i2pd icon indicating copy to clipboard operation
i2pd copied to clipboard
verified publisher icon PurpleI2P

NTCP2: Wrong static key in SessionConfirmed; incomplete http response from reg.i2p

Open slrslr opened this issue 1 year ago • 4 comments

The message appears numerous times in recent minutes when I run "tail -f /var/log/i2pd/i2pd.log":

00:45:04@677/none - i2pd v2.54.0 (0.9.64) starting...
00:45:42@347/error - NTCP2: Wrong static key in SessionConfirmed
00:45:54@347/error - NTCP2: Wrong static key in SessionConfirmed
00:48:33@341/error - Streaming: No packets have been received yet
00:48:53@341/error - Streaming: No packets have been received yet
00:49:13@341/error - Streaming: No packets have been received yet
00:49:33@341/error - Streaming: No packets have been received yet
00:49:52@483/error - Addressbook: Incomplete http response from reg.i2p, interrupted by timeout
00:49:59@347/error - NTCP2: Wrong static key in SessionConfirmed
00:50:52@347/error - NTCP2: Wrong static key in SessionConfirmed
00:51:41@347/error - NTCP2: Wrong static key in SessionConfirmed
00:51:56@347/error - NTCP2: Wrong static key in SessionConfirmed

Searching that errors does not return any helpful results.

This is on Debian 12 Bookworm, kernel 6.1.0-28-amd64 "loglevel = error" in /etc/i2pd/i2pd.conf

slrslr avatar Dec 04 '24 06:12 slrslr

NTCP2: Wrong static key in SessionConfirmed is believed to be produced by routers with software not fully compliant with I2P specification. It is, probably, not i2pd and not i2p java. Incomplete http response error is different. It is more linked to previous No packets have been received errors. I think it happens because yesterday DDoS attack was activated once again.

Vort avatar Dec 04 '24 09:12 Vort

produced by routers with software not fully compliant

Btw. the "Wrong static key" error happens on all my instances/systems: Debian 12 home PC Debian 12 VPS from a provider 1 Debian 11 VPS from a provider 2

on same systems the "Incomplete http response" happened only once and only on one system (Debian 12 VPS from a provider 1)

"No packets have been received" appeared this number of times since last restart (6 hours in all cases): 52x Debian 12 home PC (this PC is the only one actively using I2P through the Muwire app, other two VPSs are just running as relays) 4x Debian 12 VPS from a provider 1 0x Debian 11 VPS from a provider 2

@Vort

Incomplete http response error is different. It is more linked to previous No packets have been received errors.

On the "Debian 12 home PC" when I check that 6 hours log content:

sudo grep "Incomplete http response" /var/log/i2pd/i2pd.log
empty output

$ sudo grep "No packets have been received" /var/log/i2pd/i2pd.log;date
00:33:10@170/error - Streaming: No packets have been received yet
00:47:16@170/error - Streaming: No packets have been received yet
00:47:36@170/error - Streaming: No packets have been received yet
01:01:22@170/error - Streaming: No packets have been received yet
01:13:08@170/error - Streaming: No packets have been received yet
01:55:25@170/error - Streaming: No packets have been received yet
02:11:52@170/error - Streaming: No packets have been received yet
...

it looks like it is not related (does not appear at equal times or at similar times).

slrslr avatar Dec 04 '24 12:12 slrslr

Wrong static key might be sign of an attack

orignal avatar Dec 06 '24 02:12 orignal

This message appears in approximately the same amounts for years. If it caused by attack, such attack should last for a long time.

Vort avatar Dec 06 '24 09:12 Vort