#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

eyedeekay Social engineering or just bad advice? Reddit link: old.reddit.com/r/i2p/comments/1g95ew2/you_have_trouble_connecting_to_the_network_i2pd

snex That link is trying to download a file instead of load a page

RN opened the page for me

RN though the original post is already deleted

eyedeekay Oh it had an i2pd config fragment with a bunch of fake reseeds and suggested disabling all verification

eyedeekay I have a copy I think

eyedeekay Formatting is kinda bullshit, I'll put it on cake

eyedeekay cake.i2p/view/o0c2Ynlm2o_V2HpGo3BiaOXwspjNqGRF9mdnal5US_yRV458msJw/o0c2Ynlm2o.txt

snex nmap those seeds. Take them over. Turn them into permanent floodfills and monero miners

dr|z3d the seeds looked fine to me.

eyedeekay There is definitely no 'reseed.eyedeekay.net'

eyedeekay Among others

dr|z3d hmm. maybe it's a LLM generated list.

eyedeekay Could be

dr|z3d verify=false, what does that turn off? and what does thrshold = 1 do?

eyedeekay That makes some sense, otherwise I don't know where some of those came from

dr|z3d some people on reddit have taken to using LLMs to provide "support" lately.

snex Why is Reddit even still a thing

eyedeekay verify=false turns off su3 sigs

RN the names do look similar to many names I've come across before, but probably ending in .i2p

RN probably someone trying to pre-stage some kind of attack

dr|z3d doubt it.

dr|z3d it's someone that's printed whatever LLM X told them, wholesale. because LLM's are always 100% accurate in every context.

dr|z3d for the most part, end users shouldn't need to alter whatever seed list is supplied.

eyedeekay Yeah this edit did nothing but open the user up to a bootstrap attack

dr|z3d slap them down in the comments.

eyedeekay Whether the user knew or not I wonder

eyedeekay Already did

dr|z3d far too many people lately acting like they're authorities on i2p, when they evidently know shit.

RN ^

snex YouTube tutorial series when?

eyedeekay When you make one

snex I’m not an expert

RN acetone has a lot of good tutorials, some are i2pd and some are java-i2p

eyedeekay Yeah acetone's are currently the best

snex I want tutorials on how the internals work not how to run a router

dr|z3d RTP has a few I2P tutorials, good for beginners.

eyedeekay snex then you'll want acetone's

RTP yes acetone has a good one: youtube.com/watch?v=95hSAMEwrlM (mine are mostly / pretty much aimed at attracting / helping beginners, if anyone ever notices any mistakes in my RTP videos, welcome messages on any corrections - to improve into future)

onon_ > dr|z3d: verify=false, what does that turn off? and what does thrshold = 1 do?

onon_ Minimum number of known routers, below which i2pd triggers reseeding. 25 by default

onon_ threshold = 25

dr|z3d ok, thx

orignal it depends on section

orignal ("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")

orignal ("reseed.threshold", value<uint16_t>()->default_value(25), "Minimum number of known routers before requesting reseed")

orignal it's easy

dr|z3d why wouldn't you want to verify the sigs by default?

orignal because people run it without certificates

orignal often

orignal you set verify=true only in apckage

orignal *package

dr|z3d ok, so that's likely where verify=0 came from then.

orignal should be verify=false

orignal it's bool

dr|z3d my bad, the line was in fact verify = false

eyedeekay If it is somebody social engineering, it's pretty low-effort stuff especially considering they left the real reseeds in there with the fake/nonexistent ones

eyedeekay And there were no services present at the fake ones, so leaning toward dr|zed's theory of LLM-bullshitting

RN yeah, probably right

RN was exciting for about 84 seconds

eyedeekay I mean it's at least mildly interesting that an LLM once again came up with bad advice for an I2P user

eyedeekay But only mildly

orignal but I don't see what can they achieve this way

eyedeekay Probably not much, but my hypothesis was that if somebody purchased one of those fake domains and set up a malicious reseed server on it after the fact it could allow someone to serve them a poisoned reseed

orignal but this address is not resolved

orignal you can't just run posisoned reseed

orignal you need to run whole fake network

eyedeekay Of course, but that's not exactly that hard anymore either

eyedeekay an attacker would have to set something up at the fake address, my point is that it's induced this user to enter a fake reseed server address

orignal but what the fake reseed is supposed to return in su3?

