#i2p-dev (irc2p) | 2.11.0-3 | Network status http://zzz.i2p/topics/3714

#i2p-dev

/2026/02/06

Online: 62

&zzz

+FreefallHeavens

+R4SAS

+RN_

+Romster

+T3s|4

+acetone

+eche|off

+mareki2p

+nilbog

+nyaa2pguy

+orignal

+postman

+qend-irc2p

+wodencafe

Arch

Daddy_I2P

Danny

Irc2PGuest15434

Irc2PGuest16019

Irc2PGuest20377

Irc2PGuest31938

Irc2PGuest35412

Irc2PGuest48148

Irc2PGuest77921

MatrixBot

NiceBoat

Onn4l7h

Onn4|7h

Over

Sisyphus

Teeed

aargh4

ahiru

ananas

anontor

b3t4f4c3__

cims

dr4wd3_

duanin2

ice_juice

mahlay

makoto

marek

noidea

not_bob_afk2

o3d3

poriori

profetikla

r00tobo

rapidash

rednode

solidx66

stormycloud[m]

sublimia

test7363673

uop23ip

urist_

vivid_reader56

x74a6

zelgomer

orignal zzz, FYI

orignal 333.i2p/topics/282-wrong-static-key

orignal seems botnet comes with wrong static key

not_bob Thank you.

nilbog I tried -6-rc on debian by building it, had to fix the debian build first. But maybe i didn't completely fixed it bc the web interface couldn't load and i got an error related to jetty afterwards and the router crashed repeatedly. Unfortunately lost the log (extra dumb..) so will try to replicate as soon as i can connect to git (seems down?)

zzz thanks for the report nilbog. we hadn't fully and successfully tested the deb builds until yesterday. Fixes are in -7-rc

zzz if you can't get it from gitea in-net, it's on github

nilbog ok thanks will do!

zzz please report results

zzz we're a little swamped trying to get ready for the previously-scheduled release while simultaneously working on the attack

zzz last call for translations, pulling from transifex in 3 hours

orignal or it's postponed again?

zzz still monday until eyedeekay says something different

zzz re: s mismatch, yeah, he's changing identities

orignal you mean attacker?

zzz yeah, re: your 333.i2p link

orignal that what a guy noticed

orignal so he changes router keys and doesn't change ntcp2 and ssu2 static keys?

orignal then how it even works?

orignal i2pd always closes such sessions

zzz yeah I don't know how he would change ident while running

zzz hackers gonna hack

orignal I can tell you what they do

zzz thinking about if we can ban for mismatched s, I think we can if the IP matches

orignal they delete router.info and router.keys

orignal and not ntcp2.keys and ssu2.keys

zzz we won't ever change while running

orignal as result he uses key from nntcp2/ssu2/.keys

orignal but sends new RouterInfo

zzz we compare everything at startup and redo everything on mismatch

orignal i2pd doesn't )))

zzz i think ))

orignal maybe we started doing it later

orignal Vort mentioned something like this

orignal but they use older version

orignal do you compare S with one from RI now?

zzz yes ofc. It's just whether we can also ban the hash from the RI. Have to be careful not to ban if he sends somebody else's RI

zzz so need some sort of assurance that it's his RI, either by IP or S match

zzz if neither IP nor S match, you can't ban (preliminary conclusion, still thinking about it)

orignal then let's do it

orignal what's you suggest ban time?

orignal 10 minutes of 24 hours?

orignal *or

zzz ok. what I have now may be sufficient, or might make a change

orignal what you have now for this secenario?

zzz up to you. I have to worry about ban table memory usage with these kinds of attacks

orignal I onle close the session

zzz sec...

orignal what? 4 or 16 bytes?

orignal you can ban whole network without noticable memry useage

zzz java object overhead... also depends on ban by IP or router hash too, still thinking...

zzz any java HashMap entry is about 200 bytes overhead

orignal by IP only

orignal that's what I'm going to do

zzz our inbound ban time is 39 minutes

orignal thanks. will do the same

zzz if you like, nothing special about 39 ))

nilbog Update on debian build (sorry if dupl, got disconnected), some fixes are still required to compile: in debian/rules add ",quilt" at end of line 54 'dh $@ --with systemd,bash-completion,quilt' as explained in an issue on gitea + add classpath of slf4j2-api and jetty-ee in javadoc target in build.xml

nilbog maybe it's not a complete fix as lots of bugs happen in the ui, router indicated as down sporadically, no graphs visible (they are saved though) and lot of pages like local router (in netDb) errors with : 500 javax.servlet.ServletException: java.lang.NoSuchFieldError: Class org.eclipse.jetty.http.UriCompliance$Violation does not have member field 'org.eclipse.jetty.http.UriCompliance$Violation

nilbog BAD_PERCENT_ENCODING' (running java 21)

zzz thanks nilbog I found the same things

nilbog ok cool

nilbog also much much harder to build tunnels it seems (compared to 2.10.0), even keeping irc alive is very complicated, couldn't do it so had to go back to 2.10.0 (even after 45+ min)

zzz I have a fix for the javadoc, trying to push but gitea won't talk to me

zzz the ,quilt thing is a known problem for years

zzz looking at the BAD_PERCENT_ENCODING thing now

StormyCloud Alright, we got 30 routers on -5 now

zzz the problem is a mismatch of the jetty versions

zzz super StormyCloud

zzz still need to get it up on LP, been working on trixie/resolute issues

zzz I'm ging to have to bundle some 12.0.17 jars to fix the PERCENT_ENCODING issue

zzz this could all have been avoided but debian didn't respond to my bug report a few months back

zzz I have the PERCENT_ENCODING thing fixed but having trouble pushing to gitea

zzz -9-rc with the trixie/resolute fixes pushed. trying to push the -8 and -9 tags now

lbt Hi! What's gonna happen to routers running on Debian Bookworm when the new version comes? Means no new Jetty, but it sounds like that's gonna be needed, yes?