#dev (ilita) | Обсуждение разработки I2Pd | i2pd development discussion | http://i2pd.website/ | major

👮 major

✅ ilita

#4rum #acetonevideo #dev #retroshare #torrent #video2p

✅ irc2p

#i2p-dev #i2pd-dev #ls2 #saltr

#dev

/2026/02/08

Online: 40

~R4SAS

~acetone

~orignal

~villain

&N00B

+Xeha

Daddy

Most

Opax

St1nt

Yadovitka

Yotsu

ahiru

ananas

anontor

asap

b3t4f4c3___

chud

cry4me

deserving-stegosaur

duanin2

f00b4r

i2p1

leopold

mareki2p

n1_

o3d3

o3d3_

poriori

profetikla

qend

slfd

sonya

test02

tetrimer_

un

user

uu2

vade

zzz

R4SAS orignal: ну что?

orignal на тему?

orignal я тут поднял с баном 0.9.57 вроде нормально работет

orignal zzz, please

zzz good morning

zzz here is fine, what's up?

orignal long story short

orignal we think that it's not a attack

orignal also I'm confident they build 1 hop tunnel

orignal s

orignal R4SAS я тебе в телеге отравил проект релиза

zzz stats.i2p/cgi-bin/total_routers_week.cgi

orignal so the topic is to ban 0.9.57 at least for TBM

orignal which one you want me to elabrate?

zzz attack or not, doesn't matter. but something new started 10 PM UTC last night. Looks like 0.9.67 Xf[RU]G

zzz I don't know if 0.9.57 is still going or not. is it?

zzz elaborate on whatever you want

R4SAS летаем...

orignal ну там не так все плохо

orignal сегодня

zzz Saudi Arabia, France, Mexico, Brazil XfG 0.9.67

orignal right, this is a botnet

zzz new one started last night

orignal but the target in not I2P

zzz seems unrelated to the 0.9.57 group, it is US and Argentina

orignal I'm sorry but you must be very stupid attacker to flood the netwrok with -hop tunnels instead 8-hops

orignal yes, floodfills is another topic

R4SAS я на s2 пересобрался утром

zzz the 0.9.57 group is still alive?

orignal sec

orignal yes, tonns of them

zzz I think it is, just double checking

zzz ok

orignal the main problem of 0.9.57 is they 0.9.57

orignal and nobody builds tunnels trouh them because they are 0.9.57

orignal while they build tunnels

orignal not to attack i2p

orignal because too many of them

zzz sure, you can drop their TBMs if you want. I don't let them connect to me, so they can't build through me anyway (mostly)

orignal zzz, there is no evidence that 0.9.57 group a modfieid i2pd

zzz well they make a lot of connections. modified or not, doesn't matter

orignal fine. let's agree. do we ban connection from them (with them) or drop TBMs only?

orignal zzz, why do you think it's a single router makes a lot of cnnection rather than many?

orignal bahind simgle IP

orignal *behind

orignal it makes a lot of difference

zzz I ban connection from 0.9.57 L. We don't have to agree, do what you want

orignal if it's inteninal attack or unintentional

orignal how about outgoing?

orignal if your next peer in tunnel is 0.9.57

orignal and most likely LU

orignal hence you must reach them trough introducer

zzz we ban them for an hour, during that time we won't do outgoing. But they are so chatty they almost always connect to us first

zzz so we prevent most but not all

orignal I think to ban 0.9.57 completely

zzz how many 0.9.57 L do you have in your netdb?

zzz only ban if L

orignal right

orignal once more coincidence

orignal congestion caps appeared in 0.9.58

orignal that's why they ignnore E and G

zzz I have only 100 0.9.57 L in my netdb. How about you? Before my fixes I had thousands

orignal I also can't say because I ban a lot

orignal also LR instead LU

orignal peer test failure

orignal I checked

orignal publushed NTCP2 port if never reachable

orignal you also mention they keep chaning identity all the time

orignal however it looks like that are different routers on he same IP

zzz ok

orignal why 1-hop? because ipv6

orignal it seems ipv6 never appears in thier tunnels

orignal so we agreed that I ban all incoming connections from 0.9.57 and low L

zzz we agreed that's what I do, you can do that if you like, works well for me )))

orignal and I drops TBM to 0.9.57 L

orignal ok let's ask differently

orignal any objections from you?

zzz no objections, sounds good!

orignal thanks

orignal will do

zzz will work on the XfG situation this morning and see if there's anything I need to do about it

orignal what's wrong with XfG?

orignal for me it's valid combination

orignal you floodfill and not transit

zzz it's the new botnet started last night, thousands of them

orignal your choice

orignal yes bunnch of floodfills

zzz probably changing identities, clogging up my netdb

orignal but if they serve as real floodfills what's wrong

orignal how many FFs you see?

orignal with my anti-FF mesureents I see around 3000

orignal one more question

zzz much more starting last night. 3000-4000. I have anti-ff also, but stats has seen 10,000 new routers since last night

zzz so they are churning identities

orignal if you reject incliming session from 0.9.57 what rejection code do you send?

zzz they are real, they are connected to me

zzz sec

orignal yes they started like at 8 pm

zzz right

orignal unfortunately we don't have a code GFY ))

orignal yet

zzz I use code BANNED

orignal thanks

orignal will do the same

zzz BANNED == GFY ))

orignal almost

StormyCloud The StormyCloud has arrived

StormyCloud I sent some IPs to zzz, but looks like a mobile botnet/proxy service. I tracked down several large subnets we could temp block until this is over

orignal nice to see you here

orignal yes, guys found the same

orignal IPs from known botnets

R4SAS ммм... вроде я в ноябре делал переводы, но походу не пушнул

R4SAS интересно, на каком рабочем месте я это делал

orignal лол

orignal я в курсе только про иврит

R4SAS orignal: пиши релиз

orignal ты таг сделал?

R4SAS да

orignal напишу

orignal там вадя какой то PR с высером ИИ про версию гита сделал

R4SAS я уже закрыл его