@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+acetone
+orignal
+weko
Irc2PGuest42386
Irc2PGuest5995
Leopold_
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon2
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
orignal
on floodfill?
zzz
I;ll probably need to switch one of my routers to ff and see if that works
orignal
you need to test it on floodffill
zzz
the trouble is the RIs propagate really quickly via DBSRMs
orignal
when this moron start publishing you should see his real IP
orignal
you don't care about propagation
orignal
only connection he uses to publish himself
orignal
and you should catch him there
zzz
sure, but maybe you will catch him first
orignal
but I'm still writing the code ))
orignal
1 more hour or so
orignal
have to do too many things in parallel
zzz
yeah I've tweaked about 8 things so far, testing all of it at once
orignal
once I'm done we will find this faggot shotly
orignal
if my theory is right
orignal
but you probbably guess how I would publish RI if I was him
orignal
but I hope is not familiar with I2P internals enough to do it
zzz
so far I can't prove anybody's theory, but I'm making good fixes along the way
orignal
however I predict his IP will be either Moscow or Novosibirsk
zzz
good luck, I'm out after 12 hours on it, back at it in the morning :)
orignal
funny thing I can't connect to ilita from bouncer ))
orignal
here we go
orignal
202.169.118.85
orignal
abuser's IP
orignal
no wrong one
orignal
he publishes alwways wrong IP
orignal
but same
orignal
but this guy is also interesting
orignal
floodfill published as 158.140.215.184 21228
orignal
non reachable
orignal
definitly Java
orignal
dr|z3d trick works great
weko
Australia
weko
geo ip says
weko
AS9310 MYREPUBLIC PTY LTD
weko
Australia
weko
VIC
weko
Victoria
weko
Melton West
weko
3337
weko
-37.6758
weko
144.5527
weko
++attacker ip, I guess
weko
Need wait
weko
But really many mismatches with ntcp2
weko
2 per minute I think
weko
Seen attacker ip only one time for now, because no attack now
weko
No ++, it address trying publish only one ip now. Need wait new wave
weko
Hm, no more waves
weko
Interesting
dr|z3d
still dodgy routers out there.
dr|z3d
30m uptime, 2K routers banned gere.
dr|z3d
*here, and slowly increasing.
weko
Maybe it is maybe valid NTCP2 only floodfills
weko
Need wait for new wave
dr|z3d
I doubt 2K ffs are valid.
dr|z3d
legit ffs also higher than normal @ 2.8K
weko
Pizdec blyat'
orignal
no autralia is not attacker
orignal
however I'm wodering why it happens
orignal
that he publishes wrong IP
zzz
so have we moved past NTCP2-only already?
zzz
dr|z3d, you need to rip out that code anyway, it's aggressively borked
orignal
no they send with SSU and N bandwidth
orignal
*now
orignal
I saw few
orignal
and they all non reachable
dr|z3d
hmm, zzz?
zzz
dr|z3d, you're not doing your users any favors by doing quick untested hacks and then lobbying them to try it. Slow down and test more
zzz
your "noSSU" code
dr|z3d
what about it?
zzz
it's pointless, and it's buggy
dr|z3d
listening to why it's buggy, refute the assertion that it's pointless.
zzz
see above. there is no more NTCP2-only spam
dr|z3d
I'm not sure that's accurate.
zzz
that's what it looks like from here
dr|z3d
yeah, except it really depends where you're looking from.
dr|z3d
mostly I'd agree, but I'm being told that the attack's back on from some quarters.
zzz
right, just not NTCP2-only
dr|z3d
there may be concurrent attacks in play, then.
dr|z3d
because some people are reporting huge spikes in NTCP only ffs and the concommitant + bans.
