diff --git a/router/java/src/net/i2p/router/transport/ntcp/EstablishState.java b/router/java/src/net/i2p/router/transport/ntcp/EstablishState.java
index f8ccf0814d785d9a63ce3c59b35a1e67083248f3..cae5a99d2e5020ed2f8dfffc4384e2a91c564978 100644
--- a/router/java/src/net/i2p/router/transport/ntcp/EstablishState.java
+++ b/router/java/src/net/i2p/router/transport/ntcp/EstablishState.java
@@ -549,17 +549,21 @@ public class EstablishState {
             Signature sig = new Signature(s);
             _verified = _context.dsa().verifySignature(sig, toVerify, alice.getSigningPublicKey());
             if (_verified) {
-                byte[] ip = _con.getChannel().socket().getInetAddress().getAddress();
+				// get inet-addr
+				InetAddress addr = this._con.getChannel().socket().getInetAddress();
+                byte[] ip = (addr == null) ? null : addr.getAddress();
                 if (_context.shitlist().isShitlistedForever(alice.calculateHash())) {
                     if (_log.shouldLog(Log.WARN))
                         _log.warn("Dropping inbound connection from permanently shitlisted peer: " + alice.calculateHash().toBase64());
                     // So next time we will not accept the con from this IP,
                     // rather than doing the whole handshake
-                    _context.blocklist().add(ip);
+					if(ip != null)
+						_context.blocklist().add(ip);
                     fail("Peer is shitlisted forever: " + alice.calculateHash().toBase64());
                     return;
                 }
-                _transport.setIP(alice.calculateHash(), ip);
+				if(ip != null)
+					_transport.setIP(alice.calculateHash(), ip);
                 if (_log.shouldLog(Log.DEBUG))
                     _log.debug(prefix() + "verification successful for " + _con);