Hello
I've been using I2P for a long, long time, practically from the start. I keep a low profile, but I participate in my own way. I've always been disappointed by the irregularity of this network's operation. Fine for an hour, or a day, and then all of a sudden, nothing seems to work properly.
For a long time, my servers suffered a fragmentation attack on the uTP protocol. As this protocol is not used by I2P, I solved this problem, thinking that my I2P routers would finally be more stable as I no longer had a global attack on the servers (well, no visible attack, which means less flow restriction by protection measures).
And yet, the routers are as 'capricious' as ever.
My Java routers regularly display “tunnels refused, bandwidth limit reached”, and everything turns yellow.
My I2Pd routers go even further, consuming all available RAM, writing 25GB logs and crashing on a segmentation error (maybe 32Gb RAM isn't enough to run a class O router?). I have 5 independent fibers, I think I have enough available bandwidth.
I'm still convinced of the usefulness and necessity of this software, and I was convinced of its usefulness even before it existed. So if someone of good will has the time and knowledge to understand how the NTCP2 and SSU2 protocols are destabilized by continuous fragmentation and amplification attacks, maybe one day this network will be usable by a little more than a handful of enthusiasts, of which I'm one, of course.
Best regards
COMiX
Fragmentation DDoS Attack?
Fragmentation DDoS Attack?
Try to make something work without understanding it
Re: Fragmentation DDoS Attack?
Wow, I don't know what's changed with the Java 2.8.1 router (although I don't really want to know), but it's impressive. It works fast and well. I hope it lasts.
Thanks to the devs
Thanks to the devs
Try to make something work without understanding it
Re: Fragmentation DDoS Attack?
Der COMiX, nach all den Jahren, schön mal wieder von dir zu hören!
I hope to hear from you more often and not just in 2035
Until then, good luck!
If a connection is not established, this is regarded as an error. But as I'm sure you know, this chattiness can be permanently switched off by configuration. My log is just 108 bytes in size. Alternatively, you can use programs like Logrotate; if someone wants to grep for serious errors.
I hope to hear from you more often and not just in 2035
Until then, good luck!
I2P preserves your right to informal self-determination.
Re: Fragmentation DDoS Attack?
Hi OP, I remember you.
Don't know much about fragmentation attacks or how it would affect Java I2P or i2pd. I doubt anything in particular in 2.8.1 would make it better. If you gain any further insights, let us know.
Don't know much about fragmentation attacks or how it would affect Java I2P or i2pd. I doubt anything in particular in 2.8.1 would make it better. If you gain any further insights, let us know.
Re: Fragmentation DDoS Attack?
Hello lgillis
).
But I still have this strange behavior. It works fine for a while, sometimes for a week, and then everything goes downhill. Of course, I've already tried many configurations and I know there's no “one-size-fits-all” solution, but I wanted to draw attention to my problems, because I'm sure I'm not the only one. And I'll be back in 2035 to see how things are progressing
Of course, as you advise, I cut the I2Pd router logs (I wasn't going to read them anyway
).But I still have this strange behavior. It works fine for a while, sometimes for a week, and then everything goes downhill. Of course, I've already tried many configurations and I know there's no “one-size-fits-all” solution, but I wanted to draw attention to my problems, because I'm sure I'm not the only one. And I'll be back in 2035 to see how things are progressing
Try to make something work without understanding it
Re: Fragmentation DDoS Attack?
Hello zzz
I've come to think of this kind of attack because the behavior of my routers really resembles the behavior of software I use that has been attacked in this way.
Perhaps some malicious routers have been modified to communicate constantly with duplicate addresses and malformed packets, to lower the success rate of tunnel creation, and force “honest” routers to work beyond their limits by forcing them to reconstruct incomplete frames. The effect is not immediate, but it poisons the network.
As for the wow effect of version 2.8.1, I have no explanation.
