shifttstas 28 Sep 2012 in 20:31

I2P: Operating principles of basic network services

3 min

53K

Today we will talk about what it is NetDB, SusiDNS and about the initial initialization of the I2P network.

Very soon the Internet in Russia will become not free, Various providers are already blocking certain sites.

And a blocked resource has two ways:
1) Hope that the user will access the site through a proxy/VPN
2) Move the site to a decentralized, anonymous network

PS Perhaps, I can only call I2P a real decentralized and anonymous network, TOR does not fall under this definition, due to the fact that the principle of the TOR network is different - multi-level proxy access to the regular Internet, and .onion resources as a nice bonus.

In an I2P network, everything is the other way around, the main thing is internal resources and the external proxy is a bonus.

How the initial initialization of an I2P network occurs?

After downloading the distribution and installing it, the I2P network tries to initialize, searching for local nodes By NetDB (DHT) if no nodes are found, the initial list of nodes is requested by

specific http(s) addresses.

An interesting feature: nodes that are obtained during initial initialization cannot be final when accessing internal sites. (This is done in order to eliminate the possibility of the government creating nodes and analyzing traffic) if the node is created by a malicious group of people, then it will still only transmit anonymous traffic to another node, no more.

After receiving the first addresses of I2P network participants via a standard https connection, the client tries to connect to them and NetDB starts.

What is NetDB?

The simplest definition of NetDB technology is like DHT in the Torrent protocol.

NetDB is a distributed database of network participants, it is through it that access tunnels to sites are configured, but what is interesting is that your personal ID is not sent to the network, so it is impossible to make an analogy between IP and I2P ID.

Of course, NetDB also stores keys that indicate the authenticity of the information published there.

What else is stored there??
— Node tunnel installation statistics
— Number of successfully established connections through the node
— Number of dropped connections
— Timeout time when accessing a node
— Router version (I2P client)

The NetDB network supports all the same peer ban functions as the DHT network in the torrent protocol (for example, if the router’s ratio of successfully completed connections to connections with errors is too high)

Thus, once you have established a connection to NetDB, you will always have access to the I2P network in the future.

And on a special website - stats.i2p you can see the current state of the network, which is determined through NetDB:

Floodfill routers are those routers that have a fully up-to-date NetDB database or close to up-to-date

What is SusiDNS?

Resources on the I2P network have their own top-level domain - .I2P
But since there are no IP addresses in I2P, the DNS service there is special.

Essentially, DNS in I2P is a huge hosts file.
Initially, the distribution is able to obtain the I2P host: internal ID ratio only from the native registrar, but there are many registrars on the network that allow you to register your site, no matter what it is and no matter what you write about on it.

The most popular — http://inr.I2P

But you don’t have to subscribe to domain registrars; you can save the match for each name yourself.

Using jump services or entering a long hash of the host address.

Thus, at this stage the network is fighting cyberstuttering.

But in any case, when the network gains popularity, there will most likely be 1 registrar (or no more than 3, the most popular) and it is for registration that they will (pay money?) fight.

It is also possible to use the Namecoin service in place of the existing DNS network in I2P; at the present time, active developments are underway in this direction.

Official project website: http://i2p2.de

What else to read about I2P:
Preparing for the onset of the Great Russian Firewall
I2P - Creating your own website
I2P – Invisible Internet Project

Tags:

Hubs:

+41

+61

Shift @shifttstas

User

Comments 61

essential55 28 Sep 2012 in 22:23

I read it. But I still didn’t understand the basics of how it works. Either I'm stupid or you didn't explain them in detail.

+23

shifttstas 29 Sep 2012 in 07:37

If you don’t understand something, ask what exactly, and either this article will be expanded or an addition will be written.

negodnik 29 Sep 2012 in 13:51

Apparently, the basics of functioning.

shifttstas 29 Sep 2012 in 15:14

I ask specifically, what is not clear? the principle of functioning of anonymous decentralized networks in general or what?

blackarrow 29 Sep 2012 in 17:26

Have you ever thought about setting out to translate the first 3 parts of the official Index to Technical Documentation? — www.i2p2.de./how.html? Popularization is really needed, and in Inglese everything is well structured. I think this is the best thing that can be done now.
By the way, if you know, perhaps you can comment on this point - my number of transit tunnels is usually not very large, in the range of 5-20, the traffic is very small, although the speed settings are turned up to the channel maximum, everything is OK with the network. Somehow, after demolishing the router with manually deleting all the files and the router itself and data on all peers (stored in a separate folder), I installed an update (something from the latest 0.8x) from scratch and a strange thing happened - from the moment of launch within a few hours there was a stable, more or less even growth of transit tunnels up to 1000-1500 when the router itself began to discard them due to overload, a couple of times I was transferred to floodfill mode, as a result my Internet began to slow down and I set a limit on transit tunnels in the settings to a couple hundred. The main thing is that I didn’t tweak anything for this, just speed. After the next update, the number of transit tunnels returned to 5-20 at least. Where could the dog rummage??

