IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2025/05/11
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@eyedeekay
@postman
@zzz
%Liorar
%acetone
+FreefallHeavens
+Xeha
+ardu
+bak83_
+hk
+mareki2p
+onon_
+poriori
+profetikla
+qend-irc2p
+r00tobo_BNC
+segfault
+uop23ip
AHON1
Arch
BubbRubb
Dann
FreeB
HowardPlayzOfAdmin1
Irc2PGuest23350
Irc2PGuest31296
Irc2PGuest51026
Irc2PGuest85336
Meow
Onn4l7h
Onn4|7h
T3s|4__
anontor2
b4dab00m
boonst_
carried6590
cumlord
duck
maylay
not_bob_afk
orignal_
pisslord
r3med1tz
rumburak
shiver_
simprelay
solidx66
thetia
u5657
usr002
weko_
zer0bitz
dr|z3d zzz: so I should probably ask, this remove active throttle code, WIP, is there likely much more to be done to it or is it more or less merge ready?
zzz dr|z3d, 505 just removes old jrandom stuff, it will either work or it won't, test it for half an hour and call it good, ditto 503 and 508
dr|z3d ok, thanks, zzz, figured it was just cruft removal. appears to work without issue.
dr|z3d is it just me, or are there a huge number of "routers" out there sending corript handshakes right now?
dr|z3d *corrupt
dr|z3d it looks like an ongoing barrage.
cumlord Maybe test routers?
cumlord Reminded me i2pchat might have problem with that, I think if you initiate handshake and don’t complete it it doesn’t handle correctly
dr|z3d this was what appeared to be 100s of routers. more likely to be probing attacks.
dr|z3d The barrage happens after a router restart.. corrupt handshake gets you a 2 hour ban, so over time you'll see less and less in the logs.
zzz new friends of the two we already blocked?
dr|z3d no, ips all over it looks like.
zzz which transport?
zzz not seeing that
zzz but am seeing 3 new IPs that look extremely aggressive
dr|z3d well, this one is particularly aggressive.. 74 connection attempts -> 113.188.167.116
dr|z3d 205 for 87.191.59.74
dr|z3d 160 for 49.205.98.199
dr|z3d 200 for 174.56.96.80
dr|z3d lots of aggressive ips here.
dr|z3d do any of those tally with what you're seeing?
zzz dont see any of those
zzz here's my three, counts are over 7 hours:
dr|z3d those counts I referenced are all for under 2 hours.
zzz 142 51.81.66.61
zzz 366 91.138.224.31
zzz 431 59.56.69.164
dr|z3d it looks like the constant connection attempts are impeding normal traffic.
dr|z3d so, either an attack of sorts, or the ban on corrupt handshake code is misfiring, either in + or..
zzz the last one has been trying to connect at exactly 02.600 seconds after the top of every minute, for at least 7 hours
dr|z3d smells like an attack. doesn't seem normal. a normal router will take the hint and stop.
zzz the 91.138 one is more chaotic, sometimes twice per minute, sometimes waits a couple minutes
zzz ok the 51.81 guy is in a different category, not corrupt msg 1, just has localhost in RI
zzz found 3 more IPs with bad msg 1, very low numbers, less than 10 each in 7 hours. definitely not hundreds seen here
dr|z3d possibly targetting floodfills? dunno. will keep an eye on it.
zzz thx. I'd stopped looking after we blocked those two, but not surprising that more have popped up
dr|z3d hard to say what's happening, but could be the signs of a new attack.
dr|z3d I looked at one aggresive ip address via whois, appears to be listed in spamhaus db. so that's curious.
dr|z3d just replace with offender ip in that url, you'll have a good overview.
zzz 59.56.69.164 has been hitting me at exactly 02.600 each minute for a week at least
dr|z3d that one's on various blacklists.
zzz the other one for a week also. I think my logging may have changed then
zzz i don't know what this one is that hasn't drifted 100ms in a week. it's not a shell script.
dr|z3d yeah, that is unusual.
dr|z3d nation state? china?
zzz ding ding china
zzz the other one is in greece
dr|z3d one I was looking at was in singapore.
zzz so I'll ban those two, will catch up with idk tomorrow, he's probably doing mothers day stuff
zzz and then get the release out with our improved defenses
dr|z3d still due in August?
zzz no that's 2.10. 2.9 is June 3
dr|z3d oh. ok.
dr|z3d good to know.
zzz I'm going to change my port and see if these guys find me again