IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/01/28
orignal what are those ranges about?
dr|z3d abnormally large number of requests coming from routers on those ranges.
dr|z3d there are at least 6 or 7.. when those ranges aren't being blocked, they're right at the top of transit requests, consistently.
dr|z3d try blocking them at your firewall and see how your traffic/transit tunnels varies, perhaps.
orignal if it's VPN why it's abnornal?
dr|z3d say you have a list of top transit requesting routers. and let's say that most of them at the top cluster around, say, 20 requests in a given period.
dr|z3d then you have routers on these ranges, always at the top, 2-3 times what would otherwise be the top requests.
dr|z3d not just one router at the top, but 3 or 4. and they stay there.
dr|z3d so, let's say you decide that you want to block these routers, because lately the network's been going a bit nuts. and you do. and then almost immediately your transit tunnels drop and your traffic drops considerably.
dr|z3d and then you take another look at your top transit requesting routers, and the count looks normal again.
orignal I think because too many people use that VPN
dr|z3d that's not the point. there were around 6 distinct routers all at the top of the requesting routers. constantly.
dr|z3d a bit strange that 6 routers from the same VPN provider all, at the same time, are making more requests than anything else.
dr|z3d all from just 2 /24s
orignal myabe this vpn service offers an access to i2p
orignal and every client has own address
zzz new theory orignal:
zzz the tunnel spam is caused by i2pd-over-VPN bugs in 0.9.56
zzz there's one Mullvad router on 0.9.57 and he's fine
zzz there's at least 6 Mullvad routers on 0.9.56 and they are all spamming
zzz ok I'm up to 1 good and 8 bad, I think I've seen enough
dr|z3d saw a huge drop in requests and traffic with those ranges banned, zzz?
zzz havent banned anything yet
dr|z3d startling the before/after
zzz if I can raise ech or idk I'll do it
dr|z3d you pose an interesting question re router versions.
dr|z3d the question being "can we extend the blocklist to support minimum/specific router versions?"
dr|z3d min/max
dr|z3d reason:{hash|ip}:{version|max-version|version-range}
zzz lol no
dr|z3d ok, glad it tickled you. :)
zzz if you want to become a dingledine-style network management czar instead of delegating it to me, set up your own news server for your users
dr|z3d I don't :)
dr|z3d blocklist.txt is plenty fine for global bans.
zzz only at the rate your users update
dr|z3d I can live with that. plenty are on the /dev/ update path.
orignal what is "i2pd-over-VPN"?
orignal what i Mullvad?
dr|z3d Mullvad, VPN supplier.
dr|z3d i2pd over vpn == i2pd using a vpn to access network.
orignal then what is so special with i2pd over VPN?
orignal yes I understand what's that
dr|z3d Mullvad, aka those 2 ranges I posted earlier.
orignal I don't understand the difference
dr|z3d zzz's theory is 0.9.56 (and maybe earlier) have bugs which causes the tunnel spam we're seeing on the network.
dr|z3d (when used via a VPN)
orignal and this bug affects VPN only?
dr|z3d that's his theory.
dr|z3d but he'll chime in with more theorization no doubt.
orignal well 0.9.57 has a lot of changes addressing this issue
orignal and the main one is file descriptors leak
dr|z3d and you think that could, in combination with a VPN, cause tunnel spam?
zzz orignal, maybe they don't know their external port and so all the tunnel builds fail or something?
zzz I don't know the cause, just reporting what I see
orignal do they have NTCP2?
dr|z3d multiple routers on a single ip with different ports.. could be problematic?
zzz ssu2 peer test problems
dr|z3d if it's Mullvad running the i2pd instances and not individual users, then a word in Mullvad's ear about updating could be fruitful.
dr|z3d but idk what Mullvad's setup is.
zzz orignal, here's the list, take a look for yourself:
zzz 1st is .57 and is good, 2-9 are .56 and suck real bad
zzz Qqj3p9F0Y~qXAkSz3FYo~e~OfSgaM5qZ2OYUrzOtrgM=
zzz NUo2wncm49XY8f~dzdxII5fnVopL9oT92KC9JC3IOFY=
zzz GEpq15rG0XjIvP7oZCW9cmL8Dhb8eLSweTU3hZuT2fE=
zzz aNBK4IQwYCejjMnD31hapWQvova~u1OINPnHCqceljw=
zzz 6lWUeurYBX4w6lsfPdkAxbFKXoGEXKxofXwlWOC3RQA=
zzz xKAdoKJUvrSEGS0gREC4lEUawa4IKsVnQU189X~QQhk=
zzz 2EJgHsXnjQo8gHt-jmS-GlhXjqtHnNgWiK~QyQ0Rsh4=
zzz o-atVIIK0N2Eu6r2Nq42cAVqlK6wJGrXqU0Ps3x0HmY=
zzz 2C-fFbGjOJks1mDYxlQ~~M3Q-tX9Dx~tyAUHPzfct~E=
orignal so you are saying that 8 routers flood the whole network?