I didn't modify anything in my lab (I love that term to justify all those servers stacked in their rack), I just ran a small apt upgrade in the VM of a Java router. Then I pushed my entire I2P stream onto that router, and wow! Then I updated my other routers the same day, and got the same result. Something, or someone, turned on the tap. Maybe in the selection of jump routers for a tunnel, I don't know (but you should know!). Anyway, so far, it's working, and working better than ever. Enough to consider putting some services online
Thanks again for the time you've devoted to this experiment.
I've come to think of this kind of attack because the behavior of my routers really resembles the behavior of software I use that has been attacked in this way.
Perhaps some malicious routers have been modified to communicate constantly with duplicate addresses and malformed packets, to lower the success rate of tunnel creation, and force “honest” routers to work beyond their limits by forcing them to reconstruct incomplete frames. The effect is not immediate, but it poisons the network.
As for the wow effect of version 2.8.1, I have no explanation.
I didn't modify anything in my lab (I love that term to justify all those servers stacked in their rack), I just ran a small apt upgrade in the VM of a Java router. Then I pushed my entire I2P stream onto that router, and wow! Then I updated my other routers the same day, and got the same result. Something, or someone, turned on the tap. Maybe in the selection of jump routers for a tunnel, I don't know (but you should know!). Anyway, so far, it's working, and working better than ever. Enough to consider putting some services online
Thanks again for the time you've devoted to this experiment.
Try to make something work without understanding it
Re: Fragmentation DDoS Attack?
Thanks for the kudos.
Of course, we try to make things better every release. You didn't say what release you upgraded _from_, but if it had been a while, perhaps the cumulative effect of many releases gave you the "wow".
One thing we've been battling for over two years is a set of botnet/attack routers, buggy / old / hacked routers, poorly deployed, presumably to provide C2 over I2P back to their masters. On top of whatever we're doing to make I2P faster and more reliable in general, many past releases have specific mitigations to lessen the harm these network peers are inflicting, intentionally or not.
We try to stay on a 4 releases per year cadence, unless we screw up, which I have a couple of times lately, and there's a new 2.8.2 coming shortly as a result, but we'll keep banging away, trying to get a little smarter every day.
Of course, we try to make things better every release. You didn't say what release you upgraded _from_, but if it had been a while, perhaps the cumulative effect of many releases gave you the "wow".
One thing we've been battling for over two years is a set of botnet/attack routers, buggy / old / hacked routers, poorly deployed, presumably to provide C2 over I2P back to their masters. On top of whatever we're doing to make I2P faster and more reliable in general, many past releases have specific mitigations to lessen the harm these network peers are inflicting, intentionally or not.
We try to stay on a 4 releases per year cadence, unless we screw up, which I have a couple of times lately, and there's a new 2.8.2 coming shortly as a result, but we'll keep banging away, trying to get a little smarter every day.
Re: Fragmentation DDoS Attack?
@Igillis
After some research, I found information about a problem called "Ryzen Segmentation Fault". Like all my I2Pd virtual machines were with AMD processors, I migrated to a server with Intel processors, and now I2Pd routers are stable and constant. The success rate is now about 40%. I don't know if it's good, but it feels like it's working. I'll be able to reactivate the logs
it doesn't mean there's no attack, but at least it resists
After some research, I found information about a problem called "Ryzen Segmentation Fault". Like all my I2Pd virtual machines were with AMD processors, I migrated to a server with Intel processors, and now I2Pd routers are stable and constant. The success rate is now about 40%. I don't know if it's good, but it feels like it's working. I'll be able to reactivate the logs
it doesn't mean there's no attack, but at least it resists
Try to make something work without understanding it
Re: Fragmentation DDoS Attack?
@zzz
Based on your comment, I looked more closely at my routers. Virtual machines created in 2018, with the I2P version of the time, installed with the repo for debian/ubuntu, then regularly upgrade the system and I2P over time. And looking in /usr/share/i2p and /var/lib/i2p, I see that some configuration files are double (those that match the old tree and those of the new one). It must have made some kind of soup in the configurations and the shift from 2.8 to 2.8.1 put things in place. Anyway, I'm going to go back to clean with new installation, because it's still nice when you click on a web link and the page appears without having to start over 10 times
Try to make something work without understanding it