IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/10/28
dr|z3d last spike detected around 10pm UTC.
dr|z3d as for a U limit per ip, that's up to you.
dr|z3d another spike happening round about now.
dr|z3d so, no, if the elevated bandwidth is indeed indicative of an attack, then no, we're not out of the woods yet.
snex its probably trivial to root one of these IPs and just look directly at what theyre doing
dr|z3d build a web interface, put it on a site..
uop23ip is a tunnel in general bw limited?
dr|z3d or if you're feeling adventurous, one of those plugin things :)
dr|z3d as for "probably trivial", if it was trivial to identify behavior profiles for malicious routers, we'd have something in the console by now.
dr|z3d a tunnel is always constrained by the slowest router in the chain.
dr|z3d there's also a theoretical maximum per tunnel that's capped at 8MB/s iirc. might be wrong on the numbers there.
uop23ip i ask bc these bw spikes do not correlate or just weak to tunnel count. At least for my graphs.
snex im saying these specific ones, given how theyre running old ass windows with clearly compromised software
uop23ip to have a high transit (tunnel) bw demand on my router, there have to be high bw router behind or/and in front of mine in the chain (and the tunnel creator has to be high bw,too). Correct?
uop23ip if so, could it be that someone use the X only option, builds massive X-X-X tunnels and have this spike effect?
orignal sometimes I run 20+ on the same IP
fox ah this is where everyone went
fox huh i don't remember a bob
fox *** pokes RN with a stick ***
not_bob_afk I've been here for years.
fox psi still around or did we trade him for z3d permenantly
not_bob_afk z3d is still around. I can't say for psi.
not_bob_afk Right dr|z3d?
fox z3d's dead baby
not_bob_afk I know nothing of that.
fox or maybe Jeff's dead. He was going pretty coocoo for coco puffs last i heard
fox itsjustme_: which nick is maidenboi now?
RN fox, aloha
fox hello nurse. hope you saw the island before it burned
RN I'll never tell
RN ;)
RN havent seen the multinamed user formerly known as maidenboi in a long time
T3s|4 ^same here
fox yeah he was here last time i was by chance and i forgot to save that vm before i shutdown
RN oops
RN LOL
RN I like to be prompted
fox *** was several dabs deep ***
RN hehe
fox itsjustme_: you best vote. otherwise you're going to camp with peter theil
dr|z3d uop23ip: no.
dr|z3d just having a few X-X-X tunnels isn't going to cause a network-wide spike in traffic.
zzz maybe the 2nd or 3rd deadlock found by the detector? not bad
zzz dr|z3d, you have an analysis/recommendation for the fix?
dr|z3d nothing, zzz, sorry. I don't really know how to attack deadlocks.
zzz carefully...
dr|z3d I defer to your scalpel :)
zzz thread 0 is innoncent
zzz have to pick either thread 1 or 2 path to fix
zzz I see how to fix 1 but that may not be right
uop23ip ok that's good to hear dr|z3d , but what about a 500 XU router bot net with onlyX option enabled, controlled over i2p, torrenting to eachother. At start tunnel number up, stays and the bw comes into play, then stop after some time?
dr|z3d I don't know what you're asking, uop23ip
orignal XU routers might not be a botnet, just idiots
orignal because another idiots susggest to set X "because it works faster"
orignal as reasult they can't handle real traffic
orignal because sit on mobile devices
dr|z3d sure, or they could be part of the botnet with a less permissive / inaccessible firewall.
orignal let me explain what we see
orignal we build a tunnel say though X routers
orignal than start transferring heavy traffic like youtube video
orignal and after a minute tunnels dies
orignal because an intremdeiate router can't make it
orignal because a monkey declared it as X while it was not
dr|z3d sure, also possible.
dr|z3d if you look at the chinese botnet, they're all X tier, 0.9.58. It's not clear that they're all bona fide X tier.
uop23ip Just checking if my thinking is correct and if a scenario would fit the bw spikes. Could be totally wrong ofc :)
uop23ip like this: massive coordinated XU-X-X-X-XU, XU-X-(me here seeing in/out high bw traffic)-X-XU.
dr|z3d it's a ton of routers with high bandwidth traffic. don't overthink it.
orignal X-XU-X how i2pd builds tunnels
orignal not two U in row
orignal because both might be symmetriuc NAT
orignal but you said you do it now
orignal for me it's just a workaround
orignal better to publish sepaate cap in address
zzz yeah, but I think you said "maybe" it's a bad idea, so I wondered if you decided it's a good idea or what
orignal I have decided to do the same way as you until we start publishing in SSU2 caps
zzz I'm not sure that's a good idea )) if you're symmetric nat, you're almost certainly symmetric nat for TCP also, right?
orignal but why do you care about TCP?