orignal will check
dr|z3d I'm suggesting that, orignal, yeah, based on my observations.
zzz all on same IP
dr|z3d traffic/requests night and day since I blocked the ranges.
orignal let's ask borat what VPN they use
orignal in Turkmenia
zzz orignal, here's the number of build requests I've dropped in last 48 hours, top 9 routers:
zzz last 8 are mullvad:
zzz 37 ~CrJVoN00MNvEjZIWudnWFzjqDPDsZxKuFq1Y~Sh8fo=]:
zzz 1084 NUo2wncm49XY8f~dzdxII5fnVopL9oT92KC9JC3IOFY=]:
zzz 1453 GEpq15rG0XjIvP7oZCW9cmL8Dhb8eLSweTU3hZuT2fE=]:
zzz 1514 2C-fFbGjOJks1mDYxlQ~~M3Q-tX9Dx~tyAUHPzfct~E=]:
orignal I think I know what's going on
zzz 1552 aNBK4IQwYCejjMnD31hapWQvova~u1OINPnHCqceljw=]:
zzz 1869 xKAdoKJUvrSEGS0gREC4lEUawa4IKsVnQU189X~QQhk=]:
orignal if it's Turkmenia
zzz 1941 2EJgHsXnjQo8gHt-jmS-GlhXjqtHnNgWiK~QyQ0Rsh4=]:
zzz 2076 6lWUeurYBX4w6lsfPdkAxbFKXoGEXKxofXwlWOC3RQA=]:
zzz 2439 o-atVIIK0N2Eu6r2Nq42cAVqlK6wJGrXqU0Ps3x0HmY=]:
zzz so yeah, those 8 are flooding the whole network
zzz the 0.9.57 one I haven't dropped a single request
orignal messages gets dropped between IP and actual router location
zzz ofc we don't know where they really are
zzz but why is the .57 one good?
zzz maybe ssu2 peer test issues in .56?
orignal maybe .57 is not from Turkmenia
orignal not much difference between .56 and .57
zzz same mullvad IP though
orignal but number of descroptors
zzz anyway, take a look, you have the router hashes ^^^
orignal they might have users from different countries
orignal NUo2 don't you see something strange?
orignal compressible padding
orignal same with GEpq
orignal and I can answer what's happened
orignal so, guys
orignal these donkeyfuckers has installed some itermideate version from trunk
orignal I have implemneted it, then it was the bug exactly with tunnel build
orignal I have fixed it in next or two days
orignal but then I have found that zzz didn't commit yet so I have disabled it until next release (0.9.57)
orignal check all routers from the list and they all have this problem
orignal between Oct 24 and Oct 26
orignal or after Dec 12
orignal but it's difinitly was trunk
zzz interesting
zzz didn't you also have full cone nat fixes in .57? VPN can be just like full cone nat
orignal yes I did
orignal but it's not about it
orignal it fixes "Firewalled"
orignal my point is that 0.9.56 and compressible padding is impossible
orignal unless you have built trunk
orignal after Dec 12
zzz right
zzz yeah I see they're all compressible
orignal and 0.9.56 was without it
zzz yup
orignal I've disable it on Oct 26
weko zzz: orignal said what java i2p have backdoor by your control. Is it true?
orignal and I remeber you start seeing abnormal activity on Dec 19
orignal weko not backdoor
orignal just remote banlist
zzz right
dr|z3d backdoor.. funny.
weko It is literally backdoor
zzz for emergency use only
dr|z3d it has a front door. aka the console.
zzz I already have the backdoor keys, I build the releases
dr|z3d router.blocklist.enable={true|false}
dr|z3d that should take care of the subs based blocks, or no?
dr|z3d assuming someone didn't want them.
weko zzz: I believe what this is really for emergency cases... But backdoor... In program that specifies on security, privacy and anonymity...
