Is this a security issue that leaks src_ip?

I2P router issues
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Is this a security issue that leaks src_ip?

Post by echelon »

Your flowchart is simply wrong.

You need to remove the server, add a brek in the middle, add 3 nodes above and 3 below, title the existing 6 as in and out, each, and the new as In2 and out2, and server further down right.

If you interprete the node as a tunnel, it would be 3 tunnel in a row with now interchange in between, which is not possible.
So a node would a i2p node, aka router, IP, and thats not the way I2p works as described.

So your flowchart is wrong as your idea based on it.
See the link I send you above.
Or https://hal.inria.fr/inria-00632259/document which includes a simply flowchart of the real situation.

Or better to see: https://www.researchgate.net/figure/Acc ... _221655653
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: Is this a security issue that leaks src_ip?

Post by bwdcal »

echelon wrote: 13 Jan 2023 09:48 Your flowchart is simply wrong.

You need to remove the server, add a brek in the middle, add 3 nodes above and 3 below, title the existing 6 as in and out, each, and the new as In2 and out2, and server further down right.

If you interprete the node as a tunnel, it would be 3 tunnel in a row with now interchange in between, which is not possible.
So a node would a i2p node, aka router, IP, and thats not the way I2p works as described.

So your flowchart is wrong as your idea based on it.
See the link I send you above.
Or https://hal.inria.fr/inria-00632259/document which includes a simply flowchart of the real situation.

Or better to see: https://www.researchgate.net/figure/Acc ... _221655653
ok,please forget the diagram I drew.

Just to answer my two questions below:

1. Does the i2p website server(which run a .i2p domain site) or the last device running i2p in network tunnels, can get the hash of the target client?

2. Is it possible to collect the client hash and ip within the i2p network by running a long term i2p device?

thanks your paper, i will read it. thanks !
>>o<<
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: Is this a security issue that leaks src_ip?

Post by bwdcal »

echelon wrote: 13 Jan 2023 09:48 Your flowchart is simply wrong.

You need to remove the server, add a brek in the middle, add 3 nodes above and 3 below, title the existing 6 as in and out, each, and the new as In2 and out2, and server further down right.

If you interprete the node as a tunnel, it would be 3 tunnel in a row with now interchange in between, which is not possible.
So a node would a i2p node, aka router, IP, and thats not the way I2p works as described.

So your flowchart is wrong as your idea based on it.
See the link I send you above.
Or https://hal.inria.fr/inria-00632259/document which includes a simply flowchart of the real situation.

Or better to see: https://www.researchgate.net/figure/Acc ... _221655653

Image

as picture show from your shared paper. ask bellow question:

1. Does Alice in the picture get the hash of the bob?
2. If Alice runs long enough, will it be able to obtain the hash and ip of most nodes in the i2p network?
>>o<<
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Is this a security issue that leaks src_ip?

Post by echelon »

HI

Alice does need the server destination of bob, sure. Thats the address in I2P to reach, like IP address in clearnet.
Bob does get a (session only) destination of the service Alice used to connect to Bob, and sends the reply to that destination.

Hashes are NOT bound to any IP addresses.
You may collect IP addresses of known I2P nodes (the one your node connected to), and temporary (destination) addresses, but you cannot combine them by default.
Some are easy (like i2pforum.net and i2pforum.i2p should run on the same server), but other are hard to find, as a destination is not bound to any IP address.
I2P is a overlay network, the tunnel building works with IP addresses, but is independent of content.
Content is routed through established tunnels, which do no know much about IP addresses, hence traffic does not know anything about IP addresses.
Also content is encrypted up to 3 times in layers, which makes it rather hard to decrypt and read the content, including destination addresses.

But you may read otu the floodfill DB, which contains the tunnel INGateway and destination addresses which are bound together for 10 min

You would need to control at least 3 hops of the 12 hops shown in the diagram to read more content and IP addresses in a easier way than wild guessing.
But as bob and alice have their own view on I2P, you would need to make sure bob and alice do build tunnels which include your nodes (out of the >100k nodes worldwide).

echelon
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Is this a security issue that leaks src_ip?

Post by echelon »

bwdcal wrote: 13 Jan 2023 11:16
echelon wrote: 13 Jan 2023 09:48 Your flowchart is simply wrong.

You need to remove the server, add a brek in the middle, add 3 nodes above and 3 below, title the existing 6 as in and out, each, and the new as In2 and out2, and server further down right.

If you interprete the node as a tunnel, it would be 3 tunnel in a row with now interchange in between, which is not possible.
So a node would a i2p node, aka router, IP, and thats not the way I2p works as described.

So your flowchart is wrong as your idea based on it.
See the link I send you above.
Or https://hal.inria.fr/inria-00632259/document which includes a simply flowchart of the real situation.

Or better to see: https://www.researchgate.net/figure/Acc ... _221655653
ok,please forget the diagram I drew.

Just to answer my two questions below:

1. Does the i2p website server(which run a .i2p domain site) or the last device running i2p in network tunnels, can get the hash of the target client?

2. Is it possible to collect the client hash and ip within the i2p network by running a long term i2p device?

thanks your paper, i will read it. thanks !
1. A I2P servive need a destination to send data back to. So the server appliance do get that address (which is NOT a IP address), but thats not the last hop in a tunnel.