zzz
re: bad code, it's not even a code thing, it's a logic thing:
zzz
boolean noSSU = false;
zzz
for (RouterAddress ra : info.getAddresses()) {
zzz
if (ra.getTransportStyle().equals("SSU") ||
zzz
ra.getTransportStyle().equals("SSU2")) {
zzz
noSSU = false;
zzz
break;
zzz
}
zzz
if (!ra.getTransportStyle().equals("SSU") &&
zzz
!ra.getTransportStyle().equals("SSU2"))
zzz
noSSU = true;
zzz
}
zzz
did you get two code blocks, old and fixed, or should I repost?
dr|z3d
never saw those, please repost.
zzz
<zzz> re: bad code, it's not even a code thing, it's a logic thing:
zzz
<zzz> boolean noSSU = false;
zzz
<zzz> for (RouterAddress ra : info.getAddresses()) {
zzz
<zzz> if (ra.getTransportStyle().equals("SSU") ||
zzz
<zzz> ra.getTransportStyle().equals("SSU2")) {
zzz
<zzz> noSSU = false;
zzz
<zzz> break;
zzz
<zzz> }
zzz
<zzz> if (!ra.getTransportStyle().equals("SSU") &&
zzz
<zzz> !ra.getTransportStyle().equals("SSU2"))
zzz
<zzz> noSSU = true;
zzz
<zzz> }
zzz
<zzz> how can that possibly give you an accurate value for noSSU given random ordering of transports?
zzz
<zzz> this is not about bad java.
zzz
<zzz> a correct version, in its entirety, as I said yesterday, would be:
zzz
<zzz> boolean noSSU = true;
zzz
<zzz> for (RouterAddress ra : info.getAddresses()) {
zzz
<zzz> if (ra.getTransportStyle().equals("SSU") ||
zzz
<zzz> ra.getTransportStyle().equals("SSU2")) {
zzz
<zzz> noSSU = false;
zzz
<zzz> break;
zzz
<zzz> }
zzz
<zzz> }
dr|z3d
ok, thanks. so just invert the test then.
zzz
I'm really concerned that between your increasing divergence + bug injection, and the inexorable increase in merge complexity and merge-induced bugs, you;re on the verge of big problems
dr|z3d
I'm fine, really, but thanks for your concern :)
dr|z3d
so my next aggressive mitigation is to ban firewalled floodfills. I'm sure you'll love that one, too :)
orignal
so zzz do you have an explaitaion bout that australian guy?
orignal
floodfill publishes IP that's not reachable
orignal
connects from anoth IP
zzz
ok just test test test that it's not aggressively borked
orignal
has both NTCP2 and SSU2
dr|z3d
roger that, zzz.
zzz
no orignal, I'm watching the mismatches but haven't seen any pattern
orignal
no he is not an attacker
orignal
I'm asking how it's even possible in Java code
orignal
he runs SSU2 and should update his extrenal IP shotrly
orignal
but he keeps connecting from wrond address even now
zzz
Blinded message
weko
orignal: I already said what Australian guy isn't attacker as I know. Or you seen real attack behavior (various IP from one endpoint)?
zzz
have a router hash?
weko
zzz: I can send 5 bytes
orignal
will tell you
weko
g-PY
weko
4 symbols
orignal
g-PY
weko
Ye
weko
But I don't see any pattern of attack from this IP
orignal
g-PYqDUxMGUSZUQ6tAkZhvOYSEqSP5bVoKEKUq~pGpA\=
weko
He only trying publish 158.140.215.184
orignal
I'm asking juts how it's possible
weko
orignal: I have 10-15 address who spamming me mismatched addresses, but every endpoint trying publish one ip
weko
Ntcp2
orignal
I know
orignal
that's why I have this question to zzz
orignal
what's the scenario
weko
Misconfig?
weko
Setup incorrect host=
orignal
it's Java
orignal
also tell ilita guys that my vps with znc is dead completely
orignal
I will connect locally once I have time
weko
Okay
weko
orignal: I think we need more logging
orignal
I'm busy until afternnon
orignal
* zzz вышел (Ping timeout: 320 seconds)
orignal
<orignal> I know
orignal
<orignal> that's why I have this question to zzz
orignal
<orignal> what's the scenario
orignal
<weko> Misconfig?
