dr|z3d
new network attack in play? seeing a significant increase in transit tunnels.
dr|z3d
plenty of tunnels, not a concomitant increase in data.. smells like attack.
eyedeekay
might be, I'm not seeing it yet here but maybe it's visible on one of my other machines...
dr|z3d
yeah, doesn't seem to be global
dr|z3d
not yet, anyways.
dr|z3d
I just noticed it, one minute, standard 4K tunnels, next minute (give or take), 20K.
dr|z3d
still rising.
dr|z3d
ixpaFr looks suspect. LU, and demanding a ton of tunnels.
dr|z3d
(37.120.16.101)
eyedeekay
No "instantly finding an insecure control panel" on that one so far
eyedeekay
"Tele Columbus" according to whois
dr|z3d
Yeah, german according to geoip.
dr|z3d
ok, it's not in germany anymore. now it's in Spain!
dr|z3d
and now in the US.
dr|z3d
oh, no, Germany again.
dr|z3d
now Slovakia.
dr|z3d
yeah, this one definitely looks suspect++
dr|z3d
was it mullvad that provides a vpn with a rapidly cycling ip list?
orignal
no I don't any increase
orignal
see
orignal
on my FF
dr|z3d
how many tunnels you hosting, origz?
orignal
you guys don't understandf
orignal
it's not one rouuter
orignal
bunch of routers with same address
orignal
Transit Tunnels: 11830
dr|z3d
same address, same routerinfo?
orignal
LU no IP right?
orignal
same keys
dr|z3d
no ip, single routerinfo.
orignal
i2pd bans such shit
orignal
detects and bans
dr|z3d
transport lookup sees the ip rapidly cycling.
eyedeekay
oh interesting orignal, how are you sure when you test? re: mullvad dr|zed yes they do, and it's even conveniently scriptable
orignal
easy
dr|z3d
pm, eyedeekay..
orignal
when I receive SessionConfimed
orignal
and if one in netdb is newer
orignal
I recognize such router as "multihomed"
orignal
and ban
eyedeekay
And presumably if one can successfully publish these multihomes they're in possession of the required private keys so you're only going to ban the asshole
eyedeekay
That makes sense
orignal
if (m_Address->published && m_RemoteEndpoint.address () != m_Address->host &&
orignal
(!m_RemoteEndpoint.address ().is_v6 () ||
orignal
memcmp (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), m_Address->host.to_v6 ().to_bytes ().data (), 8))) // temporary address
orignal
{
orignal
if (profile) // older router?
orignal
profile->Duplicated (); // mark router as duplicated in profile
orignal
the code
orignal
no I ban by ident
orignal
if (ri->GetTimestamp () + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri1->GetTimestamp ())
orignal
{
orignal
// received RouterInfo is older than one in netdb
orignal
profile = i2p::data::GetRouterProfile (ri->GetIdentHash ()); // retrieve profile
orignal
if (profile && profile->IsDuplicated ())
orignal
return false;
orignal
}
orignal
but you are right I check only those with published IP
orignal
need to extend to LU
orignal
by checking endpoints
orignal
but I told my this algorithm before previous release
eyedeekay
Yeah makes sense to me, if we don't have something similar I'll look into whether/how we can
T3s|4
noted on your 'no' follow-up, added your statement to /configlogging. Now I see many errors in two broad classes: 2024/08/30 05:57:51.117 DEBUG […obQueue 5/6] …SystemFacadeImpl: Country not found for IP address: 180.243.152.39 and 2024/08/30 06:00:21.485 DEBUG […obQueue 4/6] …SystemFacadeImpl: Cannot identify country for Router J1S9DJ ➜ IP address not found
T3s|4
dr|z3d: ^
dr|z3d
geoip says no, in other words.
dr|z3d
either because we don't have an ip for the router, or the geoip db doesn't know where the ip is from.
dr|z3d
we're doing the best we can to identify an ip address, which you may notice if you browse to 127.0.0.1:7657/netdb?caps=U
T3s|4
makes sense, but why would I see many more Unknowns than you?
T3s|4
have that caps=U link open
dr|z3d
if the routerinfo doesn't have a published ip address, we check the transports for a possible direct address.
dr|z3d
wouldn't put much store by the number of unknowns, that number will vary.
dr|z3d
takes around 90s for a newly acquired RI to be resolved, and the more U routers you have in your netdb, the more likely some of them won't resolve.
dr|z3d
also, there seems to be more crud than usual floating around the network.
dr|z3d
127.0.0.1:7657/netdb?c=xx is the other page you want to be looking at. you'll probably see a bunch of routers without an ip, direct or otherwise.
dr|z3d
so, I wouldn't worry about it. if I hadn't introduced an unknown netdb listing on /netdb you'd be none the wiser :)
dr|z3d
and my unknowns can vary from 100-400, largely dependent on the number of U routers.
dr|z3d
keep /netdb open for a while and you'll see the unknowns ebb and flow.. page auto-updates.
