I've written this here before, but even if it only draws the attention of a few wallet and node operators to the banlist, it's already worth it. It reduces the connections to suspicious, potentially useless or even counterproductive nodes in the Monero network.

Monero GUI wallet

If your run your own local node through the GUI wallet, go to Settings. In the “Daemon startup flags” box, input “–ban-list ”. Then click the orange “Stop daemon” button. It will take a few seconds for the daemon to shut down. Then click the orange “Start daemon” button. If you use a remote node, whoever operates the remote node will decide if the ban list is enabled.

✋ node operators enable a ban list

The Monero Research Lab (MRL) has decided to recommend that all Monero node operators enable a ban list

https://github.com/Boog900/monero-ban-list/blob/main/ban_list.txt

Download the ban list and:

./monerod --ban-list

🧐 https://gist.github.com/Rucknium/76edd249c363b9ecf2517db4fab42e88

you are viewing a single comment's thread
view the rest of the comments

[–] CashDragon@realbitcoin.cash 1 points 1 month ago* (last edited 1 month ago) (1 children)

The Monero Research Lab (MRL) has decided to recommend that all Monero node operators enable a ban list

I was under the impression that there was a network attack going on which was disrupting node operations, as has had happened in the past and that is why this post was created.

My point is the nodes should be able to dynamically determine if misadjusted or allegedly misbehaving nodes are present and block/ignore those automatically without needing to apply a ban-list from a centralized authority. This is a long standing issue and measures in the protocol should be able to govern this, since it has not happened it appears that this is a fundamental flaw that cannot be addressed and instead a ban-list is the only solution.

My question is what is preventing this from being properly addressed so applying a centralized ban list is not necessary? Is it a whack-a-mole situation where attackers will just tweak some other parameters and get around any detection?

[–] Wave@monero.town 1 points 1 month ago (1 children)

so applying a centralized ban list is not necessary?

A centralized ban list is not necessary! If reading isn't your thing, then print out what I've written and have someone around you read it to you. Or you can put the printout under your pillow at night and maybe it will sink in.

Are more universal fixes possible so that a specific ban list doesn't have to be used?

MRL will analyze the possible benefit of implementing an algorithm that chooses node peers to maximize diversity of Autonomous System Networks (ASNs), which are groups of IP addresses managed by the same entity. This algorithm could reduce the probability of connecting to too many potential spy nodes.

In the long term, there may be ways for nodes to verify that their peers are truly running a node instead of just proxying one node through many IP addresses.

Why not block these IP addresses by default in the Monero node software?

Blocking the IP addresses by default is technically possible, but it would set a precedent of blocking IP addresses by a decision making process that is semi-centralized. MRL has decided to ask node operators to block these IP addresses voluntarily instead of by default.

[–] CashDragon@realbitcoin.cash 2 points 1 month ago

OK, thanks for the extra info, would have a been a good idea to include this in the post from the start.