orignal
btw, did anybody check if shit is coming as DatabaseStore or as Garlic?
dr|z3d
IterativeLookup ➜ DbSearchReplyMsg from unqueried peer from [MVEnLH] for key [YkbDZ~]
dr|z3d
starting to see more of those.
dr|z3d
IterativeLookup ➜ DbSearchReplyMsg from unqueried peer from [bmYlGU] for key [vRY~o8]
dr|z3d
orignal: that ^ appears to be one method to inject shit into the netdb.
dr|z3d
(or try to)
dr|z3d
java i2p ignores the request.
zzz
search fixes pushed
zzz
I think I have things under control on stats.i2p's router, graphs coming back down, 75% client build success, 25% expl. build success
orignal
zzz what do you think about signatures of DatabaseStore?
zzz
orignal, interesting idea, but:
zzz
- as I said the other day, there is no "expected source" of a DSM. It is legal to send DSMs through tunnels
orignal
yes
orignal
but not flood
orignal
right?
zzz
- What's unstated is this is actually an elaborate pgp-like web-of-trust scheme. How do I know whether to sign a DSM? How do I know what signatures to accept?
orignal
you must flood directly
zzz
we'd have to define and maintain a trust hierarchy
orignal
so
orignal
we have two cases
zzz
correct, floods are direct
orignal
I create DSR with own RI
orignal
I don't sign
orignal
2. I create DSR with someone else's RI. I sign
orignal
pretty easy
orignal
right now I see only one case for 2.
orignal
but later mught be more
zzz
How do I know what signatures to accept?
orignal
if it's flood it must be direct
orignal
I use public key of peer where it come from
zzz
I'm very confused
zzz
floodfills would sign when they flood?
orignal
if signature doesn't match it means that DSM didn't come from flooding router
orignal
but though OBEP on it
zzz
but you know who your DHT neighbor floodfills are already. They don't need to sign. You know who they are
orignal
yes
orignal
they sign only when they flood
orignal
they sign the fact they recived RI to flood
orignal
see the secnario
orignal
I receive RI with floodfill
orignal
and from another floodfill
orignal
how do I know if it's flood or from ir's OBEP?
zzz
if it's from a DHT neighbor or not
zzz
if the stored RI is in your keyspace or not
orignal
an adrvesray can pick OBEP for neighbourhood
orignal
that's the problem
orignal
ofc RI in my keyspace but fake
zzz
that's a lot of trouble, easier to just send it to floodfill and ask him to flood
zzz
none of this stops regular DSMs sent to floodfills with reply token
orignal
what with reply token?
orignal
if an adesray send someone else's floodfill we should reject
orignal
that floodfill should reject rather than flood further
zzz
no just a normal store of my RI to a floodfill, with reply token (i.e. requesting flood)
orignal
we are not talking about normal RI, only floodfills
zzz
you mean this is only about when the RI is a floodfill RI?
orignal
the attack is about floodfills not regular RIs
orignal
fake regular RI could be eliminated easier
orignal
our gial is to stop flow of fake floodfiils
zzz
so I create a fake ff RI, send it to a ff with a reply token, the ff signs it and sends it to your ff
zzz
how does signing help?
orignal
you send fake FF, recognizes that it came from connection with another peer
orignal
and if no signature or signature failed it drops it
orignal
and doesn't flood
orignal
it signs it and flood if it's received directly
zzz
sending DSM via a tunnel to a ff is legal, there is no "expected source", see my first comment above
orignal
then we should make it illegal
orignal
FF must talk to other FF only directly. preiod
orignal
I don't see a case when it's worth
orignal
beside number of connection
orignal
but not so many floodfills
dr|z3d
we don't allow it, request gets ignored.
dr|z3d
re above.
orignal
you are back
orignal
please exaplian what you mean
zzz
it's to minimize connections, and allow storage to incompatible ffs
orignal
what is "imcompatible FF"?
zzz
if you are ipv6-only how would you store to a ipv4-only ff?
orignal
all or them must be reachbale by ipv4
orignal
I can't be ipv6-only floodfill
zzz
vice versa
orignal
all floodfills are ipv4
orignal
and they can reach each other directly
zzz
then ntcp-only vs ssu2-only
zzz
or connection limits
dr|z3d
router sends unsolicted dbstore search reply to a query we never sent.
zzz
we cannot make stores-thru-tunnels illegal
orignal
agree
orignal
we can make it illigal if direct connection is possible
orignal
dr|z3d thnks. let me check
orignal
it this case an adversary can attack only fllodfilld without full set of addresses
zzz
so the attacker is a real ff, blasting out to all ffs, signing everything
zzz
signing sounds like a complex solution to a simple problem
dr|z3d
sorry, I responded with an unsolicited response, I'll step back :)
dr|z3d
network flake :|
orignal
if attacker is real FF it's another attack
orignal
and another model
orignal
dr|z3d yes I see what you mean
orignal
and I will check what we do with unsolicited replies
orignal
if attacker has real floodfill and keep flooding fakes it will be recinized quickly
orignal
right now he sits behund Tor and throw his shoit through tuunels
dr|z3d
router's hosted on a tor ip?
dr|z3d
or rather, routers are hosted on tor ips?
orignal
their routers are connected through Tor
orignal
or whatever
orignal
they are always Firewalled
dr|z3d
so, why not make connections over Tor illegal? Just an idea. We do that already.
orignal
yes, that was my idea year ago
dr|z3d
I saw "we" when I mean I2P+
orignal
byut many people are againt it
orignal
because many people use Tor to connect to i2p
dr|z3d
who cares? we're talking about network health, which trumps everything else.
dr|z3d
running routers over Tor just adds latency and unrealiability to the network. there's no benefit to the network.
orignal
up to zzz then
dr|z3d
and if allowing connections via Tor is giving the attacker cover, then it's one thing we can target.
snex
dr|z3d: maybe this is the reason i2p+ users are all saying nothing looks amiss?
zzz
let me finish up with idk in -dev and then I'll be back
orignal
no problem
dr|z3d
snex: not entirely, but it probably doesn't hurt.
dr|z3d
snex: if the i2p+ users you're talking to are saying nothing looks amiss, then they're not paying much attention :)
dr|z3d
build tunnel success appears to be ok, but the number of banned peers should be way up.
snex
my tun suc % has consistently been around 70% and banned is 1800
dr|z3d
1800, or 18000?
snex
1800
snex
unless you are cutting digits off in the ui
dr|z3d
interesting. are you running as a floodfill?
snex
no
dr|z3d
ah.
dr|z3d
if you run as a floodfill then your view will be different.
snex
why would normal users do that?
dr|z3d
run as a floodfill?
snex
right
dr|z3d
there is no "normal", there's just allocated bandwidth and firewall status. fast routers will get opted in over time.
dr|z3d
of course you can force floodfill status if you want to, but normally it's sufficient just to let the router decide.
snex
if my router is deciding not to be a ff when i have gigabit fiber, its weird that some of the people here on irc would have their routers trying to ff
snex
i capped my bw at 3MB/3MB/80%
dr|z3d
how many floodfills is the console reporting?
snex
798
dr|z3d
I think I added some extra logging to indicate when/why you're opted in as a floodfill, let's see if I can find out which knob you need to tweak.
not_bob
Things are better on I2P+, but it's still not great.
not_bob
Less than good mostly.
dr|z3d
add this line to /configlogging, snex: net.i2p.router.networkdb.kademlia.FloodfillMonitorJob=INFO
snex
ok
dr|z3d
that should give you a regular report on whether or not you're being recruited as a floodfill, and why/why not.