Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to deal with Monero active Node Detection with Code

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to use the code to get Monero active node detection, the quality of the article content is high, so Xiaobian shares it with you as a reference, I hope you have a certain understanding of relevant knowledge after reading this article.

summary

Monero node detection here refers to the identification of Monero blockchain nodes through technical means, with the aim of identifying the size of Monero network nodes and key node addresses. Monero (XMR, Monero) is a cryptocurrency with privacy anti-tracking as its main selling point, deliberately hiding wallet addresses and transactions, allowing people to use the currency secretly.

1. Monero Blockchain Profile

Monero blockchain technology is mainly composed of distributed storage, P2P network, consensus mechanism, and its work verification algorithm CryptoNight is AES-intensive and CPU-consuming operation, which significantly reduces the advantage of GPU over CPU. It has been warmly welcomed by network black attackers and automated botnet controllers, providing broiler controllers with a technical means to cash in using CPU computing power. At present, well-known mining gangs include watchdogs miner, ddgbotnet mining gang, pm miner, kingsing miner, 8220 mining gang, etc. They have long been biased towards Linux servers for mining attacks, mining Monero coins. Several known gangs currently have the highest revenue of about 10 million RMB.

Distributed storage refers to the fact that most nodes on the network store the entire blockchain, P2P networks refer to nodes that can be used as servers or clients, and consensus mechanisms refer to proof of work.

2. Monero blockchain network architecture

Monero blockchain network structure diagram, represented by the following Bitcoin blockchain network structure diagram. Wallet W (wallet)

Mining M, blockchain database B, network routing node N, SPV simplified transaction verification light node, Bitcoin protocol can be understood as monero protocol, S represents TCP communication protocol between Stratum mining machine and mining pool, P refers to pool mining pool. In addition, Solo Miners refer to independent miners, pool miners refer to the use of pool miners, the difference between the two is whether miners need to build a monero full node, in addition to pool miners are shared revenue, and need to pay a certain percentage of revenue. Sharpening does not miss cutting firewood, a brief understanding of blockchain: The function of the node is to store the blockchain database and carry out network routing communication. Ordinary user transfer is to insert data into the blockchain database of the node, but this data needs miners to perform operations in a specific way, and then synchronize the results of the operations into the node. After confirmation by a specific algorithm, it will be synchronized into the database of other nodes. More than 51% of the nodes are synchronized to complete the transaction process. The core work of the mining pool is to assign tasks to miners. Count workload and distribute revenue. Obtain the data to be calculated from the node, send it to the miners for operation, and then synchronize the results of the operation to the node database. If the operation succeeds, a part of the reward will be obtained, and the reward will be distributed according to the Hash amount of each miner. Independent miners will not distribute the income according to their work. If the mining succeeds, they will obtain a whole profit. If it fails, there will be no profit. Mining is essentially the process of executing a Hash function, and the Hash function is a single-input single-output function. The input data is a block header. Ordinary miners will log in to the mining pool and submit their own mining pool account (which can be a wallet address or a code) and password (which can be absent). The mining pool records the session of the account. The mining pool sends the task data to the miners, and the miners send the result data to the mining pool.

Stratum is the mining data structure, as follows json format

Mining pool source code: Powerpool, Support mixed mining, Source code address https://github.com/sigwo/powerpool

Monero node source code https://github.com/monero-project/monero

Monero mining machine source code https://github.com/xmrig/xmrig

Monroe Wallet Tool https://www.getmonero.org/downloads/#cli

Stratum protocol source code https://github.com/stratum/stratum

3. Monero active node distribution

The node locations of Monero blockchain are mainly distributed in China, the United States and Europe, and there are also a small number of distribution in other countries and regions. The distribution of nodes is related to the number of blockchain users in a country. The more blockchain nodes, the more users there are.

Monero node building 1. Monero Download

Source code download address:

https://github.com/monero-project/monolinux platform compiled program download: https://getmonero.org/downloads/https://downloads. getmonero.org/gui/linux64https://downloads.getmonero.org/cli/linux64 need to install the latest version to work properly, I originally tested version 0.13, now the latest version is version 0.17.

2. start

Use setsid ./ monerd Start Monero node initialization program, or use other node address to initialize node information../ monerod --bootstrap-daemon-address node.moneroworld.com:18089

This command refers to using the target node as the node for the specified synchronous data. It can be understood as master-slave replication, copying data from the target node to the local node.

3. Get other nodes Storage nodes

Monerod program comes with parameters to query network nodes. You can use bootstrap-daemon-address parameter to synchronize block data in remote nodes and data stored in other monero network nodes. Use--seed-node parameter and print_pl parameter to print out all stored network nodes synchronized to in string form. The following example is an example of network traffic.

./ monerod --seed-node test.com print_pl Get the parsed network node (note here that the target node information needs to be synchronized locally, i.e. step 2, so that the execution results). Monerod node program can only synchronize node data stored in one node at a time. In addition to synchronizing node data, other block data will be synchronized every time.

The following is the traffic data when querying nodes: the traffic data when connecting to other nodes for the first time. You can see that the response packet of the second time contains the data stored by other nodes. By parsing the returned results and querying again, you can obtain the IP and port of the whole network node.

