eyedeekay
Social engineering or just bad advice? Reddit link: old.reddit.com/r/i2p/comments/1g95ew2/you_have_trouble_connecting_to_the_network_i2pd
snex
That link is trying to download a file instead of load a page
RN
opened the page for me
RN
though the original post is already deleted
eyedeekay
Oh it had an i2pd config fragment with a bunch of fake reseeds and suggested disabling all verification
eyedeekay
I have a copy I think
eyedeekay
Formatting is kinda bullshit, I'll put it on cake
snex
nmap those seeds. Take them over. Turn them into permanent floodfills and monero miners
dr|z3d
the seeds looked fine to me.
eyedeekay
There is definitely no 'reseed.eyedeekay.net'
eyedeekay
Among others
dr|z3d
hmm. maybe it's a LLM generated list.
eyedeekay
Could be
dr|z3d
verify=false, what does that turn off? and what does thrshold = 1 do?
eyedeekay
That makes some sense, otherwise I don't know where some of those came from
dr|z3d
some people on reddit have taken to using LLMs to provide "support" lately.
snex
Why is Reddit even still a thing
eyedeekay
verify=false turns off su3 sigs
RN
the names do look similar to many names I've come across before, but probably ending in .i2p
RN
probably someone trying to pre-stage some kind of attack
dr|z3d
doubt it.
dr|z3d
it's someone that's printed whatever LLM X told them, wholesale. because LLM's are always 100% accurate in every context.
dr|z3d
for the most part, end users shouldn't need to alter whatever seed list is supplied.
eyedeekay
Yeah this edit did nothing but open the user up to a bootstrap attack
dr|z3d
slap them down in the comments.
eyedeekay
Whether the user knew or not I wonder
eyedeekay
Already did
dr|z3d
far too many people lately acting like they're authorities on i2p, when they evidently know shit.
RN
^
snex
YouTube tutorial series when?
eyedeekay
When you make one
snex
I’m not an expert
RN
acetone has a lot of good tutorials, some are i2pd and some are java-i2p
eyedeekay
Yeah acetone's are currently the best
snex
I want tutorials on how the internals work not how to run a router
dr|z3d
RTP has a few I2P tutorials, good for beginners.
eyedeekay
snex then you'll want acetone's
RTP
yes acetone has a good one: youtube.com/watch?v=95hSAMEwrlM (mine are mostly / pretty much aimed at attracting / helping beginners, if anyone ever notices any mistakes in my RTP videos, welcome messages on any corrections - to improve into future)
onon_
> dr|z3d: verify=false, what does that turn off? and what does thrshold = 1 do?
onon_
Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
onon_
threshold = 25
dr|z3d
ok, thx
orignal
it depends on section
orignal
("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")
orignal
("reseed.threshold", value<uint16_t>()->default_value(25), "Minimum number of known routers before requesting reseed")
orignal
it's easy
dr|z3d
why wouldn't you want to verify the sigs by default?
orignal
because people run it without certificates
orignal
often
orignal
you set verify=true only in apckage
orignal
*package
dr|z3d
ok, so that's likely where verify=0 came from then.
orignal
should be verify=false
orignal
it's bool
dr|z3d
my bad, the line was in fact verify = false
eyedeekay
If it is somebody social engineering, it's pretty low-effort stuff especially considering they left the real reseeds in there with the fake/nonexistent ones
eyedeekay
And there were no services present at the fake ones, so leaning toward dr|zed's theory of LLM-bullshitting
RN
yeah, probably right
RN
was exciting for about 84 seconds
eyedeekay
I mean it's at least mildly interesting that an LLM once again came up with bad advice for an I2P user
eyedeekay
But only mildly
orignal
but I don't see what can they achieve this way
eyedeekay
Probably not much, but my hypothesis was that if somebody purchased one of those fake domains and set up a malicious reseed server on it after the fact it could allow someone to serve them a poisoned reseed
orignal
but this address is not resolved
orignal
you can't just run posisoned reseed
orignal
you need to run whole fake network
eyedeekay
Of course, but that's not exactly that hard anymore either
eyedeekay
an attacker would have to set something up at the fake address, my point is that it's induced this user to enter a fake reseed server address
orignal
but what the fake reseed is supposed to return in su3?