zzz thats why remote banlist must be signed with update keys
zzz it's not a code backdoor, just a list of ips/hashes
eyedeekay It's also pretty short and easy to examine
orignal zzz the criteria of "bad" routers is simple
orignal compressible padding and version less than 0.9.57
dr|z3d maybe that's better than a hash ban..
weko Okay, but it means easy way for attacks and censorship.
dr|z3d weko: it doesn't.
dr|z3d any blocklist published via the news api needs to be signed by a signer trusted by the router.
dr|z3d that's the first thing.
weko dr|z3d: why zzz can't ban some good router?
orignal this situation is invalid anyway
orignal if somebody builds trunk they must keep it up to date
dr|z3d_ and it's not about censorship. how does zzz know which router's serving content he doesn't like and wants to censor? I'll give you a clue. He doesn't.
weko dr|z3d_: censorship I mean zzz can ban any router
weko It is not b32 ban, yes
orignal dr|z3d_ every router from Russia for example
dr|z3d_ what it _is_ about is maintaining network health and ensuring the network doesn't fall apart because asshats etc.
orignal one idiot from yggdrasil really did it
orignal banned all peers from Russia
dr|z3d_ some people have a not-very-nuanced understanding of things, orignal. we both know this :)
orignal you asked an example
dr|z3d_ anyone running a router can implement their own blocklists and if they want to identify all Russian ip ranges, sure, they can block Russia.
weko It is really shit feature, literally special backdoor for zzz
dr|z3d but, you know, when you run software, you're placing implicit trust in the person that's supplying the software.
zzz so the whole tunnel build spam was from an i2pd bug that only existed for a couple days around Dec. 19?
dr|z3d so implicitly you're trusting zzz not to randomly start banning routers because Russia.
zzz weko, it's the same banlist that's in the release, same feature, just we don't have to do a release for it
zzz I can ban every router in the world in the release
zzz I can break the whole network
dr|z3d so can orignal :)
dr|z3d and I'm probably capable of giving it a good go, too :)
weko zzz: only in release? I don't understand
dr|z3d subscription based bans can be published before they have chance to land in the release blocklist, so users running release versions don't have to wait.
zzz in release and via the news updates. same feature
weko I understand this like "zzz can send signed SU3 on router and router must use rules from this SU3"
orignal zzz the bug existed on Oct 24 only
orignal maybe there were many other bugs in trunk
weko zzz: user should make an agree or not?
orignal you know I keep developing
orignal and keep adding bugs
zzz sure orignal
zzz same as me
orignal but make things stable before releases
zzz ofc
orignal so I can't guarantee was here on Dec 12
orignal *there
zzz weko, users trust me to do the build, or if not but they trust my code, they can build it themselves, or if not, don't run it
weko zzz: user have mention about it?
dr|z3d or they can just disable the news.xml and voila. no more updates.
weko I think it is really important
weko I agree that is not backdoor if user have mention about it
zzz not a secret
dr|z3d maybe adding something the event log to indicate updated blocklist via news or something would keep weko happy.
orignal everybody knows about this feature
orignal ofc it ther want to know )))
dr|z3d weko: did orignal mention the java implementation of VNC that ships as default?
weko dr|z3d: I think router ban feature can be fully local. Just with profiling
dr|z3d just so zzz can remote in a fix your router if it's causing issues.
dr|z3d sure, weko. can be done. you disable blocklists, your I2P/I2P+ router will just take its cues from the sybil detector.
weko zzz: yes, it is not a secret (otherwise we don't talk about it), but how many users read proposals, specific this proposal?
dr|z3d weko: I think you're barking up the wrong tree. there are battles worth fighting, and this isn't one of them.
dr|z3d as zzz said, run the software, build your own version, whatever. there's no compulsion to use any specific version, and features are documented.
weko [00:06:45] <b30e0edr|z3d> sure, weko. can be done. you disable blocklists, your I2P/I2P+ router will just take its cues from the sybil detector.
weko I have some idea for Sybil detecting))
zzz 3 people can backdoor any java router - me, idk, echelon. Probably about the same number for i2pd
dr|z3d that's a better topic for conversation :)
weko Local Sybil detecting, of course
dr|z3d have you seen the I2P sybil detection?
weko zzz: i2pd don't have features like this
weko dr|z3d: yes, I have some idea... It is hard to understand