The Invisible Internet Project (I2P) is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).
This SonicWALL signature identifies legitimate (and illegitimate) I2P Proxy Access requests, e.g. GET http://www.domain.com/resource.i2p/abc. This signature does not cover encrypted I2P tunnels. In order to block UDP tunnels, enable SID 7; to block TCP tunnels, enable SID 5.
This signature will only block proxies setup on the outside that allow incoming HTTP Proxy requests to themselves. That is to say, some remote server is connected to the I2P network, and allows incoming HTTP Proxy requests, which it then connect into these tunnels running on their machine. The below signature is not sufficient alone to stop users behind your firewall from joining the I2P network (by creating encrypted tunnels to I2P peers).
|