As a partial answer, here is a list of reverse DNS lookups followed by their respective WHOIS owners:
- 107.152.130.98 > monero.cc > Riccardo Spagni
- 212.83.175.67 > poneytelecom.eu > Unknown
- 5.9.100.248 > your-server.de > Martin Hetzner
- 163.172.182.165 > scaleway.com > Unknown
- 161.67.132.39 > Unknown
- 198.74.231.92 > Unknown
- 195.154.123.123 > poneytelecom.eu > Unknown
- 212.83.172.165 > getmonero.org > Riccardo Spagni
However it looks like these are fallback IPs. Initial seeds are fetched from these addresses:
- seeds.moneroseeds.se > Unknown
- seeds.moneroseeds.ae.org > Riccardo Spagni
- seeds.moneroseeds.ch > Riccardo Spagni
- seeds.moneroseeds.li > Riccardo Spagni
Who controls them?
These core peers are hardcoded and thus only managed by several trusted persons by the core members, as Riccardo Spagni (among his 83+ DNS addresses). You'll see that at least 5 peers are owned by Riccardo Spagni and another one by Martin Hetzner (unknown to me, it is possible that this reverse DNS lookup is wrong). I don't think that someone will come forward and give a full list of names as the anonymity related to some IPs prevents a social engineered attack.
Who decides which IPs are added?
The core team. Any added IP would however be reviewed through the GitHub PR process preventing any unwanted ones from being inserted.
What would it take to get my node added to the list?
This won't be allowed as far as I know. These core peers are the backbone of Monero and must be managed by known people to the core team. These 8 IPs and 4 addresses guarantee a sane network and must be running 24/7. Allowing anyone to add their IP would make the network vulnerable to a hostile take-over.
To how many of them does my node connect (and when)?
Your node seems to try to have 12 connections.
For as far as I know the IPs are used as a fallback if you didn't reached the 12 seeds.
The connection is made upon initialisation. But here again, I might have mis-read the code.
How does Monero deal with BGP or similar attacks? Is the communication with these nodes authenticated?
Although I don't have a certain answer here, All these IPs and addresses are public as well as Monero's source code. I haven't been able to find any code specifying a special check which would mean that these kind of attacks are possible.
However, I don't see which effect they could have. All they would be able to do is block your transactions or fake your balance without having any definitive actions on your wallet. The signing process on Monero's transactions will prevent them form redirecting your funds. A more productive attack would be that an attacker fakes a website donation page and forces you to make a donation to his fraudulent address.