shifttstas 30 Sep 2012 in 03:40

I'll look at the official documents and try to translate

StrangeAttractor 28 Sep 2012 in 23:53

Put. More than half an hour passed before the sites began to open. Let's hope it's generally faster than FreeNet…

ValdikSS 29 Sep 2012 in 01:44

Depends on the number of peers. Typically, connecting to a sufficient number of peers for the first time takes hours 6.
By the way, this is not talked about much, but it is very important: You need to wait 11 minutes before starting a previously disabled client!

Disasm 29 Sep 2012 in 02:26

Is there any explanation for this secret knowledge??

ValdikSS 29 Sep 2012 in 02:32

So that all tunnels fly off after a timeout. If you don't wait 11 minutes, you won't be able to raise these same tunnels.

blackarrow 29 Sep 2012 in 00:47

It would be nice to add a comment to the graph with router statistics: what is a floodfill router?.

shifttstas 30 Sep 2012 in 03:40

Added

A UFO flew in and published this inscription here

shifttstas 29 Sep 2012 in 06:57

But I’m not saying that, I’m just saying that they have different principles and different network goals.

StrangeAttractor 29 Sep 2012 in 10:51

Tor has its own buns, i2p has its own.

Logical. But is it possible to go into more detail from this point??

shifttstas 29 Sep 2012 in 11:13

I wrote at the beginning of the article, TOP - for access to external sites, i2p - separate Internet

A UFO flew in and published this inscription here

shifttstas 30 Sep 2012 in 03:41

I agree, Thor is more adapted for housewives, but it is used by more people at the moment, if i2p is used by more than 100,000 people, then I think the developers will finish everything

iTs 29 Sep 2012 in 04:20

The admin of stats.i2p, who blocks domains at his discretion, receives rays of hatred.

shifttstas 29 Sep 2012 in 06:57

Are you talking about their DNS book??

Shirixae 29 Sep 2012 in 05:35

Thus, once you have established a connection to NetDB, you wake up in the future you will always have access to the I2P network.

Excuse me, who am I waking up??

-8

tangro 29 Sep 2012 in 07:33

I decided for myself that I will definitely live to see the time when all grammatical errors will be written in a personal message to the author!

Duncan McLound

+11

mtp 29 Sep 2012 in 07:31

Very relevant in view of the fuss about the video

shifttstas 29 Sep 2012 in 07:35

Thank you) If Habr users are interested in this, then I plan to make a series of articles about I2P:
1) I2P network resistance to filtering and de-anonymization
2) Review of non-core internal services (torrent, mail, etc.)
3) Plugins for I2P

Doman 29 Sep 2012 in 08:14

4) Ways to prevent I2P from working, further development (some kind of I2P v2).

Just wondering how a state(s) can block access to an objectionable site in I2P?

powerman 29 Sep 2012 in 09:41

At a minimum, if the server on which the i2p website operates also provides access to its web server from the regular Internet, then there are techniques that allow one to determine with a reasonable degree of probability that a given i2p website is hosted on this server. And then the server is seized/studied/closed as usual. It seems like there was once an article on this topic in [Aker]. So, when raising an i2p site, at a minimum, it is worth doing it on a dedicated server, on which there are no other network services except i2p.

shifttstas 29 Sep 2012 in 09:43

It depends on who you are hiding from, if it is from a specific country, you can keep the site on the us territory, and for Russians you can give access via i2p, but if the site is illegal for all states (such as Silkroad) - then yes, only i2p

powerman 29 Sep 2012 in 10:49

The point is not who to hide from (especially since states will be able to agree on such issues among themselves), and it is not a matter of breaking the law. The point is that officials are ordinary people pursuing their own interests, and they should not have a simple and cheap opportunity to block sites they don’t like.

A pig will always find a puddle. I heard that there are sites on the Internet with child porn, with propaganda for terrorism/incitement of hatred/etc. But I've never seen them. Because I just wasn’t looking. And they absolutely do not interfere with my life. In order to get into shit on the internet, you have to purposefully search for that shit and open it. But even if this happened by accident and not intentionally (advertising/SEO/black lords on Habré), then there is nothing easier than closing the current page and throwing it out of your head. Unlike the real world, where this shit comes to you on its own (through TV, a mailbox, a rally in the square through which you just need to walk), everything is different on the Internet - don’t look for shit, and you won’t get into it.

