#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

dr|z3d last spike detected around 10pm UTC.

dr|z3d as for a U limit per ip, that's up to you.

dr|z3d another spike happening round about now.

dr|z3d so, no, if the elevated bandwidth is indeed indicative of an attack, then no, we're not out of the woods yet.

snex its probably trivial to root one of these IPs and just look directly at what theyre doing

dr|z3d build a web interface, put it on a site..

uop23ip is a tunnel in general bw limited?

dr|z3d or if you're feeling adventurous, one of those plugin things :)

dr|z3d as for "probably trivial", if it was trivial to identify behavior profiles for malicious routers, we'd have something in the console by now.

dr|z3d a tunnel is always constrained by the slowest router in the chain.

dr|z3d there's also a theoretical maximum per tunnel that's capped at 8MB/s iirc. might be wrong on the numbers there.

uop23ip i ask bc these bw spikes do not correlate or just weak to tunnel count. At least for my graphs.

snex im saying these specific ones, given how theyre running old ass windows with clearly compromised software

uop23ip to have a high transit (tunnel) bw demand on my router, there have to be high bw router behind or/and in front of mine in the chain (and the tunnel creator has to be high bw,too). Correct?

uop23ip if so, could it be that someone use the X only option, builds massive X-X-X tunnels and have this spike effect?

orignal sometimes I run 20+ on the same IP

fox ah this is where everyone went

not_bob Yes

fox huh i don't remember a bob

fox *** pokes RN with a stick ***

not_bob_afk I've been here for years.

fox psi still around or did we trade him for z3d permenantly

not_bob_afk z3d is still around. I can't say for psi.

not_bob_afk Right dr|z3d?

fox z3d's dead baby

not_bob_afk I know nothing of that.

fox or maybe Jeff's dead. He was going pretty coocoo for coco puffs last i heard

fox itsjustme_: which nick is maidenboi now?

RN fox, aloha

fox hello nurse. hope you saw the island before it burned

RN I'll never tell

RN ;)

RN havent seen the multinamed user formerly known as maidenboi in a long time

T3s|4 ^same here

fox yeah he was here last time i was by chance and i forgot to save that vm before i shutdown

RN oops

RN LOL

RN I like to be prompted

fox *** was several dabs deep ***

RN hehe

fox itsjustme_: you best vote. otherwise you're going to camp with peter theil

dr|z3d uop23ip: no.

dr|z3d just having a few X-X-X tunnels isn't going to cause a network-wide spike in traffic.

zzz maybe the 2nd or 3rd deadlock found by the detector? not bad

zzz dr|z3d, you have an analysis/recommendation for the fix?

dr|z3d nothing, zzz, sorry. I don't really know how to attack deadlocks.

zzz carefully...

dr|z3d I defer to your scalpel :)

zzz thread 0 is innoncent

zzz have to pick either thread 1 or 2 path to fix

zzz I see how to fix 1 but that may not be right

uop23ip ok that's good to hear dr|z3d , but what about a 500 XU router bot net with onlyX option enabled, controlled over i2p, torrenting to eachother. At start tunnel number up, stays and the bw comes into play, then stop after some time?

dr|z3d I don't know what you're asking, uop23ip

orignal XU routers might not be a botnet, just idiots

orignal because another idiots susggest to set X "because it works faster"

orignal as reasult they can't handle real traffic

orignal because sit on mobile devices

dr|z3d sure, or they could be part of the botnet with a less permissive / inaccessible firewall.

orignal let me explain what we see

orignal we build a tunnel say though X routers

orignal than start transferring heavy traffic like youtube video

orignal and after a minute tunnels dies

orignal because an intremdeiate router can't make it

orignal because a monkey declared it as X while it was not

dr|z3d sure, also possible.

dr|z3d if you look at the chinese botnet, they're all X tier, 0.9.58. It's not clear that they're all bona fide X tier.

uop23ip Just checking if my thinking is correct and if a scenario would fit the bw spikes. Could be totally wrong ofc :)

uop23ip like this: massive coordinated XU-X-X-X-XU, XU-X-(me here seeing in/out high bw traffic)-X-XU.

dr|z3d it's a ton of routers with high bandwidth traffic. don't overthink it.

orignal X-XU-X how i2pd builds tunnels

orignal not two U in row

orignal because both might be symmetriuc NAT

zzz re: sym nat G cap, is it a bad idea or not? github.com/PurpleI2P/i2pd/commit/ec4fe9a1e680e677b94fab21c7febd8151478ab4

orignal but you said you do it now

orignal for me it's just a workaround

orignal better to publish sepaate cap in address

zzz yeah, but I think you said "maybe" it's a bad idea, so I wondered if you decided it's a good idea or what

orignal I have decided to do the same way as you until we start publishing in SSU2 caps

zzz I'm not sure that's a good idea )) if you're symmetric nat, you're almost certainly symmetric nat for TCP also, right?

orignal but why do you care about TCP?