orignal you are Firealled and can only make outgoing connections
zzz true. but it's more efficient to look in the RI caps than iterate through all the addresses looking for a cap
orignal problem is not SSU2/NTCP2
orignal problem is ipv4/ipv6
orignal ipv4 can be symm NAT and ipv6 not
zzz hmm
orignal you know my position I would also remove R and U caps
orignal they are just nothing but mess
dr|z3d or introduce a 3rd connectivity cap, "V" for volatile, ie neither R nor U.
orignal guys sorry but R and U is per netwrok not per router
zzz a little messy, like a lot of things in this 20 year old project, but extremely useful and efficient in our code.
orignal i2pd doesn't use these caps at all
orignal and published it for Java
orignal we always rely on what's inside addresses
orignal so back to G I can revert this commit
orignal my point was
onon Do you think my opinion on this issue will be of interest to anyone here?
orignal symm NAT is usually for moobile network users
orignal and they are nothning ut troubles
onon Regarding symmetric nat
zzz well, I think G for sym. nat was a good idea, that's why I did it
orignal everybody's opinion matter
orignal my reason was mobile network users
zzz agreed sym nat is trouble ))
onon Well, I think zzz is wrong on this issue.
orignal that should be exaluded from tunnels
orignal maybe we should D as a compromise?
onon Publishing G for symmetric is a bad idea
orignal like "I'm not a good router. Be aware and trey to avoid me if you can"
orignal your arguments?
onon Because the number of routers with symmetrical makes up a significant part of the network
onon And these are not always mobile routers.
onon A large number of "wired" providers use this technology.
onon The only problem with symmetric is that they cannot establish SSU connection with two types of NAT.
orignal only in Russia I think
zzz dont know what you consider 'significant' but I see < 1%; show us your data
orignal zzz how do you know is U router is symm NAT?
orignal by peer test msg 6 ?
orignal as for me I see synn nat in 2 cases
orignal double NAT or mobile netwrok
orignal for me both are troublemakers
onon Tell us how you got this result < 1%
onon I think this is far from reality.
orignal afaik for msg 6 or msg 7
zzz ~30 routers / 4000 in netdb with G cap, but not all are sym nat, but some are i2pd or old java that don't publish G, so that kinda cancels out, roughly < 1%
orignal you can see if Chrlie is symm nat or not
zzz but I don't have stats for that
zzz still awating the stats for 'significant'
orignal we can collect stats from peer test
onon I took the information from here
onon These are statistics of users of one very large Internet service.
onon Yes, I have transferred these values ​​to i2p users. And I believe that the distribution will not differ much.
orignal so what if we change G to D?
zzz why
orignal because G means that router doesn't accept any tunnels
orignal D says it accept partically
onon We are making i2p for regular users. And even if this distribution is smaller now, with the growth of popularity it will be approximately the same.
orignal that's why we need to implement a separate cap
orignal to make it clear
onon I propose an option with the publication of my status as a symmetrical. And let others decide whether to build a tunnel through it or not.
orignal that's why I suggest D
orignal "I can accept a tunnel but don't guaratee"
zzz maybe G is temporary fix, but if you guys don't write up a proposal then it's permanent ))
orignal I forgot how to wirte a proposal
orignal basically it should consist of one line "s cap for SSU2 address"
orignal if s than symmtric NAT
orignal or I know better
orignal I'm suffered by proposalphobia )))
onon In that case, it would be nice to add separate caps for all types of nat.
orignal why do we need to care about others?
onon Since we can easily connect symmetric and full cone
orignal full code is not a problem
onon And restricted cone with symmetric
onon But we cannot connect symmetric + symmetric or port restricted + symmetric
onon There is also a symmetrical NAT, in which the port is incremented by a constant with each new connection. If we learn how to determine this, then it is quite possible to connect such symmetrical NAT with other types of NATs.
dr|z3d fwiw, out of ~4700 routers in netbd, 112 G cap routers. still not a signficant number.
fox does i2pd not have a router console?
dr|z3d i2pd has a rudimentary console / web interface. someone running i2pd will remind you of the port.
fox 7070 thanks onon
zzz re: plans, plucked off my roadmap, I'm coding up datagram2 and unit tests for it; if/when I finish, I;ll be calling for a review of the proposal
RN why does i2pd let users specify X, why does it not test capability and adjust over time based on throughput average? Then the users cant screw up the setting.
orignal RN because some monkey suggested them
orignal people who do it are usually drug addicts
orignal and they use i2pd for access to the marketplace
RN so why not assign based on configured bw, and adjust based on performance? stop these dunderheads from clogging the network. :)
orignal how would you know the actual network bandwidth?
orignal even if you do how do you know how much your phone can handle?
RN running average... don't need to know it's best, and it changes for a phone as you move around...
RN dunn
RN maybe it is harder to test than I think