orignal
what are those ranges about?
dr|z3d
abnormally large number of requests coming from routers on those ranges.
dr|z3d
there are at least 6 or 7.. when those ranges aren't being blocked, they're right at the top of transit requests, consistently.
dr|z3d
try blocking them at your firewall and see how your traffic/transit tunnels varies, perhaps.
orignal
if it's VPN why it's abnornal?
dr|z3d
say you have a list of top transit requesting routers. and let's say that most of them at the top cluster around, say, 20 requests in a given period.
dr|z3d
then you have routers on these ranges, always at the top, 2-3 times what would otherwise be the top requests.
dr|z3d
not just one router at the top, but 3 or 4. and they stay there.
dr|z3d
so, let's say you decide that you want to block these routers, because lately the network's been going a bit nuts. and you do. and then almost immediately your transit tunnels drop and your traffic drops considerably.
dr|z3d
and then you take another look at your top transit requesting routers, and the count looks normal again.
orignal
I think because too many people use that VPN
dr|z3d
that's not the point. there were around 6 distinct routers all at the top of the requesting routers. constantly.
dr|z3d
a bit strange that 6 routers from the same VPN provider all, at the same time, are making more requests than anything else.
dr|z3d
all from just 2 /24s
orignal
myabe this vpn service offers an access to i2p
orignal
and every client has own address
zzz
new theory orignal:
zzz
the tunnel spam is caused by i2pd-over-VPN bugs in 0.9.56
zzz
there's one Mullvad router on 0.9.57 and he's fine
zzz
there's at least 6 Mullvad routers on 0.9.56 and they are all spamming
zzz
ok I'm up to 1 good and 8 bad, I think I've seen enough
dr|z3d
saw a huge drop in requests and traffic with those ranges banned, zzz?
zzz
havent banned anything yet
dr|z3d
startling the before/after
zzz
if I can raise ech or idk I'll do it
dr|z3d
you pose an interesting question re router versions.
dr|z3d
the question being "can we extend the blocklist to support minimum/specific router versions?"
dr|z3d
min/max
dr|z3d
reason:{hash|ip}:{version|max-version|version-range}
zzz
lol no
dr|z3d
ok, glad it tickled you. :)
zzz
if you want to become a dingledine-style network management czar instead of delegating it to me, set up your own news server for your users
dr|z3d
I don't :)
dr|z3d
blocklist.txt is plenty fine for global bans.
zzz
only at the rate your users update
dr|z3d
I can live with that. plenty are on the /dev/ update path.
orignal
what is "i2pd-over-VPN"?
orignal
what i Mullvad?
dr|z3d
Mullvad, VPN supplier.
dr|z3d
i2pd over vpn == i2pd using a vpn to access network.
orignal
then what is so special with i2pd over VPN?
orignal
yes I understand what's that
dr|z3d
Mullvad, aka those 2 ranges I posted earlier.
orignal
I don't understand the difference
dr|z3d
zzz's theory is 0.9.56 (and maybe earlier) have bugs which causes the tunnel spam we're seeing on the network.
dr|z3d
(when used via a VPN)
orignal
and this bug affects VPN only?
dr|z3d
that's his theory.
dr|z3d
but he'll chime in with more theorization no doubt.
orignal
well 0.9.57 has a lot of changes addressing this issue
orignal
and the main one is file descriptors leak
dr|z3d
and you think that could, in combination with a VPN, cause tunnel spam?
zzz
orignal, maybe they don't know their external port and so all the tunnel builds fail or something?
zzz
I don't know the cause, just reporting what I see
orignal
do they have NTCP2?
dr|z3d
multiple routers on a single ip with different ports.. could be problematic?
zzz
ssu2 peer test problems
dr|z3d
if it's Mullvad running the i2pd instances and not individual users, then a word in Mullvad's ear about updating could be fruitful.
dr|z3d
but idk what Mullvad's setup is.
zzz
orignal, here's the list, take a look for yourself:
zzz
1st is .57 and is good, 2-9 are .56 and suck real bad
zzz
Qqj3p9F0Y~qXAkSz3FYo~e~OfSgaM5qZ2OYUrzOtrgM=
zzz
NUo2wncm49XY8f~dzdxII5fnVopL9oT92KC9JC3IOFY=
zzz
GEpq15rG0XjIvP7oZCW9cmL8Dhb8eLSweTU3hZuT2fE=
zzz
aNBK4IQwYCejjMnD31hapWQvova~u1OINPnHCqceljw=
zzz
6lWUeurYBX4w6lsfPdkAxbFKXoGEXKxofXwlWOC3RQA=
zzz
xKAdoKJUvrSEGS0gREC4lEUawa4IKsVnQU189X~QQhk=
zzz
2EJgHsXnjQo8gHt-jmS-GlhXjqtHnNgWiK~QyQ0Rsh4=
zzz
o-atVIIK0N2Eu6r2Nq42cAVqlK6wJGrXqU0Ps3x0HmY=
zzz
2C-fFbGjOJks1mDYxlQ~~M3Q-tX9Dx~tyAUHPzfct~E=
orignal
so you are saying that 8 routers flood the whole network?
