IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/12/17
~dr|z3d
@RN
@StormyCloud
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%RTP
%acetone
%cumlord
%snex
+FreefallHeavens
+Xeha
+ardu
+bak83
+hk
+onon_
+poriori
+profetikla
+r00tobo_BNC
+radakayot
+uop23ip
+weko
AHOH
Arch
Danny
DeltaOreo
FreeB
Irc2PGuest13718
Irc2PGuest28982
Irc2PGuest41133
Irc2PGuest99174
Meow
Onn4l7h
Onn4|7h
T3s|4
enoxa
idontpee
ka2
maylay
not_bob_afk
qend-irc2p
shiver_
simprelay
solidx66
u5657
username
woodwose
zer0bitz
orignal guys, what can you say about router jhyi ?
orignal bunch of transit tunnels and all empty
dr|z3d banned here.
dr|z3d keep an eye on it, you'll also see it rapidly cycling ips.
orignal yes it is
orignal they question is why so many tunnels through it
zzz yeah drz caught it a month ago
orignal esepcially since it's LU
orignal the question is about number of tunnels
orignal who builds it
orignal or there are execissve amount of such duplicates
dr|z3d it's quite likely malicious
dr|z3d if you look at the ips, they're not coming from a commercial vpn. they're all residential. it may be the cc of that malware zzz flagged a while back.
orignal and we don't recognize it as multihomes
orignal because no conflict with netdb
orignal seems they really change ip all the time
dr|z3d "i2predia" iirc.
dr|z3d link's up on ramble if you missed it.
orignal what's that?
dr|z3d i2p-hosted malware.
orignal that's fine but why it affects tunnels?
orignal looks like it never accepts tunnels
orignal and secons thing who chooses the one for tunnel
dr|z3d there are 4 or 5 doing exactly the same thing on the network.