In any case, even if the states are incredibly white and fluffy, the fight against sites is a fight against the effect, not the cause. If you want to solve the problem of child porn, find sites, through them find the people who film it (by committing specific actions that violate the laws) and imprison these people. Leave the websites, they will help catch the next ones who decide to start this business. As for the perverts who just watch it, it’s better to watch what has already been filmed than to satisfy their needs in other ways that may not be so harmless to others. Again, this makes them easier to identify and control. But, in practice, all this is really complex work, which is not at all as interesting to do as simply doing PR by blocking sites or closing library sites citing mythical lost profits..

The problem with current networks like i2p is that firstly they have security problems (i.e. they do not perform their main function), and secondly they have speed problems. And if they solve the security problems sooner or later, then there will not be normal speed until they begin to be used en masse. And in order for there to be a chance for the mass use of these networks, the state must just continue to do what they are actively doing now - block YouTube, VKontakte, persecute torrents... so all that remains is to wish the state good luck.

powerman 29 Sep 2012 in 09:54

Darknets and hidden servers: Identifying the true IP/network identity of I2P service hosts

shifttstas 29 Sep 2012 in 11:14

I didn’t see anything specific about website hacking in this article..

powerman 29 Sep 2012 in 11:27

It describes a set of more than specific techniques with the help of which it was possible to determine the real IP addresses of servers hosting a noticeable percentage of .i2p sites. Those. This is a security issue for the i2p network. The point is to use i2p if you can still be identified?

shifttstas 30 Sep 2012 in 03:42

It is possible if either the server is hacked or if the server is visible from the regular Internet, I did not see any other threats

Ajex 29 Sep 2012 in 09:52

As far as I know, Namecoin did not take root in i2p, although it was initially received very positively by the community. Here you can read a little
bitcointalk.org/index.php?topic=60879.0
bitcointalk.org/index.php?topic=61486.0
Then DIANNA was born bitcointalk.org/index.php?topic=64282.0
But everything is still complicated there.
If anyone has a desire to participate in the development of this project and, perhaps, perpetuate their name in the history of Internet development, you can contact the topic starter for the above topics.

shifttstas 30 Sep 2012 in 08:43

It seems to me that in the near future this system will appear in i2p

SLY_G 29 Sep 2012 in 10:09

The software for this network left a depressing impression, as did the instructions.
Until there is a simple package, at the level of “launched the installer and everything works,” there will not be a large influx into this network.

f_s_b_37 29 Sep 2012 in 10:14

There is portable assembly.
Paranoids, of course, will not approve. But it really started up, I waited until it warmed up, it worked.

StrangeAttractor 29 Sep 2012 in 10:59

Until there is a simple package, at the level “run the installer and everything works»

So last night I downloaded it, launched it, everything works. Placed in one folder, launched by one script, no settings, everything works. There are exactly two things that are not obvious (and only for those who are not at all in the subject, but in my opinion it is better for such to stay away from tools whose structure you have no idea about): you need to register proxy 127.0.0.1:4444 in the browser and wait until peers are found.

SLY_G 29 Sep 2012 in 11:50

Haha.
Most people have no idea how the Internet works. Or GSM connection.
And yet.
Here they are trying with all their might to promote the i2p network, but for the average Windows user it is difficult to set up. This is a significant problem in the way of its spread.

StrangeAttractor 29 Sep 2012 in 13:36

Why is it difficult? Is it difficult to enter proxy settings in your browser? Well, okay, for those who are really dumb, you can make a distribution that registers a proxy in the registry or installs a separate special browser (made in a few minutes on any WebKit component). This will solve the problem?

f_s_b_37 29 Sep 2012 in 14:39

Not so long ago the same thing was said about p2p. But the tightened nuts did their job.

ComodoHacker 29 Sep 2012 in 16:26

I would like to draw your attention to the fact that they are trying to promote the i2p network for the IT community, and not for the “regular Windows user.” These are the first steps.

StrangeAttractor 29 Sep 2012 in 18:00

No one here is trying to promote anything. ;-)

StrangeAttractor 29 Sep 2012 in 19:46

where to see that everything has warmed up and can be used

Well, “look” - as far as I understand, in the left panel of the system’s web interface is the “peers” section, the more numbers there, the better, it seems that Known should be at least 200. It still works with great difficulty, Most sites either do not open (finding the address of a live i2p site is generally a rare success, as it seems to me) or open on the nth attempt. Often, instead of a site, a page opens that it was not found with a proposal to find it through a “jump” service, when it is found you need to click on the link so that the address is added to the address book and the site opens.

