this post was submitted on 08 Dec 2024
20 points (91.7% liked)

Monero

1725 readers
16 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 2 years ago
MODERATORS
 

The Monero Research Lab (MRL) has decided to recommend that all Monero node operators enable a ban list

https://github.com/Boog900/monero-ban-list/blob/main/ban_list.txt

  • Download the ban list and:

./monerod --ban-list

๐Ÿง https://gist.github.com/Rucknium/76edd249c363b9ecf2517db4fab42e88

you are viewing a single comment's thread
view the rest of the comments
[โ€“] rutrum@lm.paradisus.day 1 points 2 weeks ago (9 children)

Im a monero noob. Can someone explain the need of a ban list? And how it works?

[โ€“] Eriq@monero.town 4 points 1 week ago (6 children)

It removes the spy nodes from network so they cant do a timing attack (If one spy node receives a transaction unseen by the 100s of other spy nodes, they can logically deduce that the first instance seen was the originator of the transaction/block). The current list above has a parsing error for the subnets (IPs with 0/24) and those are important because each single subnet contains 256 possible IPs. These possible IPs are fully actively being utilized for the attack as I have seen first hand. I hope Boog900 or one of the list maintainers can address this parsing error somehow so I can remove my temporary fixed list. This could be somehow a personal error somehow but most probably these unparsed subnets are a unnoticed issue.

[โ€“] mister_monster@monero.town 1 points 1 week ago (4 children)

But with dandelion++ it should be infeasible to deduce anything about a transaction on receipt, no?

[โ€“] Eriq@monero.town 2 points 1 week ago

Best solution when connecting to public nodes would be through Tor. Even if the public node is a spy node somehow with tor enabled, they would still be able to see requested blocks but would not be able to pinpoint who is requesting. It still adds a good layer and is recommended by most, but it is not perfect because Tor is also somewhat under a timing attack.

load more comments (3 replies)
load more comments (4 replies)
load more comments (6 replies)