orignal
will check
dr|z3d
I'm suggesting that, orignal, yeah, based on my observations.
zzz
all on same IP
dr|z3d
traffic/requests night and day since I blocked the ranges.
orignal
let's ask borat what VPN they use
orignal
in Turkmenia
zzz
orignal, here's the number of build requests I've dropped in last 48 hours, top 9 routers:
zzz
last 8 are mullvad:
zzz
37 ~CrJVoN00MNvEjZIWudnWFzjqDPDsZxKuFq1Y~Sh8fo=]:
zzz
1084 NUo2wncm49XY8f~dzdxII5fnVopL9oT92KC9JC3IOFY=]:
zzz
1453 GEpq15rG0XjIvP7oZCW9cmL8Dhb8eLSweTU3hZuT2fE=]:
zzz
1514 2C-fFbGjOJks1mDYxlQ~~M3Q-tX9Dx~tyAUHPzfct~E=]:
orignal
I think I know what's going on
zzz
1552 aNBK4IQwYCejjMnD31hapWQvova~u1OINPnHCqceljw=]:
zzz
1869 xKAdoKJUvrSEGS0gREC4lEUawa4IKsVnQU189X~QQhk=]:
orignal
if it's Turkmenia
zzz
1941 2EJgHsXnjQo8gHt-jmS-GlhXjqtHnNgWiK~QyQ0Rsh4=]:
zzz
2076 6lWUeurYBX4w6lsfPdkAxbFKXoGEXKxofXwlWOC3RQA=]:
zzz
2439 o-atVIIK0N2Eu6r2Nq42cAVqlK6wJGrXqU0Ps3x0HmY=]:
zzz
so yeah, those 8 are flooding the whole network
zzz
the 0.9.57 one I haven't dropped a single request
orignal
messages gets dropped between IP and actual router location
zzz
ofc we don't know where they really are
zzz
but why is the .57 one good?
zzz
maybe ssu2 peer test issues in .56?
orignal
maybe .57 is not from Turkmenia
orignal
not much difference between .56 and .57
zzz
same mullvad IP though
orignal
but number of descroptors
zzz
anyway, take a look, you have the router hashes ^^^
orignal
they might have users from different countries
orignal
yes
orignal
NUo2 don't you see something strange?
orignal
compressible padding
orignal
same with GEpq
orignal
and I can answer what's happened
orignal
so, guys
orignal
these donkeyfuckers has installed some itermideate version from trunk
orignal
I have implemneted it, then it was the bug exactly with tunnel build
orignal
I have fixed it in next or two days
orignal
but then I have found that zzz didn't commit yet so I have disabled it until next release (0.9.57)
orignal
check all routers from the list and they all have this problem
orignal
between Oct 24 and Oct 26
orignal
or after Dec 12
orignal
but it's difinitly was trunk
zzz
interesting
zzz
didn't you also have full cone nat fixes in .57? VPN can be just like full cone nat
orignal
yes I did
orignal
but it's not about it
orignal
it fixes "Firewalled"
orignal
my point is that 0.9.56 and compressible padding is impossible
orignal
unless you have built trunk
orignal
after Dec 12
zzz
right
zzz
yeah I see they're all compressible
orignal
and 0.9.56 was without it
zzz
yup
orignal
I've disable it on Oct 26
weko
zzz: orignal said what java i2p have backdoor by your control. Is it true?
orignal
and I remeber you start seeing abnormal activity on Dec 19
orignal
weko not backdoor
orignal
just remote banlist
dr|z3d
lol
zzz
right
dr|z3d
backdoor.. funny.
weko
It is literally backdoor
zzz
for emergency use only
dr|z3d
it has a front door. aka the console.
zzz
I already have the backdoor keys, I build the releases
dr|z3d
router.blocklist.enable={true|false}
dr|z3d
that should take care of the subs based blocks, or no?
dr|z3d
assuming someone didn't want them.
weko
zzz: I believe what this is really for emergency cases... But backdoor... In program that specifies on security, privacy and anonymity...
