1/ Unconfirmed report on IRC of "a significant (400+) number of peers on the bitcoin p2p network that are currently engaging in a sybil attack. They pretend to be running various versions of Bitcoin software, but are not. They respond with compact blocks handshakes, pings and pongs, but never respond to headers, get blocks, or inventory messages."
2/ Unconfirmed report (continued): "The addr messages they push are stuffed with like-peers, and in general seem to be over-represented in outgoing connections of normal nodes. The current discovered peers are all on VPS hosts, carefully chosen to evade the logic which prevents connecting to multiple peers in the same /24. There's a sample of them here, representing GCE, AWS, DigitalOcean, and Hetzner."
@jon Thanks for alerting us to this.