I've been messing around with crawling the netdb with snex to see whats out there. Found 2 destinations this way that gave us access to add torrents through a web panel. If this can be done, be prepared to receive clown porn, maybe a podcast or show for good measure

The second case also gave us access to the router console, torrents were added through snark. A message was sent and they seemed to have fixed it now. I don't think any "real" damage was done (we did try to get access to filesystem) besides changing the router console language to spanish. Also, susimail will leave the username available this way, very dangerous obviously, as this allowed us to link the ident with an ip address obtained from the router console as well as see any services they were hosting.

please use auth / encrypted leasesets

Comments

You must log in or register to comment.

aaa wrote on July 26, 2025 at 5:32 AM

Can you explain what you're doing in more detail and advise how to protect yourself from it?

cumlord OP wrote on July 27, 2025 at 3:06 PM

it's the same thing notbob is doing from notbobs post wrote about it some here:

encrypted leaseset for stuff you don't want found and making sure auth is enabled with the biglybt webui are the best ways (or disabling the webui)

any leaseset is stored in the netdb, and the netdb is stored by floodfills. if you run a floodfill you can watch the leasesets come in from peers and try them with a scanning tool. in practice and even with only a router or 2 designated for this you can scan a majority of the steadily available content in i2p that isn't registered within a week or 2 probably