Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#1936 closed enhancement (fixed)

un-safe peers , until when ? save the active users

Reported by: anonymous maybe Owned by:
Priority: major Milestone: n/a
Component: router/general Version: 0.9.28
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

i know anyone has the ability to ban users , but seriously if we dont give i2p version a limit for all users this is really a miss.

what i mean is , users who didnt updates their router after lets say after 3 updates they will be automatically in the banned list until they update their routers, and by this i2p save its users from any corruptions/attacks ..etcs.

as an example i just discovered this peer in my "I2P Network Peer Profiles":-

  • Peer info for: aGv3r0PwMobiX-DftdMchBQ4zAYg6eP6-RaHFM4Ps6A=
Published: 4 hours ago
Signing Key: DSA_SHA1
Address(es): UA NTCP: [cost=11] [host=195.234.71.246] [port=13942] SSU: [cost=4] [caps=BC] [host=2a01:6d80:100:300:0:0:0:1] [key=aGv3r0PwMobiX-DftdMchBQ4zAYg6eP6-RaHFM4Ps6A=] [mtu=1472] [port=13942] SSU: [cost=6] [caps=BC] [host=195.234.71.246] [key=aGv3r0PwMobiX-DftdMchBQ4zAYg6eP6-RaHFM4Ps6A=] [port=13942] 
Stats:
caps = LR
coreVersion = 0.9.17
netId = 2
router.version = 0.9.17
stat_uptime = 90m

9.17 with SHA1 wtf ?


i just found even more inside (for sure) "I2P Network Database"

  • Peer info for: 2-275b~C38y037x~7ih-Q2x4-LBYtNR-EYYYsuknM1w=
Published: 4 hours ago
Signing Key: DSA_SHA1
Address(es): KZ NTCP: [cost=11] [host=185.22.64.88] [port=25589] SSU: [cost=6] [caps=BC] [host=185.22.64.88] [key=2-275b~C38y037x~7ih-Q2x4-LBYtNR-EYYYsuknM1w=] [port=25589] 
Stats:
caps = OfR
coreVersion = 0.9.19
netId = 2
netdb.knownLeaseSets = 62
netdb.knownRouters = 4197
router.version = 0.9.19
stat_uptime = 90m
  • Peer info for: 6VioUY5fOcZZCPg34d6LOBrJ8RpQwDZEZfTmOtxnI3w=
Published: 4 hours ago
Signing Key: DSA_SHA1
Address(es): RU NTCP: [cost=11] [host=46.188.2.228] [port=30217] SSU: [cost=6] [caps=BC] [host=46.188.2.228] [key=6VioUY5fOcZZCPg34d6LOBrJ8RpQwDZEZfTmOtxnI3w=] [port=30217] 
Stats:
caps = POR
family = pi3
family.key = 1:Q14a51WL7aLNIU4jC9a1xqB1y4tWT2aT41w5bKJS2ZnU7SihhcPtoZJt54l0aPL~QGfgQdLa70jHeEqLtaosvA==
family.sig = qdynEk0n13Z6QWvDl2Hh9pOEjNK4piiHQn5Km3WQNPqpxDF3q3BurwI93Y8k96nTO1FtmDS33nRT7uP98qlHWw==
netId = 2
router.version = 0.9.28
  • Peer info for: FiKPQ5rKCfKbWf8J1R76zUQymW0WehjYKkG7hl0uURE=
Published: 90 min ago
Signing Key: DSA_SHA1
Address(es): SG SSU: [caps=BC] [host=139.162.21.115] [key=FiKPQ5rKCfKbWf8J1R76zUQymW0WehjYKkG7hl0uURE=] [port=19527] NTCP: [cost=9] [host=2400:8901:0:0:f03c:91ff:fe37:4afa] [port=19527] SSU: [cost=4] [caps=BC] [host=2400:8901:0:0:f03c:91ff:fe37:4afa] [key=FiKPQ5rKCfKbWf8J1R76zUQymW0WehjYKkG7hl0uURE=] [mtu=1472] [port=19527] NTCP: [host=139.162.21.115] [port=19527] 
Stats:
caps = XOfR
coreVersion = 0.9.20
netId = 2
netdb.knownLeaseSets = 81
netdb.knownRouters = 4925
router.version = 0.9.20
stat_uptime = 90m