Monero node detection 1. initial access node selection

A new Monero node needs to join the P2P network of the entire Monero node, and needs to connect with one or more other P2P nodes to integrate into the P2P network node. Monero network nodes mainly include direct connection type and hidden network type. Direct connection type refers to connecting directly using nodes, while hidden network type needs to use Tor or other proxy methods to connect.

Monero node core code is public on Github, Github project address is github.com/monero-project/monero, the latest version of Monero node project program default hard-coded configuration of 14 nodes IP, these nodes also belong to the entire Monero blockchain network core nodes.

The following is the IP information of the core nodes in the Monero project: The configuration of the nodes in the compiled program downloaded directly from other sources will be slightly different. This is the hard-coded address of the 24 nodes stored in the 0.16 version of the program downloaded from getmonero, and some of them coincide with the nodes above. 212.83.175.67:280805.9.100.248:28080163.172.182.165:28080195.154.123.123:28080212.83.172.165:28080192.110.160.146:28080162.210.173.150:38080162.210.173.151:38080192.110.160.146:38080107.152.130.98:18080212.83.175.67:180805.9.100.248:18080163.172.182.165:18080161.67.132.39:18080198.74.231.92:18080195.154.123.123:18080212.83.172.165:18080192.110.160.146:1808088.198.163.90:1808095.217.25.101:18080209.250.243.248:18080104.238.221.81:1808066.85.74.134:18080

In addition to default configuration nodes, trusted Monero nodes exposed by other platforms can also be used.

TOR remote nodes have the ability to hide the source IP to avoid being traced. The following are some TOR remote nodes that are exposed.

2. Crawl mode selection

If the queried node data contains the white flag, it indicates that it is an active node. If it is a gray flag, it indicates that there has been no interaction for a period of time and the open state cannot be determined. For node crawling, there are two ways. The first way is to remove duplication and crawl only white nodes. The second way is to crawl all nodes. Before crawling, judge whether the corresponding port of the node is open, and then crawl. The second crawling method takes a relatively long time to crawl, but the number of active nodes crawled is more.

3. implementation mode selection

Several ways to do this:

1. Use scanner to construct request packet full network probe.

2. Using script program to construct corresponding protocol probe packet to interact with corresponding node, then synchronously store node information, and then read node information one by one. The process of constructing corresponding protocol packet is complicated and needs long encoding time.

3. Use shell script, call monerod program with the function of reading remote node storage node information, store it locally, then continuously traverse IP list, and finally summarize the stored information.

From the coverage level, the number of nodes detected by mode 2 and mode 3 will be greater than the number of nodes detected by mode 1, because the ports of these nodes are not fixed ports, and the method of using scanner to detect the whole network cannot completely cover all ports, and the number of detections is less.

In terms of time invested, mode 3 is the least implemented.

I choose to use shell script for automatic crawling, read directly through monero node program, first need to prepare environment information, 1) install nc command;2) put monero node program in the accessible place of external network;3) generate a basic specific format monero node list file, monero_node1, inside the format example: 38 A+192.168.1.1 spaces, the following is all code:

4. detection result

As a result of the probe in May 2019, the total number of nodes is 15709. The total number of nodes includes open active nodes and inactive nodes that are not open. This information is the sum of the IPs connected to this node stored in all active nodes. The number of active nodes detected is 1812. Through the mapping analysis of the IP relationship stored between active nodes, all the information is sorted into node IP -> other IP stored by node IP, which is used to obtain the connection relationship between IPs. You can see that the big red origin in the figure below belongs to the main node of the Monero node. There are 35 IP addresses in total. In addition to the 14 configured in Monero source code, there are also 21 core nodes provided by different blockchain service providers.

5. Thinking about attack methods

You can come up with some attack methods against Monero according to the monero active node relationship graph. The corresponding attack methods can also be used in similar types of blockchains. The first two below are personal ideas, and the others are extracted from the Internet. If you have a new attack idea, you can also leave a comment in the comment area below.

Here are some examples of attack methods:

1) Mining computing power theft attack, by monitoring the relevant hash block submitted by monero mining in the network equipment, and submitting it to its designated core network node at the same time, as long as its network speed is fast enough, this hash block will be stolen. This is an attack against miners and mining pools.

2) Monero node access IP monitoring, weakening the concealment of Monero blockchain, you can know the access IP when all transactions occur, for those who are not using the platform and Tor hidden network users will be exposed, you can further analyze the identity of the connector through IP.

Eclipse attack: Eclipse attack is an attack against P2P networks. This attack method has little to do with consensus algorithms, theoretically speaking, it is effective for PoW, PoS, DbFT and other consensus algorithms, but it depends very much on the vulnerabilities of nodes in P2P network processing, so the implementation of attacks does not have universality.

5) 51% Hashtag Attack: 51% Hashtag Attack is one of the most famous attacks on blockchain. In a POW consensus blockchain network, computing power is power. When more than 50% of the computing power is controlled by one person, this person can cancel and block the transaction at will, thus realizing double spending. This attack is harder to implement in large networks and more likely to occur in small networks. There are similar age accumulation attacks and long-range attacks in POS consensus.

5) Ddos attack, distributed denial of service attack, can interact through Monroe P2P related protocols, so that the target node resources are exhausted, unable to handle other normal services, usually used in conjunction with other attack methods.

About how to use code to get Monero active node detection to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report