T3s|4
alright and thanks for the background dr|z3d - overall, if you don't think it's an important issue, neither do I :)
dr|z3d
not hugely important, no. it's good to know where routers are located, but we can't always know.
T3s|4
dr|z3d - sounds roughly analogous to the Heisenberg uncertainty principle :D
dr|z3d
T3s|4: yeah, something like that :)
GucciferZ
Thanks for giving me voice :)
dr|z3d
np, welcome to the channel.
dr|z3d
to anyone requesting voice with the request "gimme voice too", you'll need to do better.
orignal
dr|z3d please give voice to onon
dr|z3d
oh, he's one of yours, orignal? :)
orignal
yes
dr|z3d
you can award him voice, though he's not registered to nickserv.
orignal
one of i2pd deveopers
dr|z3d
ok, feel free to voice him.
dr|z3d
if he decides he wants to register to nickserv, we can make that automatic.
orignal
he will register
dr|z3d
ok
orignal
however
orignal
* [orignal] idle 00:00:57, signon: Thu Aug 29 19:31:32
orignal
more than 12 hours without disconnec
dr|z3d
bodes well.
orignal
his last change btw
orignal
in streaming
dr|z3d
could be, leaseset expiry.
orignal
finally
dr|z3d
the sweet smell of progress :)
orignal
I think more about sending acks
dr|z3d
could be, though failure to republish LS in time could also be the culprit.
onon_
The problem with leasesets in i2pd has not gone away yet
dr|z3d
welcome to #saltR, onon_
onon_
ty
orignal
is you have etsbalished stream you don't need to lookup for new LS
orignal
it comes automatically through the connection
orignal
he sits here for a long time ))
dr|z3d
yeah, but what if the LS has expired?
onon_
No, there is a problem with the streams.
orignal
then the question why is it?
onon_
Or session
orignal
if LS is expired when new one didn';t arrive
dr|z3d
zzz fixed that, though I'm still seeing the occasional failure to republish on +
orignal
yes, with timestamps
orignal
I have fixed too
dr|z3d
"welcome to #saltR" is shorthand for "welcome to #saltR now that you have voice and can speak in the channel" :)
dr|z3d
no other i2pd developers here that should be voiced, orignal?
orignal
not yes
orignal
*yet
dr|z3d
ok
orignal
I will let you know
dr|z3d
10-4
dr|z3d
do you throttle LS stores as FF on i2pd, orignal?
Hikari
Just wanted to let you know that I'm gonna have to turn off my i2p router, gotta cut cloud spend
orignal
no, why should I?
orignal
it's zero cpu usage vs. routers
dr|z3d
just asking, not suggesting you should.
dr|z3d
Hikari: sorry to hear that :(
dr|z3d
Hikari: maybe run a local instance?
dr|z3d
also, re cloud, if your current provider's taxing you too much for data, maybe have a look at incognet.
orignal
or use cheap VPS for $15/year
dr|z3d
incognet aren't expensive, their data limits are pretty generous, speeds are good, and they don't over-allocate unlike your average cheap vps.
orignal
the budget of my vps fleet is not more than 100 per year
dr|z3d
your fleet being how many?
StormyCloud
Hikari you could also look at my2.dataideas.com/index.php?rp=/store/amd-ryzen-kvm-vps-shared-cpu they are tor and I2P friendly
Hikari
it is more of a "my income stream just got cut to zero" thing than anything lol
orignal
it's a secret
orignal
StormyCloud usually hosters have nothing against i2p
dr|z3d
for 100$ a year, your fleet is probably more like a cohort of 2 or 3 :)
dr|z3d
Hikari: sorry to hear that, too. hopefully your income stream will return to normal asap.
dr|z3d
linode are fine with i2p.
orignal
more
dr|z3d
they're also totally fine with charging you for every MB you go over the limit.
StormyCloud
Hikari, how many are in your fleet. Ill spin up as many as you are shutting down
Hikari
just one
Hikari
the one I'm connected from
snex
run from home
dr|z3d
yeah, home router if you want to stay on the network.
orignal
well I also have 7 routers at home
dr|z3d
you can also host sites that you want available on clearnet, hikari, accessible over i2p and via i2phides.me
Hikari
see you next time space cowboys
dr|z3d
soon, Hikari o/
dr|z3d
Blinded message
dr|z3d
if you want to associate several nicks.