orignal
<weko> Setup incorrect host=
orignal
<orignal> it's Java
weko
Ntcp2/ssu2 1400/4000
orignal
interestuing
zzz
three possibilities, or a combination:
zzz
- Two IPs
zzz
- VPN
zzz
- Configured IP
orignal
what is "configured IP"?
zzz
force your IP address instead of auto-detect
orignal
do you have this option?
orignal
so an attcker can use it too
orignal
anyway I believe we should drop such routers
weko
Ye
weko
I agree
weko
Published address must be same with endpoint
orignal
it seems there is a lag with extrnal address change and new RI in Java
weko
[17:50:16] <extraNaCl> Петух тут только один. Которы даже не в курсе, что адреса настоящие ботнета.
weko
Some clown from ilita said what it is real addreses and what it is botnet
orignal
we know they are non reachable
orignal
extraNaCl is zlatinb, btw
orignal
maybe not
acetone
orignal: zlatinb have lower Russian skills in regular chats)
orignal
he has similar nick
orignal
probably not him
weko
Finally
weko
[18:28:11] <b39775weko_> Are you sure?
weko
[18:28:38] <b39775weko_> With other words, clown?
weko
[18:29:11] <b39775weko_> orignal: I have some theory and made some tests
weko
[18:30:02] <b39775weko_> orignal: Hm. They not reacheble, but it is maybe botnet
weko
[18:30:30] <b39775weko_> We need check , list of address of every wave same or not
weko
[18:31:07] <b39775weko_> If it same, more chances what it is botnet
zzz
repost
zzz
if UPnP works, or if we have a real public IPv4 address, we won't switch IPs, so that + VPN will give you wrong IP
zzz
but this guy may just have two IPs, like a cable modem + a 5G hotspot
weko
Ntcp2/ssu2 2000/4600
weko
1. My theory is what attacker spam not on all routers, only on some num. Then by the network mechanics they spread on the network
weko
2 Do we guess, what it is real addresses or not?
weko
1 - as the result, when I disable transit, num of floodfill go decrease
weko
And when I enable, increase
obscuratus
I can think of a way to do what weko is describing that is relatively simple. I hestitate to put it on a logged channel.
orignal
zzz, that problem is that IP he publishes is not reachable
weko
Disabled again, FFs decreased
zzz
yeah, so maybe VPN
weko
Why you discuss about not critical problem for now, while we have big attack from, maybe, botnet
orignal
regsradless
orignal
such floddfill must be excluded
orignal
zzz, I think we should bring it to today's meeting
orignal
our floodfill policy
orignal
it must be common
orignal
weko because this problem is not critical really
orignal
can be resolved easily
weko
orignal: 1% TCSR not a critical problem?!
orignal
but everybody should agree
weko
orignal: how
weko
Sure
weko
And how?
orignal
add more criteria to profiler
orignal
I'm just busy right now
orignal
that's why we must agree aboyt floodfill policy
weko
We must change our policy about new IPs in out netDb
weko
our*
orignal
no, floodfills only
orignal
eveything else is fine
weko
orignal: ye
weko
For now FFs only
orignal
we need stricter requeirements
orignal
about reachability and uptime
zzz
right now I'm banning mismatches for two hours
weko
But I guess we have attack from botnet
orignal
I'm not banning I just disconnect the session
weko
Because mismatch detection not working
orignal
and don't drop ROI from SessioConfirmed
zzz
I finally caught one spammer in my trap, but he's not the problem
orignal
weko you can change the code to pick non-FF only for tunnels
obscuratus
I can think of at least two ways to do it so you never connect directly with the router generating the fake addresses.
weko
orignal: for testing?
