IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/08/30
dr|z3d new network attack in play? seeing a significant increase in transit tunnels.
dr|z3d plenty of tunnels, not a concomitant increase in data.. smells like attack.
eyedeekay might be, I'm not seeing it yet here but maybe it's visible on one of my other machines...
dr|z3d yeah, doesn't seem to be global
dr|z3d not yet, anyways.
dr|z3d I just noticed it, one minute, standard 4K tunnels, next minute (give or take), 20K.
dr|z3d still rising.
dr|z3d ixpaFr looks suspect. LU, and demanding a ton of tunnels.
dr|z3d (37.120.16.101)
eyedeekay No "instantly finding an insecure control panel" on that one so far
eyedeekay "Tele Columbus" according to whois
dr|z3d Yeah, german according to geoip.
dr|z3d ok, it's not in germany anymore. now it's in Spain!
dr|z3d and now in the US.
dr|z3d oh, no, Germany again.
dr|z3d now Slovakia.
dr|z3d yeah, this one definitely looks suspect++
dr|z3d was it mullvad that provides a vpn with a rapidly cycling ip list?
orignal no I don't any increase
orignal on my FF
dr|z3d how many tunnels you hosting, origz?
orignal you guys don't understandf
orignal it's not one rouuter
orignal bunch of routers with same address
orignal Transit Tunnels: 11830
dr|z3d same address, same routerinfo?
orignal LU no IP right?
orignal same keys
dr|z3d no ip, single routerinfo.
orignal i2pd bans such shit
orignal detects and bans
dr|z3d transport lookup sees the ip rapidly cycling.
eyedeekay oh interesting orignal, how are you sure when you test? re: mullvad dr|zed yes they do, and it's even conveniently scriptable
dr|z3d pm, eyedeekay..
orignal when I receive SessionConfimed
orignal and if one in netdb is newer
orignal I recognize such router as "multihomed"
orignal and ban
eyedeekay And presumably if one can successfully publish these multihomes they're in possession of the required private keys so you're only going to ban the asshole
eyedeekay That makes sense
orignal if (m_Address->published && m_RemoteEndpoint.address () != m_Address->host &&
orignal (!m_RemoteEndpoint.address ().is_v6 () ||
orignal memcmp (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), m_Address->host.to_v6 ().to_bytes ().data (), 8))) // temporary address
orignal if (profile) // older router?
orignal profile->Duplicated (); // mark router as duplicated in profile
orignal the code
orignal no I ban by ident
orignal if (ri->GetTimestamp () + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri1->GetTimestamp ())
orignal // received RouterInfo is older than one in netdb
orignal profile = i2p::data::GetRouterProfile (ri->GetIdentHash ()); // retrieve profile
orignal if (profile && profile->IsDuplicated ())
orignal return false;
orignal but you are right I check only those with published IP
orignal need to extend to LU
orignal by checking endpoints
orignal but I told my this algorithm before previous release
eyedeekay Yeah makes sense to me, if we don't have something similar I'll look into whether/how we can
T3s|4 noted on your 'no' follow-up, added your statement to /configlogging. Now I see many errors in two broad classes: 2024/08/30 05:57:51.117 DEBUG […obQueue 5/6] …SystemFacadeImpl: Country not found for IP address: 180.243.152.39 and 2024/08/30 06:00:21.485 DEBUG […obQueue 4/6] …SystemFacadeImpl: Cannot identify country for Router J1S9DJ ➜ IP address not found
T3s|4 dr|z3d: ^
dr|z3d geoip says no, in other words.
dr|z3d either because we don't have an ip for the router, or the geoip db doesn't know where the ip is from.
dr|z3d we're doing the best we can to identify an ip address, which you may notice if you browse to 127.0.0.1:7657/netdb?caps=U
T3s|4 makes sense, but why would I see many more Unknowns than you?
T3s|4 have that caps=U link open
dr|z3d if the routerinfo doesn't have a published ip address, we check the transports for a possible direct address.
dr|z3d wouldn't put much store by the number of unknowns, that number will vary.
dr|z3d takes around 90s for a newly acquired RI to be resolved, and the more U routers you have in your netdb, the more likely some of them won't resolve.
dr|z3d also, there seems to be more crud than usual floating around the network.
dr|z3d 127.0.0.1:7657/netdb?c=xx is the other page you want to be looking at. you'll probably see a bunch of routers without an ip, direct or otherwise.
dr|z3d so, I wouldn't worry about it. if I hadn't introduced an unknown netdb listing on /netdb you'd be none the wiser :)
dr|z3d and my unknowns can vary from 100-400, largely dependent on the number of U routers.
dr|z3d keep /netdb open for a while and you'll see the unknowns ebb and flow.. page auto-updates.
