[00:31] *** grody has quit IRC (Ping timeout: 255 seconds)
[01:23] *** toeshred has quit IRC (Ping timeout: 255 seconds)
[01:33] *** grody has joined #arpnetworks
[01:35] <pyvpx> there are plenty of ways to speak with the IPv4 world if you are IPv6 only internally. and if more folks were IPv6 internally, they'd naturally lean towars 'speaking' natively to the rest of the IPv6 world...and then IPv4 might be relegated to the token ring of history.
[01:35] <pyvpx> only problem is IPv6 still kind of sucks.
[01:52] <mercutio> the whole ipv4 vs ipv6 thing is interesting
[01:52] <mercutio> there's a high interest in being "ipv6 ready"
[01:52] <mercutio> but low interest in actually using ipv6
[02:21] *** toeshred has joined #arpnetworks
[02:41] <plett> grody: DECT doesn't use the 2.4G ISM band
[02:42] <plett> Not in the UK, at least
[07:28] <mkb> mercutio, if you've got a firewall dropping idle connections, do you know of any way to figure out where it is?
[09:35] <lily> so, apparently my host was ddosed over the weekend. gotta love spring break. the host is up but the network route is blackholed. whats the process for getting this back on the network?
[09:35] <lily> most places just do like 24 hour block, but this has been down for days now
[09:41] <milki> lily: send an email to support
[10:27] <NiTeMaRe> n locate /connect OFTC
[10:27] <NiTeMaRe> er
[10:28] <NiTeMaRe> try that again?
[11:01] <mercutio> mkb: it's usually the modem/router
[11:02] <mercutio> lily: any idea why it was ddosed?
[11:03] <lily> efnet haters
[11:03] <mercutio> erk efnet sucks
[11:03] <mercutio> i got ddos'ed on efnet once
[11:03] <lily> been there too long to leave
[11:03] <mercutio> because someone wanted my nick
[11:03] <lily> yeah
[11:04] <lily> I have a channel thats been established for a decade
[11:04] <lily> I am a popular target sometimes
[11:04] <BryceBot> That's what she said!!
[11:04] <lily> ;)
[11:04] <mercutio> efnet sucked a decade ago to
[11:04] <mercutio> too
[11:04] <lily> oh sure
[11:05] <mercutio> it's nothing new
[11:05] <mercutio> but last i knew they still hadn't implemented services
[11:05] <mercutio> or any kind of room management
[11:05] <lily> correct
[11:05] <lily> its the wild west
[11:05] <mercutio> or any way to hide what ip you're using
[11:05] <mercutio> so people get ddos'ed
[11:05] <lily> people get ddsed on every network.
[11:06] <mercutio> i haven't been ddos'ed since using efnet?
[11:06] <mercutio> since not using efnet
[11:06] <lily> ddos is the internet equivalent of tagging
[11:06] <lily> its stupid
[11:06] <mercutio> happens more in poorer areas?
[11:06] <lily> heeh
[11:07] <lily> I dunno, lots o popular websites get hit too
[11:11] <brycec> lol mercutio
[11:12] <lily> the IP I chat from is ddos protected (on another provider), and they dont usually decide to spray everything in my domain down
[11:12] <lily> but its spring break I guess
[11:12] <lily> packet party
[11:50] <mkb> mercutio, it's outbound from ARP
[11:53] <mercutio> mkb: damn i cant' follow now
[11:53] <mkb> mercutio: the connection dropping
[11:53] <mercutio> oh you're losing connections from arp to somewhere else?
[11:53] <mercutio> inside tmux or such
[11:54] <mkb> yeah
[11:55] <mkb> I mean like once a week
[11:55] <mercutio> is it routing via arp, or initiated from arp?
