24
submitted 6 months ago by CAVOK@lemmy.world to c/i2p@lemmy.world

The I2P network is currently under a Denial-of-Service attack. This attack affects I2P and i2pd but in different ways and is having a serious effect on network health. Reachability of I2P sites is badly degraded.

Java I2P users are suggested to disable the sybil attack tool, delete the sybil-blocklist, and re-start their routers.

To disable the sybil attack detector tool

Open the sybil attack detector in your router console at http://127.0.0.1:7657/netdb?f=3&m=15

Change "Background Analysis Run Frequency" to "Never"

Click "Save" to save the settings.

To delete the sybil blocklist, run:

On Debian and Ubuntu:

rm "/var/lib/i2p/i2p-config/sybil-analysis/blocklist-sybil.txt"

On other Linuxes and on Mac OSX:

rm "$HOME/.i2p/sybil-analysis/blocklist-sybil.txt"

And on Windows:

del %LocalAppData%\i2p\sybil-analysis\blocklist-sybil.txt"

When you are finished, re-start your I2P router.

If you are hosting a service inside I2P and it is hosted on a Floodfill router, you should consider multihoming the service on a Floodfill-disabled router to improve reachability. Other mitigations are being discussed but a long-term, backward-compatible solution is still being worked on.

you are viewing a single comment's thread
view the rest of the comments
[-] possiblylinux127@lemmy.zip 3 points 6 months ago

Thanks for the info. Why are we suppost to turn off protections?

[-] CAVOK@lemmy.world 1 points 6 months ago

From one of the developers:

Excellent question. In the case of Java I2P and of I2P+, the attacker is actually gaming the sybil attack tool in order to trick routers into erroneously banning floodfills.

Basically the attacker has found a way to trick real routers into attempting to connect to fake routers. Normally, this is not harmful, fake routers are just offline routers. Offline forever.

But if you craft your fake router this one specific way then the router you are tricking thinks some real router, which is usually reachable, is offline. That's how it affects I2P without the sybil tool. The sybil tool, in this case, amplifies the effect of the attack and the duration of the attack, because the real router which is ddos'ed gets banned by the sybil tool.

Edit: I am deliberately leaving out specific details here.

[-] Luci@lemmy.ca 1 points 6 months ago

It looks like the ddos is exploiting this functionality

[-] possiblylinux127@lemmy.zip 1 points 6 months ago

Of course it is

this post was submitted on 28 Apr 2024
24 points (100.0% liked)

The Invisible Internet Project

1284 readers
15 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

"Don't be a dick" - Wil Wheaton

General

Media:

File Hosting and Pastebins

Torrents

Social Networks and Microblogging

Exploring I2P

I2P Name Registries

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Syndie

An open source system for operating distributed forums in anonymous networks

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

Follow us on Twitter

founded 1 year ago
MODERATORS