orignal seems it's easy to run a fake floodfill

eyedeekay At the moment, it returns nothing, which is why we think it's an LLM talking nonsense and not a social engineering attack

eyedeekay If there were a server there, I would be more worried

orignal I'm asking about possible attack

eyedeekay Which one? Same one I'm talking about or the other one with the spam?

orignal attack with fake reseeds

eyedeekay Probably not an attack per se, just an LLM making stuff up without context

orignal I doubt it's even possible with current size of the netwrok

eyedeekay What a bootstrap attack? seems pretty reasonable to me that an attacker could deny somebody service by booting them into a testnet at least, probably some more creative stuff too especially for people who start I2P and the application they're using I2P with at the same time

orignal you can't forge a b32 address this way

eyedeekay Agreed, you cannot, but that's not what a bootstrap attacker is trying to do IMO

eyedeekay If I'm thinking like a bootstrap attacker, I'm asking "how long can I guarantee that this target is mostly discovering routers I own"

eyedeekay Or maybe I'm just trying to be a dick, and don't care about taking over a service, all I want is to trick you onto a useless network of 200 docker containers that connect to nothing

eyedeekay Or maybe I think you're a service operator and once I've got you on my fake network I start talking to *your* b32

eyedeekay Yeah that's a nasty potentiality right there. once your leaseSet appears on a malicious testnet after a bootstrap attack you're totally screwed, as you said before, unforgeable

eyedeekay That's why we verify, pick 2 starting peers from 2 separate reseed servers, etc

dr|z3d welcome back, deba

dr|z3d just when you think the traffic's subsided, here it comes again.

zzz hacking up a part. tunnels by country chart to see what it says about china

dr|z3d not seeing anything particularly interesting re china

dr|z3d a couple of cn X routers with ~25 tunnels each, that's about it.

dr|z3d git.skank.i2p/i2pplus/I2P.Plus/src/commit/9ce247c20c0450759c557a4abd142bacc7145403/apps/routerconsole/java/src/net/i2p/router/web/helpers/TunnelRenderer.java#L281

zzz Participating peers by country (including inactive)

zzz CountryTunnelsUsage

zzz United States 104 6.87 MiB

zzz China 72 278 KiB

zzz Russian Federation 55 522 KiB

zzz Germany 47 158 KiB

zzz Canada 33 379 KiB

zzz Netherlands 26 6.33 MiB

zzz United Kingdom 20 118 KiB

zzz France 19 46 KiB

zzz Australia 16 227 KiB

dr|z3d are you seeing elevated transit traffic, zzz?

dr|z3d welcome to #saltR, bak83

bak83 Thank you!

zzz indeed

zzz but not crazy

dr|z3d Maybe 8MB/s ballpark max I've been seeing lately, though it's spiking a lot.

zzz my routers usually run pretty close to their limits so I have to squint to see it

zzz anyway, I'll say the data is confirming evidence pointing to china

bak83 I was looking at implementing this bittorrent DHT entension into snark and the i2p BT DHT standard, bittorrent.org/beps/bep_0051.html#horizontal-attack , to allow the indexing of DHT torrents without a centralized tracker. It doesn't look like it is implemented yet. Would a formal proprosal/RFC be required?

dr|z3d not sure a formal proposal is required, though zzz is best placed to answer that question. what's probably more persuasive is a merge request.

zzz no, because bittorrent extension mechanism is extensible ))

zzz so knock yourself out

zzz does biglybt support it?

bak83 They and vuse have plugins for it, I'm not sure it's supported in i2p

dr|z3d bak83: dht search in snark is something I suggested years ago, so if you can get it working, I'm confident we'll use it.

orignal seems they are testing routers for limits

dr|z3d they're doing a poor job if that's the case.

orignal they always reach caps on all my routers

orignal once they see E they stop flooding