It removes the spy nodes from network so they cant do a timing attack (If one spy node receives a transaction unseen by the 100s of other spy nodes, they can logically deduce that the first instance seen was the originator of the transaction/block). The current list above has a parsing error for the subnets (IPs with 0/24) and those are important because each single subnet contains 256 possible IPs. These possible IPs are fully actively being utilized for the attack as I have seen first hand. I hope Boog900 or one of the list maintainers can address this parsing error somehow so I can remove my temporary fixed list. This could be somehow a personal error somehow but most probably these unparsed subnets are a unnoticed issue.

yes the overall transaction is safe but the individual node sending that transaction/block is recorded with the IP logged. Mass collection with a large spy network would easily enable a semi reliable initiator logging system that could be used later for any purpose. You could connect to a public node to hide and not send from personal node but then again the public node itself could be a spy node too. Its all about collecting general metadata for use with other data to be cross examined when the time is needed.

Best solution when connecting to public nodes would be through Tor. Even if the public node is a spy node somehow with tor enabled, they would still be able to see requested blocks but would not be able to pinpoint who is requesting. It still adds a good layer and is recommended by most, but it is not perfect because Tor is also somewhat under a timing attack.

yea and all above IP ranges are found at the top of https://github.com/Boog900/monero-ban-list/blob/main/ban_list.txt. The ban list is good but it is not enabled by default.

Is this a common issue of ban lists unable to parse subnets or am I the only one because if no one is banning these subnets due to parsing error that is small problem.

Did you manually ban from the monerod terminal? subnet parsing works when manually banning it from cli but seems to have issues when loading automatically ban list. If u loaded it with the ban list and it worked then it is somehow a local issue for me.

100.42.27.* is banned on the one above but not the official monero ban list indicating new malicious subnets appearing.

https://github.com/ErikASD/enum-monero-ban-list/blob/main/ban_list.txt seems to fix the issue above for me.

All I modified was the subnets, expanding them into individual IPs to be banned properly.

All the subnet addresses are not banned and shows error when adding any subnet, other IPs without the subnet format are added successfully : "

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 91.198.115.0/24

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 100.42.27.0/24

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 162.218.65.0/24

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 193.142.4.0/24

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 199.116.84.0/24

2024-12-08 22:08:06.735 E Invalid IP address or IPv4 subnet: 209.222.252.0/24 "

These IPs account for more than half the problem and do not seem to be banned properly by the ban list.

If the subnet format does not work we could enumerate the subnet and have each individual IP from that subnet on the list as a workaround.