I2P
What is I2P?
I2PThe Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing.
I2P (Invisible Internet Project) is an anonymous overlay network optimised for hidden services inside the network (eepsites at .i2p addresses) rather than as a proxy to the public web. Unlike Tor, every participant relays traffic, and connections use separate inbound and outbound unidirectional tunnels per session. Messages are bundled together via garlic routing, a variant of onion routing that wraps multiple cloves into a single encrypted message to hinder traffic analysis. I2P is used for anonymous browsing, messaging, file-sharing, and as a fallback C2 channel for malware crews when Tor is blocked. Defences mirror Tor: monitoring unauthorized I2P installations on endpoints with EDR, blocking known I2P bootstrap reseeds at sensitive perimeters, and using DLP on outbound traffic.
● Examples
- 01
Anonymous chat over I2P-only IRC and email services.
- 02
Some ransomware families rotating to I2P for C2 when Tor exit nodes are blocked.
● Frequently asked questions
What is I2P?
The Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing. It belongs to the Attacks & Threats category of cybersecurity.
What does I2P mean?
The Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing.
How does I2P work?
I2P (Invisible Internet Project) is an anonymous overlay network optimised for hidden services inside the network (eepsites at .i2p addresses) rather than as a proxy to the public web. Unlike Tor, every participant relays traffic, and connections use separate inbound and outbound unidirectional tunnels per session. Messages are bundled together via garlic routing, a variant of onion routing that wraps multiple cloves into a single encrypted message to hinder traffic analysis. I2P is used for anonymous browsing, messaging, file-sharing, and as a fallback C2 channel for malware crews when Tor is blocked. Defences mirror Tor: monitoring unauthorized I2P installations on endpoints with EDR, blocking known I2P bootstrap reseeds at sensitive perimeters, and using DLP on outbound traffic.
How do you defend against I2P?
Defences for I2P typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for I2P?
Common alternative names include: Invisible Internet Project.
● Related terms
- attacks№ 1165
Tor / Tor Browser
An anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
- attacks№ 755
Onion Routing
An anonymous communication technique that wraps a message in nested layers of encryption, with each relay removing one layer until the payload reaches its destination.
- attacks№ 271
Dark Web
A subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
- attacks№ 296
Deep Web
All web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
- network-security№ 1212
VPN (Virtual Private Network)
A technology that creates an encrypted, authenticated tunnel over a public network so that traffic appears to travel through a private network.
- privacy№ 274
Data Anonymization
Irreversibly transforming personal data so that no individual can be identified, directly or indirectly, even when combined with other available information.