#saltr (irc2p) | I2P+ 2.10.0-32+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | notbob.i2p | ramble.i2p | drop.i2p | shinobi.i2p | wall.i2p | /msg an op for voice

orignal dr|z3d

orignal I have a theory

orignal but grandpa is not here

orignal fuck nobody is available for brainstorming

not_bob orignal: I have no idea why you can't ping my site.

uop23ip just for (my) info: can the attacker with his tunnel request define which encryption to use and choose a heavy cpu load one? i am not sure, but think i see a higher cpu demand compared to the last days.

not_bob uop23ip: I don't know the answer to that question, but it seems likely. One of the devs would have a better answer.

uop23ip and maybe even can target arm specific which iirc are not that great at some algos. just speculation ofc

not_bob A lot of people use arm these days.

orignal not_bob why haiku.ilita.i2p says no pings?

orignal uop23ip my new thoery that it's not a attack

uop23ip bitcoin again? or ai coder gone crazy? ;)

not_bob orignal: I don't know. It responds to NetDB queries.

uop23ip reminds me that i wanted to test emmissary to see how it behaves in the attack :) hope it is not that causing issues (the 7k peer test lol)

orignal where is drozd? where is grandpa?

orignal nobody wants to discuss my theory that can change everything

orignal theory with evidences

not_bob Give me a quick overview! I can't do anything about it, but I'm very curious!

orignal the overview is

not_bob Also, I built i2pd from the main git, it reported the same version as before after I compiled it.

orignal it's not actually an attack

orignal someone just run tht fleet of LU routers

not_bob You have my full attention.

not_bob Would someone just running LU routers cause this?

orignal not just LU routers

orignal LU routers with version that skipped by network

not_bob How would this explain all the extra transient tunnels I've been seeing?

orignal nobody builds tunnels through them

orignal however all of them build tunnels

orignal and thsi would not be a problem

orignal if Java I2P and I2P+ didn't have this fucking throttling algorithm

not_bob How do we test this theroy?

orignal step by step

orignal 1. this routers build 1-hop tunnels

not_bob cumlord made a post recently about detecting 0 hop tunnels.

orignal evidence: ipv6-only routers work fine and not affected by attack

not_bob Ok, that I was totally unaware of.

orignal it's BS

not_bob But, arn't you still at the mercy of the rest of the network for building tunnels?

orignal 0 hops tunnel doesn't cause floof of TBMs

not_bob No, it does not. 0 hop tunnels work fine. He just noted that he thinks he can detect them.

orignal now listen what happens

orignal ofc they are fine

orignal Java has limit of 27 TBM per 110 seconds

orignal for entire router, Carl

orignal this info from grandpa

not_bob *** nods ***

orignal once that routers start building tunnels

not_bob I'm assuming that's a fixed limit no matter what the bandwidth cap is set to?

orignal Java routers started dropiing this requests

orignal it's max

orignal may be smaller

not_bob So, you are suggesting that they are choking themselves out because the network is growing?

orignal then everybody started buildng throught i2pd rouetrs

orignal that reacched bandidth and tunnels limits

orignal it's not groing

orignal it might a botnet bigger than whole netwrok

orignal next evidence

not_bob How so?

orignal they use it for thier own reason

orignal the puprose is not to attack i2p

orignal grandpa claims it's modfied i2pd version 0.9.57

not_bob That's an idea that I have not heard. And, yes. That's why I've seen as well.

orignal modifed because they ignore congestion caps

orignal but that truth is that congestion caps were introduce in 0.9.58

not_bob Hmm

orignal now

not_bob I thought zzz was hanging out on your IRC server?

orignal if I wanted to flood the network with TBMs intentinally I wouldn't build 1 hops tunnels

orignal I would build 8 hops instead

orignal he is not reponding

not_bob Right, much harder on the network.

orignal for whole day

not_bob I've played with various hop lenghts over the years.

not_bob Argh.

orignal drozd disappeared too

orignal next evidence

not_bob Yeah, I've seen z3d once in the last few days, for a very short period of tiem. Part of the problem is that we are all fragmented due to this issue.

orignal grandpa says they keep changng router identify n he same IP

orignal truth is they don't

not_bob I have not been tracking that data.

orignal just different devices

not_bob Oh?

not_bob Same ports too?

orignal actually they are all LU

orignal don't this so

not_bob Odd.

orignal but somethimes they appear as RU

not_bob Odd

orignal LR sorry

orignal why?

not_bob Either way.

orignal because wrong peer test

not_bob I don't know enough about those desgnations to really understand.

orignal I have prrof for it

not_bob That's lower level than I tend to work.

orignal I try to hit NTCP2 port usgin telnet

orignal never answers

not_bob Hmm

orignal hence it's just false peer test

not_bob Right, I would expect a response.

orignal simly speaking bunch of device behind the same IP

not_bob Does the connection get made and just nothing, or the connection fails entiely?