[11:55] <mkb> from here
[11:55] <mercutio> oh only once a week
[11:55] <mercutio> that could jsut be network glithces
[11:56] <mercutio> lots of adsl modems here used to drop connections after a minute or two idle
[11:56] <mercutio> which could easily be more than once a day if you didn't enable "keep alive"
[11:57] <mercutio> irc has server pings
[11:57] <mercutio> so is never truly idle
[11:57] <mkb> even IRC drops occassionally. network glitches it looks like
[11:57] <brycec> Doesn't tmux's default config have a clock, so it's redrawing at least once a minute.
[11:58] <mercutio> my freenode drops about once 1 to 8 weeks
[11:58] <mercutio> once every
[11:58] <mercutio> but sometimes if it drops once it'll drop again shortly after
[11:58] <mercutio> brycec: yeh
[11:58] <mercutio> brycec: but i think he's talkinga bout losing irc connection?
[11:58] * mercutio does tmux deatch sometimes
[11:59] <mercutio> well ^Bd
[11:59] <mkb> brycec, if I ssh from inside tmux that connection could be idle (not that ssh doesn't enable keepalive)
[11:59] <mercutio> like when i'm sick of getting distracted :)
[11:59] <mkb> heh
[11:59] <brycec> Very true. I didn't know if you were running tmux on the remote side
[11:59] <brycec> (s/running/using/)
[12:02] <mercutio> ssh doesn't enable keepalive by default
[12:02] <mercutio> i don't have keepalive enabled anywhere myself.
[12:03] <mkb> mercutio, man ssh_config, /TCPKeepAlive
[12:03] <mkb> 'The default is "yes"'
[12:03] <mercutio> it does key renegotiation occasionally, but that's not often enough to stop nat systems that drop connections a lot
[12:03] <mercutio> mkb: oh?
[12:03] <brycec> But that's not the same as the server ping. That's just a basic TCP keepalive packet
[12:03] <mkb> right
[12:04] <mkb> ServeAliveInterval is server ping and that is disabled
[12:04] <mercutio> i think you need tcp keealive enabled in kernel for that?
[12:05] <mercutio> oh it does have that enabled by default too.  interestnig.
[12:05] <mkb> BSD wll do it when SO_KEEPALIVE is set on the socket or the global sysctl is set; I would hope Linux does too
[12:05] <mercutio> i'm out of date it seems :)
[12:05] <mkb> I just looked at BSD's code this morning :)
[12:06] <mercutio> where are you sshing to from arp?
[12:06] <mercutio> is it to your home or something that has nat and a cheap router?
[12:06] <mkb> I'm not. I used to use bgp-spamd and the bgp connection would come undone all the time (it keeps a counter and bgpctl show displays it so I noticed...
[12:06] <mkb> now there's freenode
[12:07] <mkb> what prompted the question was a connection to arp actually
[12:07] <mkb> I leave my work computer on and connected and it's invariably disconnected in the night
[12:07] <mercutio> basically most cheap adsl/vdsl/cable/etc routers have really short timeouts to conserve memory
[12:07] <mkb> at work we've got our own AS and real routers :)
[12:07] <mercutio> memory got raised a while ago, but i think the short timeouts persisted to a degree.
[12:08] <mkb> but the firewall may be interfering
[12:08] <mercutio> my desktop is still crashing :(
[12:09] <mercutio> i was trying to test ssh connections dying
[12:09] <mkb> anyway I left it on with TCPKeepAlive no and ServerAliveInterval on so we'll see what that does
[12:09] <mercutio> i'm going to do it from my server :/
[12:09] <mercutio> ok two ssh's to arp to persist inside a tmux :)
[12:10] <mercutio> i still can't figure out why my desktop is crashing
[12:13] <mercutio> also the ethernet is wedging occasionally, for some strange reason too
[12:14] <mercutio> which seems strange considering it's i217v
[12:16] <mercutio> oh seems like it could be a tso bug from what google says
[12:17] <mercutio> it seems both intel and broadcom seem to acquire a lot of bugs.
[12:17] <mercutio> and are both the generally "preferred" server ethernet adapters.