zzz
you need netdb profiling
orignal
if you need to fix your rate
weko
orignal: rate is problem because I disconnect often from IRC for example
weko
My tunnels creating slowly
orignal
zzz yes I need to improve it
orignal
as I said I'm busy right now
zzz
sure
zzz
it's a lot of work
orignal
not a lot
zzz
good
orignal
since I have it in place just need to add more checks
weko
orignal: so, what you think about 586mb in memory?
orignal
leak
orignal
need to investigate and fix it
orignal
but I can repeat for the third time
orignal
I'm busy
weko
Oh, missed
weko
389mb
orignal
try to investage youself
orignal
list of floodfills is a good start
orignal
maybe race condition
weko
hop says different values in "mem%" and "virt". What one I should believe?
weko
htop*
weko
Enabled transit. FFs num increased.
Xeha
weko: "virt" is just the virtual address space, not effective usage
obscuratus
How common should it be to get RI coming in as a garlic message. I've had 1100 over a 40 minute period.
weko
Xeha: thank
Xeha
weko: you'll want to look at the RES column
weko
Okay, thank
weko
Yes, it is
orignal
obscuratus AFAIK zzz always sends it in garlic
obscuratus
orignal: OK, thanks.
orignal
while I never do
obscuratus
orignal: I've seen on my testing network that I2PD LU routers seem to send RI in garlic messages. Would that make sense?
orignal
strange
obscuratus
Well, it could be I'm seeing a flood of that RI from another router. I have both Java and I2PD on my testing network.
obscuratus
I'll have to look at that more closely.
orignal
I never encrypt RI messages unless it's requested explicitly in lookup
weko
Disabled transit again, and FFs num decrees
weko
I think it is rule
weko
Have transits = more FFs
weko
orignal: clown from ilita said what he stay attack ON, and attack ON since he said... Maybe it is real attacker
orignal
who cares?
weko
Just funny
zzz
I'm currently banning peers at the rate of 300/hour
weko
Tunnel creation success rate: 5%
weko
Big num...
orignal
zzz, please elaborate
orignal
what do you ban them for?
dr|z3d
zzz's using I2P+ code.
zzz
I'm not sure
zzz
it's an IP match
zzz
from sybil or some previous bad actor
orignal
do you see a case when somebody publishes few IPs from the same?
dr|z3d
well, for an attack that's no longer playing out, I'm seeing a sizeable chunk of ntcp-only ffs in my banlist.
dr|z3d
uptime < 1hr, ntcp-only ffs banned, ~750
zzz
nothing yet
zzz
this is on a low-end non-ff router
zzz
02-06 18:09:00.591 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: Vg1SXqMEDPv6AuH~ytZ1v1u8Z7r6b1lUqMo5V5FjWCU=] [RouterInfo:
zzz
02-06 18:09:01.559 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: eJh2l8OIn-lHE2ICRNYEvU7BEhNsUFyv5cpMqiY0A5A=] [RouterInfo:
zzz
02-06 18:09:04.528 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: fMQTdzesTAh3emquuHiXInOjUZ2FRUnOmAPAeaFsxlk=] [RouterInfo:
zzz
02-06 18:09:05.063 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: epaGlo~YorG4LpCkpu4yHWzdm~FJEPZ3GuLtJa1dCdo=] [RouterInfo:
zzz
02-06 18:09:07.450 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: O6Ba8PrGTN8Lag2YJA~GPLhF5iL2DRfwdcGMjzNXsR8=] [RouterInfo:
zzz
02-06 18:09:07.561 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: jnp9YwCUaA7RnHAcRDcyXMxk3~pTSKF51t1OWZUce5E=] [RouterInfo:
zzz
02-06 18:09:07.847 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: eFmrJuBgCj2IBIdfxQ~XuCh~JuH2rYkXStxQaX7174s=] [RouterInfo:
zzz
same old story, need to tweak my logging and restart
zzz
it's like the router somehow "learned" the bad IPs and now is just banhammering
zzz
obscuratus, where were you looking for stores via garlic?
