Thanks for all the information, and apologies for being late in my replies!
Thanks for the fingerprinting / topology inference references - I checked them out plus some other ones (Biryukov et al., Miller et al., Neudecker et al., Grundmann et al.). I agree, a network attacker like the one I describe would benefit from doing some “homework” before targeting a node by figuring out its networks and its direct neighbors. Btw I was looking into TxProbe but have not been able to figure out if it has been mitigated / patched out. Please let me know if you have any clues.
To make the threat model more complete and work on relevant mitigations, I am making a list of specific attacks one could do (e.g targeting mining pool gateways to suppress blocks). Let me know if you have any thoughts on such examples.
Thank you for the links! These all seem interesting. I would be happy to help develop written / workshop material on this topic.
This is a good point. I’ll look more into what is relevant to Lightning in particular.
That’s a good idea. I have some tools that I wrote for carrying out this research which can be repurposed for informing node operators of their circumstances and how to go about tightening their network security from a routing perspective.