[12:31] *** HotTopic has joined #arpnetworks
[12:33] *** HotTopic has left 
[13:31] *** pjs has quit IRC (Read error: Connection reset by peer)
[13:32] *** pjs has joined #arpnetworks
[13:33] *** pjs is now known as Guest1495
[13:36] *** t1495Gues has joined #arpnetworks
[13:39] *** Guest1495 has quit IRC (Ping timeout: 255 seconds)
[13:48] *** t1495Gues is now known as pjs
[14:30] <mkb> mercutio, get to work implementing the new RFC into your TCP stuff :)
[14:30] <mkb> scenic routing
[14:31] <mercutio> haha
[14:31] <mercutio> i have not seen, got a link?
[14:32] <mercutio> i've just noticed that on fast hosts, using my own curl instead of curl improves performance significantly
[14:32] <mercutio> i mean i knew it used less cpu and could go faster on really fast networks.
[14:32] <mercutio> i just didn't expect normal fast hosts for it to make a difference
[14:33] <mercutio> of like 10 to 20% or something
[14:34] <mercutio> kind of makes me want to make my curl less ugly :)
[14:44] <mkb> https://tools.ietf.org/html/rfc7511
[14:44] <brycec> Don't forget https://tools.ietf.org/html/rfc7514
[14:45] <mercutio> damn it needs ipv6
[14:45] <mercutio> RECN
[14:45] <mercutio> haha
[15:01] <RandalSchwartz> something odd on kvr07?
[15:01] <RandalSchwartz> my server just went wonky
[15:03] <RandalSchwartz> I'll try a reboot
[15:15] <mercutio> how does amazon get away with having such terrible search?
[15:17] <RandalSchwartz> yeah - my server still running like molasses
[15:18] <mercutio> sems strange
[15:18] <mercutio> bad network or disk or cpu or what?
[15:18] <RandalSchwartz> not sure
[15:18] <mercutio> tracing to kvr07 looks fine
[15:18] <brycec> (heh, I used to have a vps on kvr07, but no longer)
[15:18] <RandalSchwartz> yeah... it seems better now.
[15:19] <RandalSchwartz> maybe had a noisy neighbor for a bit
[15:20] <RandalSchwartz> first thing that broke was ssh
[15:20] <RandalSchwartz> hmm.  just got a nagios "total processes" alert
[15:21] <RandalSchwartz> maybe I'm getting mail-bombed?
[15:21] <RandalSchwartz> (it's our mail machine)
[15:22] <mercutio> is it in swap?
[15:22] <RandalSchwartz> looking now
[15:22] <RandalSchwartz> no...
[15:22] <mercutio> i've noticed an increase in smtp auth attacks recently in general
[15:22] <mercutio> ssh has had them for ages regularly
[15:23] <mercutio> but smtp used to be much more occassional
[15:23] <RandalSchwartz> loadav only 2.35
[15:23] <mercutio> i like to stay under 0.6 myself :)
[15:23] <BryceBot> That's what she said!!
[15:23] <mercutio> of course that's an arbitary number.
[15:23] <mercutio> and bsd has higher load averages than linux etc.
[15:24] <RandalSchwartz> total procs only 93
[15:24] <RandalSchwartz> I wonder what my alert is looking for
[15:24] <mercutio> 2.35 on bsd isn't so bad
[15:24] <mercutio> doesn't it tell you?
[15:24] <mercutio> it may have culled smtp processes?
[15:24] <RandalSchwartz> I'm just viewing through pagerduty
[15:24] <mercutio> are you using postfix?
[15:24] <RandalSchwartz> yes
[15:24] <RandalSchwartz> because M4 sucks. :)
[15:25] <mercutio> do you have maxproc set for smtp in master.cf ?