  • Peer info for: OyVAqIk0YznfoEZre1qNLpTLj~wJzfPhqZp4y7WQeg4=
Published: 108 min ago
Signing Key: DSA_SHA1
Address(es): US SSU: [caps=BC] [host=64.185.232.99] [key=OyVAqIk0YznfoEZre1qNLpTLj~wJzfPhqZp4y7WQeg4=] [port=11048] NTCP: [cost=11] [host=64.185.232.99] [port=11048] 
Stats:
caps = POfR
netId = 2
netdb.knownLeaseSets = 107
netdb.knownRouters = 4871
router.version = 0.9.28

  • Peer info for: brl0tDJariybCW2GDKw1RnUDJwRGtCDtYKu8gBGmKVs=
Published: 36 min ago
Signing Key: DSA_SHA1
Address(es): IE NTCP: [cost=11] [host=52.16.17.15] [port=16245] SSU: [cost=6] [caps=BC] [host=52.16.17.15] [key=brl0tDJariybCW2GDKw1RnUDJwRGtCDtYKu8gBGmKVs=] [port=16245]
Stats:
caps = NfR
coreVersion = 0.9.18
netId = 2
netdb.knownLeaseSets = 54
netdb.knownRouters = 3488
router.version = 0.9.18
stat_uptime = 90m

  • Peer info for: btoyP76m-DjI-2lyYuGC23eHQE5V4txi4xHf999DDWI=
Published: 6 hours ago
Signing Key: DSA_SHA1
Address(es): DE SSU: [cost=4] [caps=BC] [host=2001:470:1f0a:2cf:0:0:0:2] [key=btoyP76m-DjI-2lyYuGC23eHQE5V4txi4xHf999DDWI=] [mtu=1280] [port=18633] SSU: [caps=BC] [host=144.76.40.121] [key=btoyP76m-DjI-2lyYuGC23eHQE5V4txi4xHf999DDWI=] [port=18633] NTCP: [cost=11] [host=144.76.40.121] [port=13210] 
Stats:
caps = OfR
coreVersion = 0.9.17
netId = 2
netdb.knownLeaseSets = 55
netdb.knownRouters = 3577
router.version = 0.9.17
stat_uptime = 90m

  • Peer info for: vWW1J7bclsgcE2pYkMQMulwLwPSrB6vXWB7QNNVr1SU=
Published: 4 hours ago
Signing Key: DSA_SHA1
Address(es): SSU: [cost=6] [caps=BC] [host=62.210.182.21] [key=vWW1J7bclsgcE2pYkMQMulwLwPSrB6vXWB7QNNVr1SU=] [port=30208] NTCP: [cost=11] [host=62.210.182.21] [port=30218] 
Stats:
caps = NfR
coreVersion = 0.9.17
netId = 2
netdb.knownLeaseSets = 52
netdb.knownRouters = 3480
router.version = 0.9.17
stat_uptime = 90m

Subtickets

Change History (2)

comment:1 Changed 3 years ago by Eche|on

Resolution: fixed
Status: newclosed

Hi
No need to block old nodes at all. They are all backwards compatible to a certain point.
They do help the network, so no need to block older nodes. Also not all nodes are able to update in sane time (currently roughly 90% have updated after 3 weeks).
But if there is a real danger to the network, there will be a transitional update and soon after a flagday in which a new I2P version will not accept connections from older versions.

Beside this, the banlist is mostly used to exclude bad peers from the network. Just running a older version is per se not a bad peer.

comment:2 Changed 3 years ago by zzz

Component: unspecifiedrouter/general
Milestone: undecidedn/a

We pride ourselves on backwards compatibility, and in theory we're compatible all the way back to 0.6.1.10 in 2006. In practice though, routers before 0.9.16 late 2014 can't talk to non-DSA-SHA1 routers and we do blacklist them.

There are several other places in our code where we avoid old routers when we need to use a certain feature that they don't support. For example at the top of our I2NP spec http://i2p-projekt.i2p/spec/i2np we list compatibility for various versions.

It's not our job to force people to upgrade, and if they are using some distribution package from a 3rd party that is out-of-date, it's not our fault and there's nothing we can do about it. At most we could have some better user message saying that their version is very very old and they should update, but even that is difficult, because the news URL and news fetch method has changed over the years, so they may not be getting the current news anymore. Watching the network for max-seen version is also not reliable as anybody could spoof a version. But having an old version just silently not work very well any more because it can't connect to anybody is terrible UX.

So in response to your suggestion, we do ban or avoid old routers in the cases where it matters, but we aren't going to implement a simplistic ban like '3 versions old get automatically banned'.

Note: See TracTickets for help on using tickets.