IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/01/15
zzz but would be a lot less accurate
dr|z3d you could also use solid, semi-transparent colors to make it a bit easier to grok.
zzz yeah its riotous but I like it
zzz I don't run the network, but somehow it's my job to fix it ))
zzz 29035 lam824jtkYq4qTiZHT~TkdHoVTVRwnLghgFheZbgDhU=
dr|z3d *whistles*
zzz first seen 1/6, last seen early friday
zzz missed opportunity, could have put him in the release
zzz didn't think to check
dr|z3d added to blocklist.txt here.
zzz gah sybil ipv6 test is catching huge numbers of i2pd ::1
dr|z3d not seeing that so much here: 10.00: Same IPv6 /48 with 20 others
dr|z3d they're already banned anyway from the blocklist, so shouldn't be an issue.
zzz Banned Peers (1190)
dr|z3d how many known peers you got on that router?
zzz but on my other router:
zzz Banned Peers (105)
zzz 3K on the former; 6K on the latter
dr|z3d does seem a little excessive, I mostly see 300-500.
dr|z3d and that's including the occasional temp ban for transit abuse and hostile requests, which are few and far between these days.
dr|z3d m0Y~ Temporary ban expiring in 19 min ➜ HostileTunnel Request (duplicate hops in chain)
zzz bigly tagged his release 5 hours ago but he usually takes a little while before he rolls it out after that
zzz here's the only ones I have over 100 throttles total since around the first of the year:
zzz 29035 lam824jtkYq4qTiZHT~TkdHoVTVRwnLghgFheZbgDhU=]:
zzz 1269 nqQXlzYA0~RbTlhybxxK~NhalQZe7K3ag--ivGTDiXk=]:
zzz 141 mWwdtKBsGDK39eL3RPWJMtkFY3x7eEH77lkUFtuqKQw=]:
zzz 124 04ttr9V01Vjv-J38dZBSn3I6Gd75PjU2UKtrDJBKjtc=]:
zzz 112 8aACMxq-X~C7mQJMv7RSvdnY0WtLn96-7PnrOsZPEEY=]:
zzz the #2 guy looks legit
dr|z3d only the first one is flagrantly abusive.
zzz yup
zzz 100 throttles isn't much in two weeks
dr|z3d I allow more latitude for (iirc) O,P and X tiers.
zzz 2nd is XfR
dr|z3d L,M,N otoh get shorter shrift.
dr|z3d oh, and unreachable.
dr|z3d I don't care if you're Xf, if you're unreachable you're on a short leash :)
zzz it's hopeless whac a mole if it's prestium
zzz so let's pray for saint bigly to save us
dr|z3d that's why a temp ban of 1/2 hour isn't a bad idea.
dr|z3d really seems to help with reducing total part tunnels on the router when there are demand spikes.
dr|z3d I've relaxed the overage before ban, so not seeing too many now. Most routers seem to get that when they're being rejected repeatedly they need to go elsewhere.
dr|z3d > Rejecting tunnel requests from [J7tM9r] ➜ High number of requests (Count / limit: 15 / 8 in 220s)
zzz fyi lam824 was at 223.167.199.60
dr|z3d CHINA UNICOM Shanghai city network
zzz nice place, was there 20 years ago :)
zzz dr|z3d, you have any way to see who's behind this burst, or does your auto-banning make it impossible?
dr|z3d I can have a look, couple of routers running with throttle/ban.
dr|z3d *without
dr|z3d might need more uptime on the router in question, but for starters, CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg= looks like it's top of the list (XR)
dr|z3d_ > might need more uptime on the router in question, but for starters, CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg= looks like it's top of the list (XR)
dr|z3d_ > that's 191/2800 part tunnels currently, zzz. about 3 times the amount of the nearest router.
dr|z3d_ > this one also looks dodgy @ 60 tunnels (LU) -> DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI=
dr|z3d_ > again, that's 3* the tunnels of the next in the list.
dr|z3d_ > the LU appears to be lacking addresses and introducers. maybe that's a sign?
dr|z3d >> I can have a look, couple of routers running without throttle/ban.
dr|z3d DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI= also looks a bit hungry, 48 tunnels (LU), no introducers.
zzz both of those we already banned in the last batch
zzz maybe obscuratus can check for new ones
dr|z3d I figured that might be the case.
dr|z3d nothing else jumps out on this unthrottled router right now.
dr|z3d well, aside from the 5MB/s -> 750K/s transition over the course of a couple of minutes.
dr|z3d router in question running with both throttle and blocklist disabled. canary in the mineshaft.
lbt What are these about? WARN [ Establisher] ter.transport.udp.UDPTransport: The router [Hash: XXXX] told us we have an invalid port YYYY, check NAT/firewall configuration, the IANA recommended dynamic outside port range is 49152-65535
dr|z3d you're probably using a prohibited or low port, lbt?
lbt We port I defined is not the port reported there, is what I checked
lbt The
lbt And 10k+ - wasn't below defined as "low"?
dr|z3d if your port's above 49142, maybe that's why the router is complaining.
dr|z3d try setting it between 10 and 30K
dr|z3d if it's already set to around about there, the remote router's got it wrong.
lbt It is between those. And ya, define prohibited - I'm not running another service there if that's what you ask. It's also 1 single message of this type
dr|z3d or line 300.
lbt Mine is none of those
dr|z3d probably safe to ignore then.
dr|z3d unless the remote router's doing something intentionally dodgy. unlikely.
dr|z3d (but not impossible)
lbt I was wondering if they can "easily" provoke logging and then make that a billion times or so ;)
obscuratus My participating tunnel count has also climbed up today, but I'm not seeing any routers stand out as culprits.
obscuratus But, the high number of LU routers is noticeable.
zzz ok, thanks
obscuratus 617 LU routers in my NetDB
zzz yup, 95% i2pd
zzz 80% 0.9.56