[15:25] <RandalSchwartz> hmm.  good question
[15:25] <mercutio> it defaults to off
[15:25] <mercutio> but i recommend setting it
[15:25] <RandalSchwartz> yeah, that would make sense
[15:26] <mercutio> my personal mail server has it set to 8
[15:26] <mercutio> buut if lots of users i'd set it a  bit higher
[15:26] <mercutio> well it depends
[15:26] <mercutio> i'm going straight through to amavis too
[15:26] <mercutio> so that amavis procesess it before it hits quueue
[15:27] <mercutio> smtpd_client_connection_count_limit=2
[15:27] <mercutio> i'm also setting that
[15:27] <mercutio> so that any one client can't do more than 2 connections
[15:27] <RandalSchwartz> looks like it defaults to 100
[15:27] <RandalSchwartz> so yeah - I can probably crank that back
[15:27] <mercutio> yeah
[15:28] <mercutio> if you do the client connection limit it'll make you get less alerts
[15:28] <mercutio> if one user throws many connections at it
[15:28] <mercutio> if you get 25,000 connections you're screwed whatever you do :)
[15:28] <RandalSchwartz> heh
[15:28] <mercutio> welll ddos type from random ip's
[15:29] <RandalSchwartz> ok - changed value and "service postfix restart"
[15:29] <mercutio> you only need reload
[15:29] <mercutio> it can take up to a minute for reload to work
[15:29] <RandalSchwartz> I'm never sure, especially on master.cf
[15:29] <mercutio> but reload is all you need on most postfix changes
[15:29] <RandalSchwartz> simple enough to just restart
[15:29] <mercutio> ok.
[15:29] <RandalSchwartz> server seems sensible now.
[15:29] <RandalSchwartz> haven't rebooted it in quite a few months though
[15:29] <RandalSchwartz> maybe it was just being bitchy
[15:31] <RandalSchwartz> anyway... pagerduty is happy again.
[15:32] <mercutio> heh.
[15:32] <mercutio> postfix has heaps of new things i haven't paid attention to
[15:33] <mercutio> the last big change i made is goign straight to amavis instead of going through the mail queue first.
[15:37] <RandalSchwartz> I'm using mailroute.info instead
[15:38] <mercutio> haven't heard of it
[15:38] <mercutio> i've been using amavis forever
[15:38] <mercutio> there may be better options now, but don't want to use something external really
[15:38] <RandalSchwartz> it's a paid service
[15:38] <RandalSchwartz> they have access to information I can't possibly have
[15:39] <mercutio> i don't get much spam
[15:39] <mercutio> i do get quite a few promotions
[15:39] <mercutio> especially from amazon
[15:39] <RandalSchwartz> merlyn@stonehenge.com has been very public for two decades
[15:39] <mercutio> and the normal linkedin crap etc.
[15:39] <mercutio> most of my spam comes from google, yahoo etc.
[15:40] <mercutio> ie free email
[16:18] <up_the_irons> lily: lol "packet party"
[16:18] <lily> :)
[16:19] <up_the_irons> mercutio: and lol for suspecting DDoS happens more in poorer areas ;)
[16:28] <mercutio> up_the_irons: well it was more tagging that happened in poorer areas
[16:28] <mercutio> err happens
[16:29] <mercutio> ddos's on efnet are probably just young kids
[16:29] <mercutio> when i was yonger making free phone calls was popular etc.
[16:29] <mercutio> but now things seem more destructive towards individuals
[16:30] <up_the_irons> yeah
[16:59] <mercutio> why does windows run out of memory with 32gb of ram on a desktop?
[17:00] <mercutio> bloody braindead.
[18:47] *** dj_goku_ has joined #arpnetworks
[18:49] *** dj_goku has quit IRC (Ping timeout: 265 seconds)
[19:46] *** cloudkitsch has joined #arpnetworks
[20:44] *** cloudkitsch has quit IRC (Remote host closed the connection)
[21:13] <mercutio> i need a proper target to test on verizon's network, anyone got any ideas?
[21:15] <mercutio> something that doesn't block ping
[21:16] <mercutio> oh, verizon.net :)