Closed li5lo closed 2 weeks ago
selsta
commented
3 weeks ago Is the one I'm maintaining, it gets regularly updated and is complete of all known IPs. So if you want to apply block list, this one.
The DNS one currently missing some IPs due to limitations, which we will fix in an upcoming update.
how often or if they get updated or what they protect against.
The lists include nodes that are fingerprinted as running custom software with the goal of spying.
li5lo
commented
2 weeks ago The lists include nodes that are fingerprinted as running custom software with the goal of spying.
So every node operator who trusts the core team to not intentionally include arbitrary IPs should enable
enable-dns-blocklist on all their mainnet/stagenet/testnet nodes and can consider to temporarily apply a static blocklist with the IP addresses from https://gui.xmr.pm/files/block.txt
selsta
commented
2 weeks ago Correct. Also the block lists are compiled by developers, not the core team. Theoreatically the core team has access to the DNS so they are somewhat involved.
There is:
Let alone the fact that static blocklists are useless at best, overblocking at worst, neither of them explains when they should be set or unset, who maintains them, how often or if they get updated or what they protect against.
If blocklist(s) are necessary or advisable there should be a clear policy and communication at least about the points mentioned above and only one trusted and reliable source for them.