In order for DNS to work, you need to register (I2P Internals - Addressbook - Subscriptions) where to get the hosts files from, I somehow came up with this list (before each line you need to have some keywords, I removed it because the parser will eat it anyway):

www.i2p2.i2p/hosts.txt
i2host.i2p/cgi-bin/i2hostetag
stats.i2p/cgi-bin/newhosts.txt
inr.i2p/export/alive-hosts.txt
rus.i2p/hosts.txt

Some monitoring of live sites can be seen on the site perv.i2p. The Russian Forum (including an attempt to catalog Russian-language resources) and WiKi live at forum.rus.i2p and rus.i2p, respectively. These sites work quite quickly and stably, if they don’t work, it’s either not warmed up yet or something is wrong.

Don't forget to set up an HTTP proxy in your browser (127.0.0.1:4444).

In general, I installed it less than a day ago, so you shouldn’t take the results of my anti-scientific poking too seriously.

StrangeAttractor 29 Sep 2012 in 19:48

Sorry, the previous long comment is a response to Semy, I guess I clicked in the wrong place.

StrangeAttractor 29 Sep 2012 in 13:37

But this question crept into my mind: if you take and install such a server with i2p on colocation, without physically removing (or hacking) the server it will be impossible to determine what and to whom it distributes?

StrangeAttractor 29 Sep 2012 in 13:40

And besides, I read somewhere that i2p is much more difficult to stop (and maybe even just detect) than TOR. Is this so, and if so, why?.

StrangeAttractor 29 Sep 2012 in 13:42

And for that matter, no one is perfect, what are the disadvantages and weaknesses of i2p??

Semy 29 Sep 2012 in 19:04

I see an obvious weakness in DNS in the current implementation.

shifttstas 30 Sep 2012 in 03:43

I agree, as I described above, the development team is working on integrating namecoin into i2p

Semy 29 Sep 2012 in 19:03

I tried to install it and launched it. And I can’t understand where to see that everything has warmed up and can be used? And yet, does it work due to an uncontrolled NAT? And then from the FAQ I understood that it should listen to incoming connections.

StrangeAttractor 29 Sep 2012 in 19:49

I missed the answer, it turned out higher: habrahabr.ru/post/152771/#comment_5196093

Semy 30 Sep 2012 in 02:43

Thank you, I read it.

Semy 30 Sep 2012 in 02:46

Quote from here: www.shpargalko.ru/tag/i2p/
What happened to forum.i2p2.de? Yes, again.

Considering that the official i2p2 forum has been down for about three weeks, it’s worth clarifying the situation. As stated on the developers forum, this is because of the Russian-language thread. Due to the political situation in Russia - and its discussion on the forum - the server is under a severe DDoS attack. Probably carried out by some pro-Kremlin forces.

shifttstas 30 Sep 2012 in 08:45

I wonder what was wrong with him that they started dosing him, and he’s been lying there for not 3 weeks, less…

RubtsovAV 6 Oct 2012 in 04:42

Another reason to join in and learn everything first-hand. Doesn’t the Kremlin understand that online bans only increase interest??

RubtsovAV 6 Oct 2012 in 05:21

And how do i2p packets travel over the network? Encapsulation in TCP/IP? If so, then you can simply collect the IP addresses of all i2p participants and assign them to terrarists/pedophiles/extremists/drug lords/(substitute as appropriate). Right now I see how on the zombie box in the news they are scaring how “Terrorists and pedophiles are creating their own Internet».

Raegdan 13 Nov 2012 at 07:47

This will already be a presumption of guilt, which is the wildest savagery. Or we will have to introduce an article about liability for the use of i2p - which is no less savage. Although, given that the State Duma is now spitting illegal laws like a maddened machine gun, this may not be far off.

RussianNeuroMancer 13 Nov 2012 at 15:24

> Or we will have to introduce an article about responsibility for using i2p - which is no less savage.
izvestia.ru/news/535724

Raegdan 14 Nov 2012 at 01:06

This is already a button accordion, as far as I know, they didn’t even get to the point of introducing a bill - so they got carried away and forgot. But, I repeat, I would not be at all surprised if tomorrow they introduce a bill, the day after tomorrow they chew it up in three readings and the next day they spit it in our faces.

RussianNeuroMancer 14 Nov 2012 at 10:01

> This is already a button accordion
Well, here's something fresh: izvestia.ru/news/539532

Only full-fledged users can leave comments. Sign in, Please.