orignal you are Firealled and can only make outgoing connections

zzz true. but it's more efficient to look in the RI caps than iterate through all the addresses looking for a cap

orignal problem is not SSU2/NTCP2

orignal problem is ipv4/ipv6

orignal ipv4 can be symm NAT and ipv6 not

zzz hmm

orignal you know my position I would also remove R and U caps

orignal they are just nothing but mess

dr|z3d or introduce a 3rd connectivity cap, "V" for volatile, ie neither R nor U.

orignal guys sorry but R and U is per netwrok not per router

zzz a little messy, like a lot of things in this 20 year old project, but extremely useful and efficient in our code.

orignal i2pd doesn't use these caps at all

orignal and published it for Java

orignal we always rely on what's inside addresses

orignal so back to G I can revert this commit

orignal my point was

onon Do you think my opinion on this issue will be of interest to anyone here?

orignal symm NAT is usually for moobile network users

orignal and they are nothning ut troubles

onon Regarding symmetric nat

zzz well, I think G for sym. nat was a good idea, that's why I did it

orignal everybody's opinion matter

orignal my reason was mobile network users

zzz agreed sym nat is trouble ))

onon Well, I think zzz is wrong on this issue.

orignal that should be exaluded from tunnels

orignal maybe we should D as a compromise?

onon Publishing G for symmetric is a bad idea

orignal like "I'm not a good router. Be aware and trey to avoid me if you can"

orignal your arguments?

onon Because the number of routers with symmetrical makes up a significant part of the network

onon And these are not always mobile routers.

onon A large number of "wired" providers use this technology.

onon The only problem with symmetric is that they cannot establish SSU connection with two types of NAT.

orignal only in Russia I think

zzz dont know what you consider 'significant' but I see < 1%; show us your data

orignal zzz how do you know is U router is symm NAT?

orignal by peer test msg 6 ?

orignal as for me I see synn nat in 2 cases

orignal double NAT or mobile netwrok

orignal for me both are troublemakers

onon Tell us how you got this result < 1%

onon I think this is far from reality.

orignal afaik for msg 6 or msg 7

zzz ~30 routers / 4000 in netdb with G cap, but not all are sym nat, but some are i2pd or old java that don't publish G, so that kinda cancels out, roughly < 1%

orignal you can see if Chrlie is symm nat or not

zzz but I don't have stats for that

zzz still awating the stats for 'significant'

orignal we can collect stats from peer test

onon ewk6oorlm4hov5dufwf5zyrj5zrxt7kfztkzw6ocwmnlv3xqtyja.b32.i2p/og0m2hawerjjdabsr43zwygz_cy.jpeg

onon I took the information from here

onon These are statistics of users of one very large Internet service.

onon Yes, I have transferred these values to i2p users. And I believe that the distribution will not differ much.

orignal so what if we change G to D?

zzz why

orignal because G means that router doesn't accept any tunnels

orignal D says it accept partically

onon We are making i2p for regular users. And even if this distribution is smaller now, with the growth of popularity it will be approximately the same.

orignal that's why we need to implement a separate cap

orignal to make it clear

onon I propose an option with the publication of my status as a symmetrical. And let others decide whether to build a tunnel through it or not.

orignal that's why I suggest D

orignal "I can accept a tunnel but don't guaratee"

zzz maybe G is temporary fix, but if you guys don't write up a proposal then it's permanent ))

orignal I forgot how to wirte a proposal

orignal basically it should consist of one line "s cap for SSU2 address"

orignal if s than symmtric NAT

orignal or I know better

orignal I'm suffered by proposalphobia )))

onon In that case, it would be nice to add separate caps for all types of nat.

orignal why do we need to care about others?

onon Since we can easily connect symmetric and full cone

orignal full code is not a problem

onon And restricted cone with symmetric

onon But we cannot connect symmetric + symmetric or port restricted + symmetric

onon There is a table of combinations ewk6oorlm4hov5dufwf5zyrj5zrxt7kfztkzw6ocwmnlv3xqtyja.b32.i2p/-cjfo9dclflwku9qz-2p4wl_hre.jpeg

onon There is also a symmetrical NAT, in which the port is incremented by a constant with each new connection. If we learn how to determine this, then it is quite possible to connect such symmetrical NAT with other types of NATs.

dr|z3d fwiw, out of ~4700 routers in netbd, 112 G cap routers. still not a signficant number.

fox does i2pd not have a router console?

dr|z3d i2pd has a rudimentary console / web interface. someone running i2pd will remind you of the port.

onon 127.0.0.1:7070

fox 7070 thanks onon

zzz re: plans, plucked off my roadmap, I'm coding up datagram2 and unit tests for it; if/when I finish, I;ll be calling for a review of the proposal

RN why does i2pd let users specify X, why does it not test capability and adjust over time based on throughput average? Then the users cant screw up the setting.

orignal RN because some monkey suggested them

orignal people who do it are usually drug addicts

orignal and they use i2pd for access to the marketplace

RN so why not assign based on configured bw, and adjust based on performance? stop these dunderheads from clogging the network. :)

orignal how would you know the actual network bandwidth?

orignal even if you do how do you know how much your phone can handle?

RN running average... don't need to know it's best, and it changes for a phone as you move around...

RN dunn

RN o

RN maybe it is harder to test than I think