orignal
seems it's easy to run a fake floodfill
eyedeekay
At the moment, it returns nothing, which is why we think it's an LLM talking nonsense and not a social engineering attack
eyedeekay
If there were a server there, I would be more worried
orignal
I'm asking about possible attack
eyedeekay
Which one? Same one I'm talking about or the other one with the spam?
orignal
attack with fake reseeds
eyedeekay
Probably not an attack per se, just an LLM making stuff up without context
orignal
I doubt it's even possible with current size of the netwrok
eyedeekay
What a bootstrap attack? seems pretty reasonable to me that an attacker could deny somebody service by booting them into a testnet at least, probably some more creative stuff too especially for people who start I2P and the application they're using I2P with at the same time
orignal
you can't forge a b32 address this way
eyedeekay
Agreed, you cannot, but that's not what a bootstrap attacker is trying to do IMO
eyedeekay
If I'm thinking like a bootstrap attacker, I'm asking "how long can I guarantee that this target is mostly discovering routers I own"
eyedeekay
Or maybe I'm just trying to be a dick, and don't care about taking over a service, all I want is to trick you onto a useless network of 200 docker containers that connect to nothing
eyedeekay
Or maybe I think you're a service operator and once I've got you on my fake network I start talking to *your* b32
eyedeekay
Yeah that's a nasty potentiality right there. once your leaseSet appears on a malicious testnet after a bootstrap attack you're totally screwed, as you said before, unforgeable
eyedeekay
That's why we verify, pick 2 starting peers from 2 separate reseed servers, etc
dr|z3d
welcome back, deba
dr|z3d
just when you think the traffic's subsided, here it comes again.
zzz
hacking up a part. tunnels by country chart to see what it says about china
dr|z3d
not seeing anything particularly interesting re china
dr|z3d
a couple of cn X routers with ~25 tunnels each, that's about it.
dr|z3d
git.skank.i2p/i2pplus/I2P.Plus/src/commit/9ce247c20c0450759c557a4abd142bacc7145403/apps/routerconsole/java/src/net/i2p/router/web/helpers/TunnelRenderer.java#L281
zzz
Participating peers by country (including inactive)
zzz
CountryTunnelsUsage
zzz
United States 104 6.87 MiB
zzz
China 72 278 KiB
zzz
Russian Federation 55 522 KiB
zzz
Germany 47 158 KiB
zzz
Canada 33 379 KiB
zzz
Netherlands 26 6.33 MiB
zzz
United Kingdom 20 118 KiB
zzz
France 19 46 KiB
zzz
Australia 16 227 KiB
dr|z3d
are you seeing elevated transit traffic, zzz?
dr|z3d
welcome to #saltR, bak83
bak83
Thank you!
zzz
indeed
zzz
but not crazy
dr|z3d
Maybe 8MB/s ballpark max I've been seeing lately, though it's spiking a lot.
zzz
my routers usually run pretty close to their limits so I have to squint to see it
zzz
anyway, I'll say the data is confirming evidence pointing to china
bak83
I was looking at implementing this bittorrent DHT entension into snark and the i2p BT DHT standard, bittorrent.org/beps/bep_0051.html#horizontal-attack , to allow the indexing of DHT torrents without a centralized tracker. It doesn't look like it is implemented yet. Would a formal proprosal/RFC be required?
dr|z3d
not sure a formal proposal is required, though zzz is best placed to answer that question. what's probably more persuasive is a merge request.
zzz
no, because bittorrent extension mechanism is extensible ))
zzz
so knock yourself out
zzz
does biglybt support it?
bak83
They and vuse have plugins for it, I'm not sure it's supported in i2p
dr|z3d
bak83: dht search in snark is something I suggested years ago, so if you can get it working, I'm confident we'll use it.
orignal
seems they are testing routers for limits
dr|z3d
they're doing a poor job if that's the case.
orignal
they always reach caps on all my routers
orignal
once they see E they stop flooding