@RN_
@T3s|4
@not_bob
@orignal
@postman
@zzz
%snex
+FreefallHeavens
+Onn4l7h
+Onn4|7h
+Over
+dollarthief
+leopold_
+nyaa2pguy
+onon_
+profetikla
+qend-irc2p
+r00tobo
+waffles_
Arch
BeepyBee
BubbRubb1
Danny
H20
Irc2PGuest12685
Irc2PGuest14902
Irc2PGuest41816
Irc2PGuest49393
Irc2PGuest61421
Irc2PGuest83366
Irc2PGuest84096
Irc2PGuest90684
Meow
acetone_
dr|z3d
floatyfloatilla
gellegery
halloy13412
makoto
nZDoYBkF__
nilbog
noidea
ntty
poriori_
r00tobo[2]
shiver_
simprelay
solidx66_
thetia
u5657
uop23ip_
user1
vivid_reader56
zer0bitz
orignal
guys, what can you say about router jhyi ?
orignal
bunch of transit tunnels and all empty
dr|z3d
banned here.
dr|z3d
keep an eye on it, you'll also see it rapidly cycling ips.
orignal
yes it is
orignal
they question is why so many tunnels through it
zzz
yeah drz caught it a month ago
orignal
esepcially since it's LU
orignal
the question is about number of tunnels
orignal
who builds it
orignal
or there are execissve amount of such duplicates
dr|z3d
it's quite likely malicious
dr|z3d
if you look at the ips, they're not coming from a commercial vpn. they're all residential. it may be the cc of that malware zzz flagged a while back.
orignal
and we don't recognize it as multihomes
orignal
because no conflict with netdb
orignal
seems they really change ip all the time
dr|z3d
"i2predia" iirc.
dr|z3d
link's up on ramble if you missed it.
orignal
what's that?
dr|z3d
i2p-hosted malware.
orignal
that's fine but why it affects tunnels?
orignal
looks like it never accepts tunnels
orignal
and secons thing who chooses the one for tunnel
dr|z3d
there are 4 or 5 doing exactly the same thing on the network.