weko
R4SAS found some interesting think - RIs of attackers strange. Look on it via hexdump
zzz
normal, see proposal 161
orignal
good morning ))
weko
Say it to R4SAS )))
weko
i2p-projekt.i2p don't open (((
weko
0000000 f29a 279e ac42 504f e801 0d75 4165 f47b
weko
0000010 7e2f 804e 1ab3 fca6 9196 aaa0 b6f4 1202
weko
0000020 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000030 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000040 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000050 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000060 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000070 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000080 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000090 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
00000a0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
00000b0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
00000c0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
00000d0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
00000e0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
00000f0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000100 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000110 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000120 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000130 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000140 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko
0000150 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko
0000160 1ee2 a093 1068 8999 1668 db27 fd8a 1b5b
weko
0000170 aee8 f26b d4ba 6e63 6b60 03e8 4d80 e097
weko
zzz: orignal look
weko
Hex of RI
weko
Repeated bytes
orignal
have you read proposal 161?
R4SAS-hex
so here is 32+32 bytes repeated?
orignal
yes
orignal
but first 32
zzz
weko, we're busy. I told you the answer
weko
zzz: R4SAS say give you example
weko
Okay
orignal
weko please read proposal 161
weko
Okay
weko
I will try open i2p-projekt.i2p
weko
It is hard
zzz
then geti2p.net
orignal
Release 2.45.0 "Compressible padding for I2P addresses"
orignal
zzz, NfR seems them patterns
orignal
SSU and NTCP2 ipv4
dr|z3d
~3K banned NTCP-only ffs right now on a router with 2h uptime.
orignal
dr|z3d see above
orignal
there bunch unrechable NfRs
dr|z3d
if R means anything, it should mean "yes, we can reach you" :)
dr|z3d
otherwise it's fairly meaningless.
dr|z3d
what I mean is, my router should be determining if another router is R or U, not the other way around.
dr|z3d
hopefully from this we will have a robust method to determine if we can actually reach a router before we start sending it requests.
orignal
f means it must be reachable
obscuratus
zzz: I was trying to get a rough idea if receiving ~1000 unique RI per hour in garlic messages seemed reasonable. If that's actually normal, then I'm barking up the wrong tree. :)
zzz
I'm working on researching the same thing, which is why I'm asking where you are looking
zzz
it's a little convoluted
zzz
0) Hi
zzz
hi
eyedeekay
hi
orignal
hi
zzz
what's on the agenda for today?
orignal
I would say "floodfills requirements"
zzz
ok that's 1)
eyedeekay
Android point release
eyedeekay
Only because I'm moving it back based on what's going on
zzz
android is 2)
zzz
I'll add 3) congestion caps
zzz
4) streaming test
zzz
anything else?
orignal
no
zzz
ok
eyedeekay
Communication about the attack
zzz
ok communication is 5)
zzz
1) floodfills requirements
orignal
we need to clarify
orignal
reachable by ipv4
weko
Uptime
orignal
what's the mimnimal bandwidth?
orignal
I would require O
zzz
these are requirements to enable floodfill locally, or to send stores/lookups to a floodfill?
orignal
requirement for other routers to recognize it as FF
orignal
becuase now we see idiots who run FF in yggdrasil adderess
weko
orignal: ++, O.
zzz
the other case is whether to include it in a DBSRM
orignal
what about ipv6-only? it's a moot point now
weko
orignal: FF in yggdrasil it is normal I guess. Why ygg can't have FFs?
orignal
it can have ygg address
orignal
but that idiot runs FF on router with ygg-only
zzz
I think more important than caps or transports is to have a good local assessment of the quality of the ff
zzz
is it responding, is it brand new
zzz
basic DHT stuff, in other words
zzz
if you return all "bad" ffs in the DBSRM, they just get propagated around, very quickly
weko
[22:38:02] <9d54b3orignal> but that idiot runs FF on router with ygg-only
weko
But why idiots? They reachable in ygg, I don't see a problem.
