Monero Network Scan Interesting Results

posted 7 days ago

Created a script to get the connections every time a new node connected. Everything looked normal in the peer list until I saw many nodes from:

100.42.27.* (around 200 peers)

193.142.59.* (around 200 peers)

199.116.84.* (around 100 peers)

209.222.252.* (around 150 peers)

91.198.115.* (around 150 peers)

The 100.42.27., 199.116.84., 209.222.252., and 91.198.115. all belong to “Lionlink Networks”.

These are around 600 nodes that are under that ISP and account for 20-30% of all nodes seen from a 3 day survey span.

This looks suspicious to me and the massive amounts of nodes raises many red flags and does not look natural at all.

~~If these were malicious, in concept, with the 13 default IN/OUT peers, if all connected are malicious, the innocent one would have no other data to compare it to~~.

(Edit: Updated Theory: having many nodes has the ability trace transactions and block miners easier based on timing attack)

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments

[ - ]

XMR_loving_AnCap@monero.town

4 points

6 days ago

Interesting, thanks for sharing!

permalink

report

Monero

!monero@monero.town

Create post

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

Wallets

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

Community stats

249
Monthly active users
347
Posts
901
Comments

Community moderators

admin@monero.town