T3s|4 alright and thanks for the background dr|z3d - overall, if you don't think it's an important issue, neither do I :)
dr|z3d not hugely important, no. it's good to know where routers are located, but we can't always know.
T3s|4 dr|z3d - sounds roughly analogous to the Heisenberg uncertainty principle :D
dr|z3d T3s|4: yeah, something like that :)
GucciferZ Thanks for giving me voice :)
dr|z3d np, welcome to the channel.
dr|z3d to anyone requesting voice with the request "gimme voice too", you'll need to do better.
orignal dr|z3d please give voice to onon
dr|z3d oh, he's one of yours, orignal? :)
dr|z3d you can award him voice, though he's not registered to nickserv.
orignal one of i2pd deveopers
dr|z3d ok, feel free to voice him.
dr|z3d if he decides he wants to register to nickserv, we can make that automatic.
orignal he will register
orignal however
orignal * [orignal] idle 00:00:57, signon: Thu Aug 29 19:31:32
orignal more than 12 hours without disconnec
dr|z3d bodes well.
orignal his last change btw
orignal in streaming
dr|z3d could be, leaseset expiry.
orignal finally
dr|z3d the sweet smell of progress :)
orignal I think more about sending acks
dr|z3d could be, though failure to republish LS in time could also be the culprit.
onon_ The problem with leasesets in i2pd has not gone away yet
dr|z3d welcome to #saltR, onon_
orignal is you have etsbalished stream you don't need to lookup for new LS
orignal it comes automatically through the connection
orignal he sits here for a long time ))
dr|z3d yeah, but what if the LS has expired?
onon_ No, there is a problem with the streams.
orignal then the question why is it?
onon_ Or session
orignal if LS is expired when new one didn';t arrive
dr|z3d zzz fixed that, though I'm still seeing the occasional failure to republish on +
orignal yes, with timestamps
orignal I have fixed too
dr|z3d "welcome to #saltR" is shorthand for "welcome to #saltR now that you have voice and can speak in the channel" :)
dr|z3d no other i2pd developers here that should be voiced, orignal?
orignal not yes
orignal I will let you know
dr|z3d do you throttle LS stores as FF on i2pd, orignal?
Hikari Just wanted to let you know that I'm gonna have to turn off my i2p router, gotta cut cloud spend
orignal no, why should I?
orignal it's zero cpu usage vs. routers
dr|z3d just asking, not suggesting you should.
dr|z3d Hikari: sorry to hear that :(
dr|z3d Hikari: maybe run a local instance?
dr|z3d also, re cloud, if your current provider's taxing you too much for data, maybe have a look at incognet.
orignal or use cheap VPS for $15/year
dr|z3d incognet aren't expensive, their data limits are pretty generous, speeds are good, and they don't over-allocate unlike your average cheap vps.
orignal the budget of my vps fleet is not more than 100 per year
dr|z3d your fleet being how many?
StormyCloud Hikari you could also look at my2.dataideas.com/index.php?rp=/store/amd-ryzen-kvm-vps-shared-cpu they are tor and I2P friendly
Hikari it is more of a "my income stream just got cut to zero" thing than anything lol
orignal it's a secret
orignal StormyCloud usually hosters have nothing against i2p
dr|z3d for 100$ a year, your fleet is probably more like a cohort of 2 or 3 :)
dr|z3d Hikari: sorry to hear that, too. hopefully your income stream will return to normal asap.
dr|z3d linode are fine with i2p.
dr|z3d they're also totally fine with charging you for every MB you go over the limit.
StormyCloud Hikari, how many are in your fleet. Ill spin up as many as you are shutting down
Hikari just one
Hikari the one I'm connected from
snex run from home
dr|z3d yeah, home router if you want to stay on the network.
orignal well I also have 7 routers at home
dr|z3d you can also host sites that you want available on clearnet, hikari, accessible over i2p and via i2phides.me
Hikari see you next time space cowboys
dr|z3d soon, Hikari o/
dr|z3d Blinded message
dr|z3d if you want to associate several nicks.