orignal
what's that?
zzz
whats what?
orignal
DBRSM
orignal
if I receive a router with "f"
orignal
I have to decide if it's actually f or not
orignal
e..g if it meets some requirements
orignal
got it
zzz
yes
orignal
same thing
orignal
if we dopn't consider one as FF it will not be included
orignal
sure if somebody declares X but doesn't have actual badnwidth also exluded
orignal
my bigger concern is ipv4/ipv6
orignal
also must be reachable thrugh all address he declares?
weko
[22:41:27] <9d54b3orignal> if we dopn't consider one as FF it will not be included
weko
Oh I suggested you this, you critic me.
zzz
I'm not in favor of doing anything that would significantly reduce the number of floodfills right now
zzz
maybe someday
weko
orignal: must be reacheable though all addresses, which declared as reachable
zzz
but right now we need all we can get
orignal
zzz not it's time
orignal
to clarify
orignal
what is floodfill ans what is not
zzz
the java auto-floodfill rules are: N or higher, reachable, ipv4, ntcp2, ssu
orignal
reachable on both? or on just one?
zzz
just 1 I think
orignal
it's wrong I guess
orignal
I mean if both are in RI
zzz
doesn't really matter, because the cost will go to the non-firewalled address
orignal
it matters
zzz
corner case anyway
orignal
see
orignal
I need to publish something on a FF
orignal
and he declares that he reachable by NTCP2 for example
orignal
I try to pick a tunnel with OBEP with NTCP2
zzz
sure
orignal
but if it's actully non-rechable through NTCP, OBEP might not support NTCP2
zzz
but the most important thing is not agreeing on a set of criteria.
zzz
The most important thing is deciding if the ff is responsive or bad
zzz
which will always be a local view
orignal
we must be on the same page
orignal
to agree what is bad
zzz
agreed, but it will always be messy. same page != exactly the same
orignal
no but close
zzz
right
orignal
so we agreed that it must have ipv4 at leat
orignal
I will ignore ipv6 and ygg only
zzz
I've also been reviewing our good vs. bad classification
orignal
so tell us
zzz
no recommendations yet
weko
[22:52:47] <orignal> I will ignore ipv6 and ygg only
weko
I think we can change this in future. Is it?
zzz
but dr|z3d has, I think, radically changed what plus does, and his router still works, somehow
zzz
so even same page isn't required, but it is helpful
orignal
because others didn't
zzz
so let me tell you where I'm at right now
zzz
I'm working on a set of mitigations
orignal
me too
orignal
so tell me
zzz
stuff like not exploding, not OOMing, expiring things faster
zzz
obvious stuff
eyedeekay
I had planned to address a number of small UX issues in I2P for Android in a point release, prior to the current round of attacks
eyedeekay
Since the attacks have started Android and zzz pointed out Android does not have blocklist support, I'm moving that back another week to give me time to implement and test the blocklist on Android
eyedeekay
Anecdotal evidence suggests Android users are having more issues than desktop users already, with very long delays before being able to reach sites or use IRC
eyedeekay
I don't currently intend to use a newer router under the hood, and many Android routers are firewalled, but
zzz
eyedeekay, we're not on 2) yet
eyedeekay
Sorry I was planning my Android post and accidentally hit enter, so sorry
eyedeekay
my bad
eyedeekay
Did not mean to interrupt
zzz
orignal, my next steps... identifying and addressing the root cause... I'm only starting to look at
zzz
first I need to land my package of mitigations, probably in a couple of days
orignal
root cause?