2. client hashes and IP addresses are public to read out on each connect to a I2P node. But both are NOT bound to destination addresses or servies in I2P. Services/destinations do run ON clients, but not associated with client IDs.
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: Is this a security issue that leaks src_ip?

Post by bwdcal »

echelon wrote: 13 Jan 2023 12:20
bwdcal wrote: 13 Jan 2023 11:16
echelon wrote: 13 Jan 2023 09:48 Your flowchart is simply wrong.

You need to remove the server, add a brek in the middle, add 3 nodes above and 3 below, title the existing 6 as in and out, each, and the new as In2 and out2, and server further down right.

If you interprete the node as a tunnel, it would be 3 tunnel in a row with now interchange in between, which is not possible.
So a node would a i2p node, aka router, IP, and thats not the way I2p works as described.

So your flowchart is wrong as your idea based on it.
See the link I send you above.
Or https://hal.inria.fr/inria-00632259/document which includes a simply flowchart of the real situation.

Or better to see: https://www.researchgate.net/figure/Acc ... _221655653
ok,please forget the diagram I drew.

Just to answer my two questions below:

1. Does the i2p website server(which run a .i2p domain site) or the last device running i2p in network tunnels, can get the hash of the target client?

2. Is it possible to collect the client hash and ip within the i2p network by running a long term i2p device?

thanks your paper, i will read it. thanks !
1. A I2P servive need a destination to send data back to. So the server appliance do get that address (which is NOT a IP address), but thats not the last hop in a tunnel.

2. client hashes and IP addresses are public to read out on each connect to a I2P node. But both are NOT bound to destination addresses or servies in I2P. Services/destinations do run ON clients, but not associated with client IDs.

Thanks, I've received your insights.

Finally, I would like to ask the following questions.

1. in the history of the i2p project so far, have any i2p users been arrested by the state?

2. If the state wanted to arrest a specific i2p user, how difficult would it be by the current state of the i2p network? Is it easy to achieve?

3. can i2p be used against state censorship?

4. Is the answer to the previous questions the same if operating an i2p website service?

Sincerely thank you.
>>o<<
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Is this a security issue that leaks src_ip?

Post by echelon »

bwdcal wrote: 13 Jan 2023 16:03
echelon wrote: 13 Jan 2023 12:20
bwdcal wrote: 13 Jan 2023 11:16

ok,please forget the diagram I drew.

Just to answer my two questions below:

1. Does the i2p website server(which run a .i2p domain site) or the last device running i2p in network tunnels, can get the hash of the target client?

2. Is it possible to collect the client hash and ip within the i2p network by running a long term i2p device?

thanks your paper, i will read it. thanks !
1. A I2P servive need a destination to send data back to. So the server appliance do get that address (which is NOT a IP address), but thats not the last hop in a tunnel.

2. client hashes and IP addresses are public to read out on each connect to a I2P node. But both are NOT bound to destination addresses or servies in I2P. Services/destinations do run ON clients, but not associated with client IDs.

Thanks, I've received your insights.

Finally, I would like to ask the following questions.

1. in the history of the i2p project so far, have any i2p users been arrested by the state?

2. If the state wanted to arrest a specific i2p user, how difficult would it be by the current state of the i2p network? Is it easy to achieve?

3. can i2p be used against state censorship?

4. Is the answer to the previous questions the same if operating an i2p website service?

Sincerely thank you.
Hi

1. We do not know? No one tells us, if one of the 100 thousands users worldwide ever used I2P were arrested.
2. If they know who a specific I2P user is, sure, why not? Depends on the way data is collected. I2P does NOT hide the fact you are using I2P, but it hides what you are doing inside of I2P. If you tell you are user ABC on I2P, they can arrest you. Or only for the reason using tools they do not like. depends on the country you live in.
3. yes
4. yes

echelon
User avatar
tunnel_king
Posts: 5
Joined: 07 Jan 2023 11:04

Re: Is this a security issue that leaks src_ip?

Post by tunnel_king »

1. in the history of the i2p project so far, have any i2p users been arrested by the state?
Possibly due to flaws within the Tails operating system not directly due to i2p

Clearweb source: https://tails.boum.org/security/Securit ... ex.en.html



2. If the state wanted to arrest a specific i2p user, how difficult would it be by the current state of the i2p network? Is it easy to achieve?

No but humans are hackable if you can be convinced to leave the network, open a document, torrent, or image.

3. can i2p be used against state censorship?

It's up to you to share information that would be blocked by the state.


4. Is the answer to the previous questions the same if operating an i2p website service?
Exact
bwdcal
Posts: 53
Joined: 07 Jan 2023 13:41

Re: Is this a security issue that leaks src_ip?

Post by bwdcal »

tunnel_king wrote: 16 Jan 2023 10:59 1. in the history of the i2p project so far, have any i2p users been arrested by the state?
Possibly due to flaws within the Tails operating system not directly due to i2p

Clearweb source: https://tails.boum.org/security/Securit ... ex.en.html



2. If the state wanted to arrest a specific i2p user, how difficult would it be by the current state of the i2p network? Is it easy to achieve?

No but humans are hackable if you can be convinced to leave the network, open a document, torrent, or image.

3. can i2p be used against state censorship?

It's up to you to share information that would be blocked by the state.


4. Is the answer to the previous questions the same if operating an i2p website service?
Exact
Thank you for your reply.

i2p is a meaningful project and I hope the i2p project grows better and better.
>>o<<
Post Reply