zzz
thats why remote banlist must be signed with update keys
zzz
it's not a code backdoor, just a list of ips/hashes
eyedeekay
It's also pretty short and easy to examine
orignal
zzz the criteria of "bad" routers is simple
orignal
compressible padding and version less than 0.9.57
dr|z3d
maybe that's better than a hash ban..
weko
Okay, but it means easy way for attacks and censorship.
dr|z3d
weko: it doesn't.
dr|z3d
any blocklist published via the news api needs to be signed by a signer trusted by the router.
dr|z3d
that's the first thing.
weko
dr|z3d: why zzz can't ban some good router?
orignal
this situation is invalid anyway
orignal
if somebody builds trunk they must keep it up to date
dr|z3d_
and it's not about censorship. how does zzz know which router's serving content he doesn't like and wants to censor? I'll give you a clue. He doesn't.
weko
dr|z3d_: censorship I mean zzz can ban any router
weko
It is not b32 ban, yes
orignal
dr|z3d_ every router from Russia for example
dr|z3d_
what it _is_ about is maintaining network health and ensuring the network doesn't fall apart because asshats etc.
orignal
one idiot from yggdrasil really did it
orignal
banned all peers from Russia
dr|z3d_
some people have a not-very-nuanced understanding of things, orignal. we both know this :)
orignal
you asked an example
dr|z3d_
anyone running a router can implement their own blocklists and if they want to identify all Russian ip ranges, sure, they can block Russia.
weko
It is really shit feature, literally special backdoor for zzz
dr|z3d
but, you know, when you run software, you're placing implicit trust in the person that's supplying the software.
zzz
so the whole tunnel build spam was from an i2pd bug that only existed for a couple days around Dec. 19?
dr|z3d
so implicitly you're trusting zzz not to randomly start banning routers because Russia.
zzz
weko, it's the same banlist that's in the release, same feature, just we don't have to do a release for it
zzz
I can ban every router in the world in the release
zzz
I can break the whole network
dr|z3d
so can orignal :)
dr|z3d
and I'm probably capable of giving it a good go, too :)
weko
zzz: only in release? I don't understand
dr|z3d
subscription based bans can be published before they have chance to land in the release blocklist, so users running release versions don't have to wait.
zzz
in release and via the news updates. same feature
weko
I understand this like "zzz can send signed SU3 on router and router must use rules from this SU3"
orignal
zzz the bug existed on Oct 24 only
orignal
maybe there were many other bugs in trunk
weko
zzz: user should make an agree or not?
orignal
you know I keep developing
orignal
and keep adding bugs
zzz
sure orignal
zzz
same as me
orignal
but make things stable before releases
zzz
ofc
orignal
so I can't guarantee was here on Dec 12
orignal
*there
zzz
weko, users trust me to do the build, or if not but they trust my code, they can build it themselves, or if not, don't run it
weko
zzz: user have mention about it?
dr|z3d
or they can just disable the news.xml and voila. no more updates.
weko
I think it is really important
weko
I agree that is not backdoor if user have mention about it
zzz
not a secret
dr|z3d
maybe adding something the event log to indicate updated blocklist via news or something would keep weko happy.
orignal
everybody knows about this feature
orignal
ofc it ther want to know )))
dr|z3d
weko: did orignal mention the java implementation of VNC that ships as default?
weko
dr|z3d: I think router ban feature can be fully local. Just with profiling
dr|z3d
just so zzz can remote in a fix your router if it's causing issues.
dr|z3d
sure, weko. can be done. you disable blocklists, your I2P/I2P+ router will just take its cues from the sybil detector.
weko
zzz: yes, it is not a secret (otherwise we don't talk about it), but how many users read proposals, specific this proposal?
dr|z3d
weko: I think you're barking up the wrong tree. there are battles worth fighting, and this isn't one of them.
dr|z3d
as zzz said, run the software, build your own version, whatever. there's no compulsion to use any specific version, and features are documented.
weko
[00:06:45] <b30e0edr|z3d> sure, weko. can be done. you disable blocklists, your I2P/I2P+ router will just take its cues from the sybil detector.
weko
I have some idea for Sybil detecting))
zzz
3 people can backdoor any java router - me, idk, echelon. Probably about the same number for i2pd
dr|z3d
that's a better topic for conversation :)
weko
Local Sybil detecting, of course
dr|z3d
have you seen the I2P sybil detection?
weko
zzz: i2pd don't have features like this
weko
dr|z3d: yes, I have some idea... It is hard to understand