zzz
well, not really cause, but identifying exactly what's happening, and deal with it
zzz
I think obscuratus is getting close, maybe, so perhaps he can help
orignal
somebody keep flooding with bad floodfiils
orignal
that's it
zzz
sure but developing a strategy to deal with it is the challenge
zzz
to be clear: my mitigations so far don't help that much
orignal
I check if a FF is rechable and exclude it if not
zzz
so I'm going to get them tested and checked in, then move on to the harder part
zzz
I don't have any fix right now to prevent 10,000 ffs from going into my netdb
orignal
that's why I raised this question about requirements
orignal
so it would be hard to run a FF foir every idiot
zzz
and there's no way I can classify 10,000 ff as good/bad
orignal
as dr|zed suggests
zzz
except, maybe, say all new ones are bad, but that can lead to other problems
zzz
so, maybe I'll have recommendations late this week, maybe not
orignal
try to connect
zzz
but first I need to land my first round of mitigations
zzz
Can't do that for 10,000 routers
orignal
btw why?
eyedeekay
I feel like I'm stating the obvious but does them being created too close together matter?
weko
[23:01:43] <3176b3zzz> and there's no way I can classify 10,000 ff as good/bad
weko
zzz: that is why suggest to classify FF as not reachable by default
eyedeekay
Or help in the analysis? Like I got a thousand floodfills that all happened to be created Sunday at 1
zzz
sure, but it's dangerous if you've been down a week, or a new router
zzz
none of this is simple or obvious
eyedeekay
I see
zzz
can we wrap up on 1) ?
zzz
anything else to add for 1) ?
orignal
nothing
eyedeekay
No
zzz
2) android
zzz
eyedeekay, please repaste so we don't have to scroll up
eyedeekay
Sorry about accidentally sending my copypasta early
eyedeekay
I had planned to address a number of small UX issues in I2P for Android in a point release, prior to the current round of attacks
eyedeekay
Since the attacks have started Android and zzz pointed out Android does not have blocklist support, I'm moving that back another week to give me time to implement and test the blocklist on Android
eyedeekay
Anecdotal evidence suggests Android users are having more issues than desktop users already, with very long delays before being able to reach sites or use IRC
eyedeekay
I don't currently intend to use a newer router under the hood, and many Android routers are firewalled, but if Android is affected more by attacks and also behind in mitigations then it's going to stay worse for them
eyedeekay
Should I wait for mitigation strategies for the floodfill flood, and cherry-pick them for the Android users?
zzz
I don't have a good answer right now
zzz
If we find magic bullets, we might be doing a desktop release
eyedeekay
OK then I'll start with the blocklist, and if the the answer clarifies I'll just do another one
eyedeekay
+1 works for me
zzz
well, start with coding and testing
zzz
don't pull trigger on release without seeing where we're at
eyedeekay
Newsfeed blocklist is moved to the top of my list this week but it will be tested before I move on a release
zzz
thats my recommendation
eyedeekay
OK
zzz
you can also review the current 2.2.0 release announcement draft on my forum to get a sense of what's done so far
eyedeekay
That's all I really wanted to point out re: 2
zzz
ok
zzz
anytyhing else on 2) ?
eyedeekay
I'm always on your forum
eyedeekay
Not from me
zzz
lol
zzz
3) streaming test
zzz
just a quick reminder to orignal that we need to test the streaming thing
zzz
that's all
zzz
woops that was 4)
zzz
anyway, you haven't forgotten I hope, I know you're busy
zzz
anything else on 4) ?
orignal
zzz yes I forgot
orignal
was busy
orignal
btw ban for 2 hours if not connected helps
zzz
just in case we end up doing a release sooner than planned, let's try to test it soon
zzz
3) congestion caps
orignal
when do we plan the release?
zzz
early April is the schedule
zzz
of course recent events may change that
zzz
3) congestion caps
zzz
I made some minor updates to prop. 162
zzz
and more code to implement it
orignal
I'm going to add it shrtly
zzz
I'm pretty close to being done
zzz
basically the main test is whether our shared bandwidth usage is close to the limit
zzz
average over the past 20 minutes
zzz
although maybe 10 would be better
zzz
still playing with it
zzz
anything else on 3) ?
