurrency
The attacker can just be smarter and use various ASNs + out-proxies for their backend.
My background is small-world network in distributed systems and anti-censorship software like Hyphanet. If the goal is to evict/lessen the purview of the metadata harvesting nodes then some version of web-of-trust + proof of work could be implemented.
MRL has recently noticed the same issue and is discussing solutions: https://github.com/monero-project/research-lab/issues/126
yea and all above IP ranges are found at the top of https://github.com/Boog900/monero-ban-list/blob/main/ban_list.txt. The ban list is good but it is not enabled by default.
100.42.27.* is banned on the one above but not the official monero ban list indicating new malicious subnets appearing.
This post/thread needs to be way way higher up for everyone to see. Sounds just like all the malicious nodes on the tor network. Everything gets tapped eventually. Hopefully a solution can be found. What is the easiest method to host a tor and XMR node safely? I've got a server PC to offer up for good use. Anything possible on a home network or too risky?
https://inv.nadeko.net/watch?v=OviYhLZ02qg - fullnode over tor guide
also the pinode project is really helpful, not just for raspberry pis, neat package - then select tor only
Interesting, thanks for sharing!