dr|z3d
last spike detected around 10pm UTC.
dr|z3d
as for a U limit per ip, that's up to you.
dr|z3d
another spike happening round about now.
dr|z3d
so, no, if the elevated bandwidth is indeed indicative of an attack, then no, we're not out of the woods yet.
snex
its probably trivial to root one of these IPs and just look directly at what theyre doing
dr|z3d
build a web interface, put it on a site..
uop23ip
is a tunnel in general bw limited?
dr|z3d
or if you're feeling adventurous, one of those plugin things :)
dr|z3d
as for "probably trivial", if it was trivial to identify behavior profiles for malicious routers, we'd have something in the console by now.
dr|z3d
a tunnel is always constrained by the slowest router in the chain.
dr|z3d
there's also a theoretical maximum per tunnel that's capped at 8MB/s iirc. might be wrong on the numbers there.
uop23ip
i ask bc these bw spikes do not correlate or just weak to tunnel count. At least for my graphs.
snex
im saying these specific ones, given how theyre running old ass windows with clearly compromised software
uop23ip
to have a high transit (tunnel) bw demand on my router, there have to be high bw router behind or/and in front of mine in the chain (and the tunnel creator has to be high bw,too). Correct?
uop23ip
if so, could it be that someone use the X only option, builds massive X-X-X tunnels and have this spike effect?
orignal
sometimes I run 20+ on the same IP
fox
ah this is where everyone went
not_bob
Yes
fox
huh i don't remember a bob
fox
*** pokes RN with a stick ***
not_bob_afk
I've been here for years.
fox
psi still around or did we trade him for z3d permenantly
not_bob_afk
z3d is still around. I can't say for psi.
not_bob_afk
Right dr|z3d?
fox
z3d's dead baby
not_bob_afk
I know nothing of that.
fox
or maybe Jeff's dead. He was going pretty coocoo for coco puffs last i heard
fox
itsjustme_: which nick is maidenboi now?
RN
fox, aloha
fox
hello nurse. hope you saw the island before it burned
RN
I'll never tell
RN
;)
RN
havent seen the multinamed user formerly known as maidenboi in a long time
T3s|4
^same here
fox
yeah he was here last time i was by chance and i forgot to save that vm before i shutdown
RN
oops
RN
LOL
RN
I like to be prompted
fox
*** was several dabs deep ***
RN
hehe
fox
itsjustme_: you best vote. otherwise you're going to camp with peter theil
dr|z3d
uop23ip: no.
dr|z3d
just having a few X-X-X tunnels isn't going to cause a network-wide spike in traffic.
zzz
maybe the 2nd or 3rd deadlock found by the detector? not bad
zzz
dr|z3d, you have an analysis/recommendation for the fix?
dr|z3d
nothing, zzz, sorry. I don't really know how to attack deadlocks.
zzz
carefully...
dr|z3d
I defer to your scalpel :)
zzz
thread 0 is innoncent
zzz
have to pick either thread 1 or 2 path to fix
zzz
I see how to fix 1 but that may not be right
uop23ip
ok that's good to hear dr|z3d , but what about a 500 XU router bot net with onlyX option enabled, controlled over i2p, torrenting to eachother. At start tunnel number up, stays and the bw comes into play, then stop after some time?
dr|z3d
I don't know what you're asking, uop23ip
orignal
XU routers might not be a botnet, just idiots
orignal
because another idiots susggest to set X "because it works faster"
orignal
as reasult they can't handle real traffic
orignal
because sit on mobile devices
dr|z3d
sure, or they could be part of the botnet with a less permissive / inaccessible firewall.
orignal
let me explain what we see
orignal
we build a tunnel say though X routers
orignal
than start transferring heavy traffic like youtube video
orignal
and after a minute tunnels dies
orignal
because an intremdeiate router can't make it
orignal
because a monkey declared it as X while it was not
dr|z3d
sure, also possible.
dr|z3d
if you look at the chinese botnet, they're all X tier, 0.9.58. It's not clear that they're all bona fide X tier.
uop23ip
Just checking if my thinking is correct and if a scenario would fit the bw spikes. Could be totally wrong ofc :)
uop23ip
like this: massive coordinated XU-X-X-X-XU, XU-X-(me here seeing in/out high bw traffic)-X-XU.
dr|z3d
it's a ton of routers with high bandwidth traffic. don't overthink it.
orignal
X-XU-X how i2pd builds tunnels
orignal
not two U in row
orignal
because both might be symmetriuc NAT
zzz
re: sym nat G cap, is it a bad idea or not? github.com/PurpleI2P/i2pd/commit/ec4fe9a1e680e677b94fab21c7febd8151478ab4
orignal
but you said you do it now
orignal
for me it's just a workaround
orignal
better to publish sepaate cap in address
zzz
yeah, but I think you said "maybe" it's a bad idea, so I wondered if you decided it's a good idea or what
orignal
I have decided to do the same way as you until we start publishing in SSU2 caps
zzz
I'm not sure that's a good idea )) if you're symmetric nat, you're almost certainly symmetric nat for TCP also, right?
orignal
but why do you care about TCP?
