IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/10/23
snex That link is trying to download a file instead of load a page
RN opened the page for me
RN though the original post is already deleted
eyedeekay Oh it had an i2pd config fragment with a bunch of fake reseeds and suggested disabling all verification
eyedeekay I have a copy I think
eyedeekay Formatting is kinda bullshit, I'll put it on cake
snex nmap those seeds. Take them over. Turn them into permanent floodfills and monero miners
dr|z3d the seeds looked fine to me.
eyedeekay There is definitely no 'reseed.eyedeekay.net'
eyedeekay Among others
dr|z3d hmm. maybe it's a LLM generated list.
eyedeekay Could be
dr|z3d verify=false, what does that turn off? and what does thrshold = 1 do?
eyedeekay That makes some sense, otherwise I don't know where some of those came from
dr|z3d some people on reddit have taken to using LLMs to provide "support" lately.
snex Why is Reddit even still a thing
eyedeekay verify=false turns off su3 sigs
RN the names do look similar to many names I've come across before, but probably ending in .i2p
RN probably someone trying to pre-stage some kind of attack
dr|z3d doubt it.
dr|z3d it's someone that's printed whatever LLM X told them, wholesale. because LLM's are always 100% accurate in every context.
dr|z3d for the most part, end users shouldn't need to alter whatever seed list is supplied.
eyedeekay Yeah this edit did nothing but open the user up to a bootstrap attack
dr|z3d slap them down in the comments.
eyedeekay Whether the user knew or not I wonder
eyedeekay Already did
dr|z3d far too many people lately acting like they're authorities on i2p, when they evidently know shit.
snex YouTube tutorial series when?
eyedeekay When you make one
snex I’m not an expert
RN acetone has a lot of good tutorials, some are i2pd and some are java-i2p
eyedeekay Yeah acetone's are currently the best
snex I want tutorials on how the internals work not how to run a router
dr|z3d RTP has a few I2P tutorials, good for beginners.
eyedeekay snex then you'll want acetone's
RTP yes acetone has a good one: youtube.com/watch?v=95hSAMEwrlM (mine are mostly / pretty much aimed at attracting / helping beginners, if anyone ever notices any mistakes in my RTP videos, welcome messages on any corrections - to improve into future)
onon_ > dr|z3d: verify=false, what does that turn off? and what does thrshold = 1 do?
onon_ Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
onon_ threshold = 25
dr|z3d ok, thx
orignal it depends on section
orignal ("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")
orignal ("reseed.threshold", value<uint16_t>()->default_value(25), "Minimum number of known routers before requesting reseed")
orignal it's easy
dr|z3d why wouldn't you want to verify the sigs by default?
orignal because people run it without certificates
orignal often
orignal you set verify=true only in apckage
orignal *package
dr|z3d ok, so that's likely where verify=0 came from then.
orignal should be verify=false
orignal it's bool
dr|z3d my bad, the line was in fact verify = false
eyedeekay If it is somebody social engineering, it's pretty low-effort stuff especially considering they left the real reseeds in there with the fake/nonexistent ones
eyedeekay And there were no services present at the fake ones, so leaning toward dr|zed's theory of LLM-bullshitting
RN yeah, probably right
RN was exciting for about 84 seconds
eyedeekay I mean it's at least mildly interesting that an LLM once again came up with bad advice for an I2P user
eyedeekay But only mildly
orignal but I don't see what can they achieve this way
eyedeekay Probably not much, but my hypothesis was that if somebody purchased one of those fake domains and set up a malicious reseed server on it after the fact it could allow someone to serve them a poisoned reseed
orignal but this address is not resolved
orignal you can't just run posisoned reseed
orignal you need to run whole fake network
eyedeekay Of course, but that's not exactly that hard anymore either
eyedeekay an attacker would have to set something up at the fake address, my point is that it's induced this user to enter a fake reseed server address
orignal but what the fake reseed is supposed to return in su3?
orignal seems it's easy to run a fake floodfill
eyedeekay At the moment, it returns nothing, which is why we think it's an LLM talking nonsense and not a social engineering attack
eyedeekay If there were a server there, I would be more worried
orignal I'm asking about possible attack
eyedeekay Which one? Same one I'm talking about or the other one with the spam?
orignal attack with fake reseeds
eyedeekay Probably not an attack per se, just an LLM making stuff up without context
orignal I doubt it's even possible with current size of the netwrok
eyedeekay What a bootstrap attack? seems pretty reasonable to me that an attacker could deny somebody service by booting them into a testnet at least, probably some more creative stuff too especially for people who start I2P and the application they're using I2P with at the same time
orignal you can't forge a b32 address this way
eyedeekay Agreed, you cannot, but that's not what a bootstrap attacker is trying to do IMO
eyedeekay If I'm thinking like a bootstrap attacker, I'm asking "how long can I guarantee that this target is mostly discovering routers I own"
eyedeekay Or maybe I'm just trying to be a dick, and don't care about taking over a service, all I want is to trick you onto a useless network of 200 docker containers that connect to nothing
eyedeekay Or maybe I think you're a service operator and once I've got you on my fake network I start talking to *your* b32
eyedeekay Yeah that's a nasty potentiality right there. once your leaseSet appears on a malicious testnet after a bootstrap attack you're totally screwed, as you said before, unforgeable
eyedeekay That's why we verify, pick 2 starting peers from 2 separate reseed servers, etc
dr|z3d welcome back, deba
dr|z3d just when you think the traffic's subsided, here it comes again.
zzz hacking up a part. tunnels by country chart to see what it says about china
dr|z3d not seeing anything particularly interesting re china
dr|z3d a couple of cn X routers with ~25 tunnels each, that's about it.
zzz Participating peers by country (including inactive)
zzz CountryTunnelsUsage
zzz United States 104 6.87 MiB
zzz China 72 278 KiB
zzz Russian Federation 55 522 KiB
zzz Germany 47 158 KiB
zzz Canada 33 379 KiB
zzz Netherlands 26 6.33 MiB
zzz United Kingdom 20 118 KiB
zzz France 19 46 KiB
zzz Australia 16 227 KiB
dr|z3d are you seeing elevated transit traffic, zzz?
dr|z3d welcome to #saltR, bak83
bak83 Thank you!
zzz indeed
zzz but not crazy
dr|z3d Maybe 8MB/s ballpark max I've been seeing lately, though it's spiking a lot.
zzz my routers usually run pretty close to their limits so I have to squint to see it
zzz anyway, I'll say the data is confirming evidence pointing to china
bak83 I was looking at implementing this bittorrent DHT entension into snark and the i2p BT DHT standard, bittorrent.org/beps/bep_0051.html#horizontal-attack , to allow the indexing of DHT torrents without a centralized tracker. It doesn't look like it is implemented yet. Would a formal proprosal/RFC be required?
dr|z3d not sure a formal proposal is required, though zzz is best placed to answer that question. what's probably more persuasive is a merge request.
zzz no, because bittorrent extension mechanism is extensible ))
zzz so knock yourself out
zzz does biglybt support it?
bak83 They and vuse have plugins for it, I'm not sure it's supported in i2p
dr|z3d bak83: dht search in snark is something I suggested years ago, so if you can get it working, I'm confident we'll use it.
orignal seems they are testing routers for limits
dr|z3d they're doing a poor job if that's the case.
orignal they always reach caps on all my routers
orignal once they see E they stop flooding