@eyedeekay
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+eche|off
+hagen
+hk
+orignal
+postman
+qend-irc2p
+snex
+weko
+wodencafe
Arch
BubbRubb
Daddy
Daddy_1
Danny
DeltaOreo
FreeRider
FreefallHeavens
HowardPlayzOfAdmin
Irc2PGuest44301
Irc2PGuest56179__
Irc2PGuest73758
Irc2PGuest92548
Leopold_
Onn4l7h
Onn4|7h
Sisyphus_
Sleepy
SlippyJoe_
T3s|4__
Teeed
ardu
b3t4f4c3__
bak83
boonst
cumlord
dr4wd3_
eyedeekay_bnc
mareki2p_
not_bob_afk
not_human
nuke
poriori
profetikla
r00tobo
rapidash
shiver_
solidx66
thetia
tr
u5657
uop23ip
w8rabbit
x74a6
eyedeekay
I was thinking about the oddities in the reseed traffic and I had an idea, not sure if it's viable...
eyedeekay
Could we send a signing key from the router attempting the reseed, along with some signed piece of contemporary shared information like a timestamp, in the HTTP headers with the `get` when the reseed is fetched?
eyedeekay
Allowing the reseed server to verify that the agent they are serving the reseed to is likely to be an I2P router?
zzz
there's the user-agent check for wget already
eyedeekay
Yeah I know, just wondering if this is harder to "fake"
eyedeekay
Not sure it is just wondering
zzz
we've isolated the tm botnet to five /24s, if they're still around in a month we'll probably block them in the release