zzz
but would be a lot less accurate
dr|z3d
you could also use solid, semi-transparent colors to make it a bit easier to grok.
zzz
yeah its riotous but I like it
dr|z3d
:)
zzz
I don't run the network, but somehow it's my job to fix it ))
zzz
29035 lam824jtkYq4qTiZHT~TkdHoVTVRwnLghgFheZbgDhU=
dr|z3d
*whistles*
zzz
first seen 1/6, last seen early friday
zzz
missed opportunity, could have put him in the release
zzz
didn't think to check
dr|z3d
added to blocklist.txt here.
zzz
gah sybil ipv6 test is catching huge numbers of i2pd ::1
dr|z3d
not seeing that so much here: 10.00: Same IPv6 /48 with 20 others
dr|z3d
they're already banned anyway from the blocklist, so shouldn't be an issue.
zzz
Banned Peers (1190)
dr|z3d
how many known peers you got on that router?
zzz
but on my other router:
zzz
Banned Peers (105)
zzz
3K on the former; 6K on the latter
dr|z3d
does seem a little excessive, I mostly see 300-500.
dr|z3d
and that's including the occasional temp ban for transit abuse and hostile requests, which are few and far between these days.
dr|z3d
m0Y~ Temporary ban expiring in 19 min ➜ HostileTunnel Request (duplicate hops in chain)
zzz
bigly tagged his release 5 hours ago but he usually takes a little while before he rolls it out after that
zzz
here's the only ones I have over 100 throttles total since around the first of the year:
zzz
29035 lam824jtkYq4qTiZHT~TkdHoVTVRwnLghgFheZbgDhU=]:
zzz
1269 nqQXlzYA0~RbTlhybxxK~NhalQZe7K3ag--ivGTDiXk=]:
zzz
141 mWwdtKBsGDK39eL3RPWJMtkFY3x7eEH77lkUFtuqKQw=]:
zzz
124 04ttr9V01Vjv-J38dZBSn3I6Gd75PjU2UKtrDJBKjtc=]:
zzz
112 8aACMxq-X~C7mQJMv7RSvdnY0WtLn96-7PnrOsZPEEY=]:
zzz
the #2 guy looks legit
dr|z3d
only the first one is flagrantly abusive.
zzz
yup
zzz
100 throttles isn't much in two weeks
dr|z3d
I allow more latitude for (iirc) O,P and X tiers.
zzz
2nd is XfR
dr|z3d
L,M,N otoh get shorter shrift.
dr|z3d
oh, and unreachable.
dr|z3d
I don't care if you're Xf, if you're unreachable you're on a short leash :)
zzz
it's hopeless whac a mole if it's prestium
zzz
so let's pray for saint bigly to save us
dr|z3d
that's why a temp ban of 1/2 hour isn't a bad idea.
dr|z3d
really seems to help with reducing total part tunnels on the router when there are demand spikes.
dr|z3d
I've relaxed the overage before ban, so not seeing too many now. Most routers seem to get that when they're being rejected repeatedly they need to go elsewhere.
dr|z3d
> Rejecting tunnel requests from [J7tM9r] ➜ High number of requests (Count / limit: 15 / 8 in 220s)
zzz
fyi lam824 was at 223.167.199.60
dr|z3d
CHINA UNICOM Shanghai city network
zzz
nice place, was there 20 years ago :)
dr|z3d
:)
zzz
dr|z3d, you have any way to see who's behind this burst, or does your auto-banning make it impossible?
dr|z3d
I can have a look, couple of routers running with throttle/ban.
dr|z3d
*without
dr|z3d
might need more uptime on the router in question, but for starters, CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg= looks like it's top of the list (XR)
dr|z3d_
> might need more uptime on the router in question, but for starters, CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg= looks like it's top of the list (XR)
dr|z3d_
> that's 191/2800 part tunnels currently, zzz. about 3 times the amount of the nearest router.
dr|z3d_
> this one also looks dodgy @ 60 tunnels (LU) -> DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI=
dr|z3d_
> again, that's 3* the tunnels of the next in the list.
dr|z3d_
> the LU appears to be lacking addresses and introducers. maybe that's a sign?
dr|z3d
>> I can have a look, couple of routers running without throttle/ban.
dr|z3d
DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI= also looks a bit hungry, 48 tunnels (LU), no introducers.
zzz
both of those we already banned in the last batch
zzz
maybe obscuratus can check for new ones
dr|z3d
I figured that might be the case.
dr|z3d
nothing else jumps out on this unthrottled router right now.
dr|z3d
well, aside from the 5MB/s -> 750K/s transition over the course of a couple of minutes.
dr|z3d
router in question running with both throttle and blocklist disabled. canary in the mineshaft.
lbt
What are these about? WARN [ Establisher] ter.transport.udp.UDPTransport: The router [Hash: XXXX] told us we have an invalid port YYYY, check NAT/firewall configuration, the IANA recommended dynamic outside port range is 49152-65535
dr|z3d
you're probably using a prohibited or low port, lbt?
lbt
We port I defined is not the port reported there, is what I checked
lbt
The
lbt
And 10k+ - wasn't below defined as "low"?
dr|z3d
if your port's above 49142, maybe that's why the router is complaining.
dr|z3d
try setting it between 10 and 30K
dr|z3d
if it's already set to around about there, the remote router's got it wrong.
lbt
It is between those. And ya, define prohibited - I'm not running another service there if that's what you ask. It's also 1 single message of this type
dr|z3d
git.idk.i2p/i2p-hackers/i2p.i2p/-/blob/a4220f7bc62dea14c4a7c373b43cb82b595f4f85/router/java/src/net/i2p/router/transport/TransportUtil.java around line 336.
dr|z3d
or line 300.
lbt
Mine is none of those
dr|z3d
probably safe to ignore then.
dr|z3d
unless the remote router's doing something intentionally dodgy. unlikely.
dr|z3d
(but not impossible)
lbt
I was wondering if they can "easily" provoke logging and then make that a billion times or so ;)
obscuratus
My participating tunnel count has also climbed up today, but I'm not seeing any routers stand out as culprits.
obscuratus
But, the high number of LU routers is noticeable.
zzz
ok, thanks
obscuratus
617 LU routers in my NetDB
zzz
yup, 95% i2pd
zzz
80% 0.9.56