orignal connectio refused

orignal nothing on hat TCP port

not_bob So, behind NAT or the like?

orignal *that

orignal so they are all behind NAT

orignal sometimes publises themselves as R by mistake

not_bob I2P works fine behind NAT. It's not as good, but it works. I've used I2P behind double NAT without issues as well.

orignal wrong peer test

orignal ofc it works

orignal I'm telling what's gong one

orignal *going

not_bob *** nods ***

not_bob As you know, they plan to replease a major update monday.

orignal say they run thousands of devices behind simgle IP

orignal and all of them try to build tunnels

orignal who?

not_bob But, wouldn't java I2P just ban that IP then? Too many routers on one IP should cause a ban.

orignal these IPs are not published

orignal how do you know which routers are on the same IP

not_bob Yeah, I read that.

not_bob You just ban the whole IP address.

orignal unless they connect

not_bob Right, true.

orignal how? if you don't know

not_bob Fair point.

orignal Java I2P probably does

orignal but they conect to different routers

not_bob And the way banning works it's per router instance, not global or shared.

orignal basically to everybody

not_bob Right.

orignal right

orignal so what I did

not_bob *** listens. ***

orignal I banned connections from routers below 0.9.58 on one of my router

orignal it helped a lot

not_bob I can imagine it would.

orignal hence I need grandpa hard to discuss

not_bob But, it would only help locally. When you build a tunnel the next router in the chain may not have the same limit on version.

orignal that's seems the right solution

orignal it help me too

not_bob That's one of the hard thigns with this network. You fixing something may help some, but till enough of the network updates it doesn't fix it all.

orignal becuase other routers stop receiveing shit from me anymore

orignal do you understand?

not_bob Right, you are no longer trying to pass on bad data?

orignal yes

not_bob That would also explain the bandwidth spikes that have been reported.

orignal and if it's IB the shit goes to orignator

orignal but since it's 1 hop tunnel it never happens

orignal oh I need to do one more thing

orignal if next in tunnel is older version drop it

not_bob *** nods ***

orignal that's obvious

not_bob It sounds like that would help, yes.

orignal they key thing is 1 hops tunnels because ipv6

orignal shit is always on ipv4

not_bob According to stats.i2p people are running versions older than 0.9.58 though in the wild. Won't that cut them off from the network?

not_bob Not entirely a bad thing. They should upgrade.

RN_ I think the sybl testing is off by default now

orignal need to talk to zzz

orignal RN_ where is drozd?

not_bob I can post on my blog to get with you. He read that.

not_bob But, that's the best I can do.

orignal don't worry

not_bob Ok

not_bob In the end, allowing older versions on the network is a good thing, to a point. But, after they are too old then it's not.

orignal but now you understand my point

not_bob Yes, I do.

orignal Floodfills: 3080

orignal I'm wondering what's this

orignal another attack?

not_bob At least I got right back on.

not_bob Bah, this is annoying.

uop23ip attack on ff or its service? got 7k ff here

not_bob zzz: talk to orignal!

not_bob I'm showing between 800 and 3000 floodfills right now depeding on which router I ask.

not_bob But, that number is just floodfilsl that each local router knows about, so that number will not be the same for everyone.

orignal zzz I need your attention

orignal these FFs can't be real

uop23ip probably didn't understand orignal, but this sounds like someone has put up an own network onside i2p? with own routing overhead and i2p got overloaded i2poveri2p ;)

orignal they run a botnet over i2p with hunders thousand of devices

orignal that's my point

orignal thier target is not i2p

orignal although they are assholes who don't care about the netwrok

uop23ip hope not. for sure it is a global thing. brazil, mexico and saudi arabia in my top 5 is new to me :D

uop23ip besides bots or not, attack or not, the biggest riddle for me is why the i2pd dev got a better connection to this irc than the java-i2p devs :D Good night gentlemen

nyaa2pguy think i was talking to myself on the other side/server :D. tried to say:

nyaa2pguy on my -5 patched router my participating tunnels have slowly ramped down from 6.5k participating tunnels to 4.5k over the last 10 hours

nyaa2pguy saw logs on major.i2p/irc2p/saltr/2026/02/08 - i think i also saw zzz was on echelon

nyaa2pguy this page is also showing a lot of new routers, but 0.9.67 stats.i2p/cgi-bin/total_routers_day.cgi

dr|z3d ok, latest + dev build, more mitigations. recommended download.

orignal any news about floodfills?

waffles holy fuck it took forever to get back on here

waffles wtf happened

uop23ip from zzz: "Investigating a new or modified attack that started 10 PM UTC last night"

uop23ip and "Early analysis is that this is a different attack or botnet from four countries, unrelated to the first."

dr|z3d quite the rodeo.

dr|z3d any new observations, orignal?

dr|z3d new + dev build up on skank.i2p for those running dev builds, or generally anyone running +