orignal
you are Firealled and can only make outgoing connections
zzz
true. but it's more efficient to look in the RI caps than iterate through all the addresses looking for a cap
orignal
problem is not SSU2/NTCP2
orignal
problem is ipv4/ipv6
orignal
ipv4 can be symm NAT and ipv6 not
zzz
hmm
orignal
you know my position I would also remove R and U caps
orignal
they are just nothing but mess
dr|z3d
or introduce a 3rd connectivity cap, "V" for volatile, ie neither R nor U.
orignal
guys sorry but R and U is per netwrok not per router
zzz
a little messy, like a lot of things in this 20 year old project, but extremely useful and efficient in our code.
orignal
i2pd doesn't use these caps at all
orignal
and published it for Java
orignal
we always rely on what's inside addresses
orignal
so back to G I can revert this commit
orignal
my point was
onon
Do you think my opinion on this issue will be of interest to anyone here?
orignal
symm NAT is usually for moobile network users
orignal
and they are nothning ut troubles
onon
Regarding symmetric nat
zzz
well, I think G for sym. nat was a good idea, that's why I did it
orignal
everybody's opinion matter
orignal
my reason was mobile network users
zzz
agreed sym nat is trouble ))
onon
Well, I think zzz is wrong on this issue.
orignal
that should be exaluded from tunnels
orignal
maybe we should D as a compromise?
onon
Publishing G for symmetric is a bad idea
orignal
like "I'm not a good router. Be aware and trey to avoid me if you can"
orignal
your arguments?
onon
Because the number of routers with symmetrical makes up a significant part of the network
onon
And these are not always mobile routers.
onon
A large number of "wired" providers use this technology.
onon
The only problem with symmetric is that they cannot establish SSU connection with two types of NAT.
orignal
only in Russia I think
zzz
dont know what you consider 'significant' but I see < 1%; show us your data
orignal
zzz how do you know is U router is symm NAT?
orignal
by peer test msg 6 ?
orignal
as for me I see synn nat in 2 cases
orignal
double NAT or mobile netwrok
orignal
for me both are troublemakers
onon
Tell us how you got this result < 1%
onon
I think this is far from reality.
orignal
afaik for msg 6 or msg 7
zzz
~30 routers / 4000 in netdb with G cap, but not all are sym nat, but some are i2pd or old java that don't publish G, so that kinda cancels out, roughly < 1%
orignal
you can see if Chrlie is symm nat or not
zzz
but I don't have stats for that
zzz
still awating the stats for 'significant'
orignal
we can collect stats from peer test
onon
I took the information from here
onon
These are statistics of users of one very large Internet service.
onon
Yes, I have transferred these values to i2p users. And I believe that the distribution will not differ much.
orignal
so what if we change G to D?
zzz
why
orignal
because G means that router doesn't accept any tunnels
orignal
D says it accept partically
onon
We are making i2p for regular users. And even if this distribution is smaller now, with the growth of popularity it will be approximately the same.
orignal
that's why we need to implement a separate cap
orignal
to make it clear
onon
I propose an option with the publication of my status as a symmetrical. And let others decide whether to build a tunnel through it or not.
orignal
that's why I suggest D
orignal
"I can accept a tunnel but don't guaratee"
zzz
maybe G is temporary fix, but if you guys don't write up a proposal then it's permanent ))
orignal
I forgot how to wirte a proposal
orignal
basically it should consist of one line "s cap for SSU2 address"
orignal
if s than symmtric NAT
orignal
or I know better
orignal
I'm suffered by proposalphobia )))
onon
In that case, it would be nice to add separate caps for all types of nat.
orignal
why do we need to care about others?
onon
Since we can easily connect symmetric and full cone
orignal
full code is not a problem
onon
And restricted cone with symmetric
onon
But we cannot connect symmetric + symmetric or port restricted + symmetric
onon
There is a table of combinations ewk6oorlm4hov5dufwf5zyrj5zrxt7kfztkzw6ocwmnlv3xqtyja.b32.i2p/-cjfo9dclflwku9qz-2p4wl_hre.jpeg
onon
There is also a symmetrical NAT, in which the port is incremented by a constant with each new connection. If we learn how to determine this, then it is quite possible to connect such symmetrical NAT with other types of NATs.
dr|z3d
fwiw, out of ~4700 routers in netbd, 112 G cap routers. still not a signficant number.
fox
does i2pd not have a router console?
dr|z3d
i2pd has a rudimentary console / web interface. someone running i2pd will remind you of the port.
fox
7070 thanks onon
zzz
re: plans, plucked off my roadmap, I'm coding up datagram2 and unit tests for it; if/when I finish, I;ll be calling for a review of the proposal
RN
why does i2pd let users specify X, why does it not test capability and adjust over time based on throughput average? Then the users cant screw up the setting.
orignal
RN because some monkey suggested them
orignal
people who do it are usually drug addicts
orignal
and they use i2pd for access to the marketplace
RN
so why not assign based on configured bw, and adjust based on performance? stop these dunderheads from clogging the network. :)
orignal
how would you know the actual network bandwidth?
orignal
even if you do how do you know how much your phone can handle?
RN
running average... don't need to know it's best, and it changes for a phone as you move around...
RN
dunn
RN
o
RN
maybe it is harder to test than I think