orignal
no
zzz
5) Communication about the attack
zzz
go ahead eyedeekay
eyedeekay
I'm trying to make sure that redditors and other groups aren't cut off from information about what's going on so far
eyedeekay
the responsible thing to do seems to be to direct them to the zzz.i2p thread
zzz
you can give me two minutes in the meeting tomorrow
zzz
and then perhaps a news feed entry later in the week
zzz
I don't think a blog post is appropriate as this only affects current users
zzz
I wasn't a big fan of your bundle-is-late blog post, even though well written and I understand why you did it, but I think news feed is better
zzz
I don't think a bunch of i2p-under-attack articles is helpful for anybody
zzz
but you and sadie do your thing, you don't need my advice
eyedeekay
Understood, I'll communicate based on that plan
zzz
feel free to copy/paste/mod whatever I put on my forum or in the meeting, as usual
eyedeekay
I'm concerned about remaining accurate, trying to improve this process
zzz
just remember we're only 36 hours into this one
zzz
the tunnel spam dates back to 12/19, and is a lot better understood atm
zzz
anything else on 5) ?
eyedeekay
Nothing I can think of
orignal
no
zzz
anything else for the meeting?
zzz
two weeks to next one, Feb. 20?
orignal
yes
eyedeekay
yes
zzz
thanks everybody, I'm sure we'll all be a lot smarter in two weeks
zzz
happy coding / testing
weko
Finally
weko
Oh ...
weko
Stupid zero tunnels...
weko
*go to read logs*
weko
My tunnels cleared 10k floodfills in one time
weko
Router*
weko
I think I should more increase of tunnels creation speed
zzz
major was here almost the whole meeting, so you should be able to see it when the site comes back
weko
I mean site not working
weko
I'll wait
weko
[23:35:56] <zzz> no, not more i2pd tunnel spam :)
weko
Otherwise I will always stuck on 0 tunnels, like 10 minutes ago
zzz
fix = better peer selection, not faster builds
weko
Sure
weko
I don't want setup very big values
obscuratus
weko: major is working for me.
weko
Just increase x1.5-2
weko
obscuratus: OK, one sec
zzz
<zzz> I'm working on researching the same thing, which is why I'm asking where you are looking
zzz
<zzz> it's a little convoluted
zzz
^^ obscuratus
weko
Oh, major not work for me. Will test later
weko
Can't find leaseset
obscuratus
zzz: Yeah, I can see the RI in Garlic messages coming in, but I'm running into a wall trying to characterize them, and seeing if there's a pattern to where they're coming from.
zzz
I'm asking where in the code or what are you logging to see that
obscuratus
Here's an example...
obscuratus
Feb 6, 2023, xx:xx:xx AM INFO [P reader 2/4] nnel.InboundMessageDistributor: Storing garlic RI down tunnel for: [Hash: hbJwuEmnRxQEGJriAmzIMnBPaG5Q6yAdtILZfOtOt2g=]
zzz
ok, thanks
zzz
obviously to get a grip on this we need to classify the types/sources of stores
obscuratus
Yeah, that's where I was trying to wade in.
zzz
also the patterns will be quite different if ff
zzz
your strategy is sound, you're just a little ahead of me atm
obscuratus
I'm also thinking about even easier ways to produce the kind of things we're seeing.
dr|z3d
over 9K banned NTCP-only ffs. who said the attack had passed?
dr|z3d
(4h uptime)
zzz
ok, I think some of my shotguns may have caught it here, accidentally
zzz
hot on the trail
zzz
it's all about logging in the right spot
zzz
I think that's why I didn't see them
obscuratus
zzz: Does it have to do with the Garlic RIs, or something else?
zzz
more in a couple days, still chasing it
orignal
guys maybe we should create a secret channel by ivites only
orignal
because I believe the rat reads us
zzz
sure, I could kick major out too
orignal
but do you know most of others here? I don't
obscuratus
orignal: Not a horrible idea.
orignal
once we discussed NTVP2-only they started publishung with SSU
zzz
I feel like I'm always one router restart away from figuring it out