#i2p-dev (irc2p) | 2.8.0-3 | ACTION REQUIRED git.idk.i2p account deletion http://i2pforum.i2p/viewtopic.php?t=1312 | Upcoming reviews Tuesdays 8 PM UTC #ls2: prop. 163 Mar. 4; prop 169 Mar. 18; prop. 167 Apr 1

#i2p-dev

/2025/02/22

Online: 59

@eyedeekay

&eche|on

&kytv

&zzz

+R4SAS

+RN

+StormyCloud

+dr|z3d

+hagen

+hk

+lbt

+orignal

+postman

+radakayot

+wodencafe

Arch

Danny

DeltaOreo

Extractor

FreefallHeavens

Irc2PGuest15852

Irc2PGuest17611

Irc2PGuest30976

Irc2PGuest31002

Irc2PGuest40226

Irc2PGuest58773

Irc2PGuest59134

Leopold_

Nausicaa

Onn4l7h

Onn4|7h

Over1

Sisyphus

Sleepy

Soni

T3s|4_

acetone_

aeiou

ardu

b3t4f4c3

boonst

cumlord

dickless

dr4wd3_

eyedeekay_bnc

not_bob_afk

poriori

profetikla

qend-irc2p

r3med1tz-

rapidash_

shiver_sc

solidx66_

thetia

u5657

uop23ip

w8rabbit

weko_

x74a6

radakayot i think my router is now playing good with others. is there anything unusual in your logs since yesterday, zzz?

zzz saw one 10 hours ago: resp block xxx:22777 rcvd from xxx:27594

radakayot :(

radakayot is there any container setup that i could use to test it without disturbing you and the network?

zzz its a minor thing, don't worry about hurting the network

radakayot what about you? you are already busy with a lot of things, i don't want to bother you debugging for my mistakes.

zzz its just grepping a log, I'm not debugging anything

zzz just make sure you're sending the hole punch from the right port

zzz assuming you're pretending to be firewalled and aren't behind a symmetric nat

radakayot no, i am really firewalled.

zzz ok but it's not changing the port on you is it?

radakayot no it should not.

zzz so whatever port you're on, always send from that port, including hole punches

radakayot actually i am, that's why it is weird. i have single udp socket open all the time.

radakayot i also run i2pd on the same ip. could it be related?

radakayot different identities btw.

zzz well you'd have to look at the port to know which is which

zzz are you persisting your port across restarts? because your port is all over the place

radakayot yes, i am. 22777 is my implementation. 16860 is i2pd currently. (i2pd set to auto)

zzz even on just the "claimed" port in the response block, I've seen you on a dozen different ports in the last week

zzz 22777 first seen today

radakayot oh yes. since yesterday around 12:00 GMT it is set to 22777.

radakayot now it persists between restarts. before that i did not run it for 2 days.

zzz ok that will help the debugging

radakayot i'm trying to eliminate my ISP's DPI side effects, you know... :)

radakayot btw, i2pd runs all the time. between restarts port changes.

zzz there's lots and lots of routers that are also getting logged for mismatch, I always assumed they were symmetric natted, but perhaps it's some i2pd bug you've inherited

radakayot 100mbps/20mbps cable eurodocsis 3.0

radakayot in i2pd also there is single udp socket btw. i don't have any answer how i could send from different endpoint.

zzz same for java. dunno. I'm getting about 1 mismatch per minute, 328 in 5 hours from 306 different routers

zzz so maybe some larger problem

radakayot all i2pd?

radakayot or which countries they are from?

zzz it's hard to tell if a firewalled router is i2pd or not because we both set the costs the same I think

zzz and there's no IP published so no geoip unless we've connected to them

radakayot i see.

zzz there's also lots of old and hacked botnet versions out there so it's tough to nail down

radakayot "xxx:22777 rcvd from xxx:27594" in here xxx's are same ip's right?

zzz yes

radakayot well, at least they help the invisible internet :)

zzz no not all botnets are "helping"

radakayot how? shouldn't they participate the network at least?

zzz because the botnet ppl are modifying i2pd and injecting bugs, and duplicating router identities, and doing malicious things

radakayot is there anything i could do the reduce the attack surface? at least to protect the network stability.

radakayot btw, it should not be possible to me send from any other port than 22777. i know how my firewall works. i know how my os works. that is so weird.

zzz I'll do more research on my side because there's hundreds of routers doing this, more than I would guess

radakayot okay zzz. if you need any help, please let me know.

radakayot and about the bots: if you encounter a sample executable, please send it to me so i could reverse it and probably use i2pd's exploits to send kill packets to clean up network temporarily. just wanted to let you know.

zzz it's not fatal, we use the source port, not the port from the response block

zzz if (port != fromPort) {

zzz // if port mismatch only, use the source port as charlie doesn't know

zzz // his port or is behind a symmetric NAT

zzz if (_log.shouldWarn())

zzz _log.warn("Hole punch source mismatch on " + state +

zzz " resp. block: " + Addresses.toString(ip, port) +

zzz " rcvd. from: " + id);

zzz whether you get the response, dunno

radakayot ACK

radakayot oh, if it's response block, that is good. it's possible.

zzz re: bot hunting, we have a few years worth of defenses built in

zzz whats possible?

radakayot looking to the code... just a minute.

radakayot oh, sorry. i thought it was serialized ip:port. ignore my last comment.

radakayot just checked from java, it's not.

radakayot thanks zzz, as always. please let me know if anything i could do to repay you.

zzz no payment reqd )) if you're catching and reporting i2pd bugs, that's payment enough

radakayot sure, i will. and tun adapter will be released on march, if i do have time :)

radakayot in relay intro response, is token should be zero if charlie is already connected or alice is unknown?

radakayot ignore my question. i found in java. it's zero except accept.

radakayot i'm getting lazy because of you zzz :)