[03:39] *** ziyourenxiang has joined #arpnetworks [04:23] *** ziyourenxiang has quit IRC (Quit: Leaving) [10:58] *** freekevin has quit IRC (Changing host) [10:58] *** freekevin has joined #arpnetworks [11:09] *** freekevin has quit IRC (Quit: vagina) [11:10] *** freekevin has joined #arpnetworks [11:10] *** freekevin has quit IRC (Changing host) [11:10] *** freekevin has joined #arpnetworks [13:08] i can't help but be fascinated by the linode ddos attacks. [16:04] *** carvite has quit IRC (Ping timeout: 250 seconds) [16:09] *** carvite has joined #arpnetworks [16:15] mercutio: why? [16:15] JC_Denton: they've been ddos'ed since xmas. [16:15] with a multi-targeted attack. [16:15] ah, yeah. the continuing presence is pretty crazy. [16:15] i wonder who they irked. [16:15] i dunno sometimes you hear of sites getting ddosed for a day or two [16:16] but a week for a vm provider i find kind of interesting. [16:16] i also wonder how many customers they have lost [16:16] probably a few [16:17] i know a few linode users and it sounds like the support staff have been somewhat unsympathetic [16:27] it's not their fault their getting ddosd by some pricks.. [18:41] JC_Denton: it's actually pretty hard to be sympathetic when you're actively dealing with issues. [18:41] JC_Denton: what often happens is someone who doesn't know what is happening so well responds to messages, while someone else deals with the problems. [18:41] and so you're left with incomplete responses, but at least some kind of response, and not tying up people dealing with the issue. [19:00] oh, i agree [19:00] but you shouldn't be snarky [19:00] oh i didn't realise they were being snarky [19:00] i actually choose ARP over Linode, because i didn't like support's unusual IPv4 space justification requests [19:00] they were getting ddosed for many days though, so there may have been some sleep deprivation involved. [19:01] heh well linode is he.net in california too. [19:01] i have my ipv6 he.net shirt ... somewhere [19:01] i actually chose lots of providers originally [19:01] it's more like who i dropped :) [19:02] but i have this weird fascination with liking to see how the internet performs from different vantage points.. [19:03] which i suppose is like being fascinated with the weather in various locations around the world :) [19:03] yeah, i remember what it was. to get additional IPv4 space, they wanted me to send them the SSL certificates i intended to use. [19:03] very weird. [19:03] oh what [19:03] and i'm like, guys, it's a /28 not some huge block [19:04] i've bounced around providers before [19:04] i think asking for justifaction for a /28 is reasonable [19:04] but don't have to get ssl certs. [19:04] stuck with slicehost for a good long while until they got absorbed [19:04] slicehost were terrible [19:04] justification, sure. but i'm not giving you certs. [19:04] they were using these amd opterons that performed very slowly [19:04] and often had disk i/o issues [19:05] they also apparently scan their customers with additional space to verify you're "using it correctly" [19:05] and i'm like, no... [19:05] heh i heard about that happening in a wide way one time. [19:05] i have never seen any proof though [19:05] i had a big enough slice that i was virtually dedicated [19:05] got in early and had really, really good pricing that was grandfathered [19:05] but lots of people are sitting on unused /24s etc [19:05] when rackspace came in, they didn't honor that deal [19:05] definitely [19:05] That's what she said!! [19:05] the thing is that lots of people are misusing /16s. [19:06] and the /16s matter so much more than the huge volume of /24s [19:06] the old ISP i used to work for would routinely sell /24s without asking [19:06] to their credit, they were really, really prompt with canning abuse [19:06] i kind of wish i got a /24 early [19:06] but you'd get old school folks who sat on their /24s [19:06] or did silly stuff [19:06] or like a /22 [19:06] we had a guy who had a /24 routed to his DSL line and he gave like 10-20 of his machines public addresses [19:06] these were Windows XP machines, no less [19:07] eek [19:07] actually that was really common years ago [19:07] because dialup etc would give people direct connection [19:07] and the first adsl, cable modems and so on just gave a single computer a direction connection. [19:08] s/direction/direct/ [19:08] and the first adsl, cable modems and so on just gave a single computer a direct connection. [19:08] on cable networks there was also often broadcast enabled [19:08] and you could sniff other computers on your lan [19:08] lots of people ran web servers etc on their cable connections too [19:08] after he got dcom'd, he asked for a custom firewall, which the company was all too happy to provide (lots of money from custom stuff and consulting) [19:08] so you could do a port scan on the cable network and find lots of web servers [19:09] ahh [19:09] heh, i run a small web server on my cable connection, but it's pretty much for my use [19:09] yeah it was popular originally [19:09] then it wasn't, and now it is a bit [19:10] i just scp stuff personally [19:10] the problem is if you get popular, you get hammered a bit [19:10] and your upload tanks [19:10] yeah [19:10] well i have cloudflare in front of mine, and still my own server [19:10] i'm not rich enough to multi-home my home connection [19:10] but i've known folks that have done it [19:10] i'm half multi-homed [19:10] usually cable + dsl, with the dsl being a backup [19:11] or it being the "server" half of the connection [19:11] ie the same addresses on two dsl connections [19:11] but i'm default routing out and have to manually change default route to change connections [19:12] and because they're both dsl, they can both go down at once [19:12] like both of them got cut a few months bakc [19:12] because people weren't sensible when digging [19:12] yeah, that manual change stuff is meh [19:12] i've got comcast and my v4 address rarely changes, but my v6 subnet will sometimes change for no apparent reason [19:13] i don't mind manual change at all for home [19:13] so i've got to finangle some configs around [19:13] mostly routing + my vpn server [19:13] i could automate it [19:13] and they terminate in two places at least [19:14] for home use i figure there's no reason to need things to instantly keep working [19:14] as long as you can fix it in a timely fashion [19:14] and i have backup route over the other connection for getting in from remote [19:14] ^^ [19:18] @weather auckland [19:18] Auckland, New Zealand: Partly Cloudy ☁ 73°F (22°C), Humidity: 64%, Wind: From the ENE at 3.0 MPH Gusting to 8.0 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.943710,174.771622 or re-request this with: @weather -v auckland [19:30] note to self. Do not reboot boxes when drunk :) [19:34] "best" mistake i've seen someone do like that [19:34] That's what she said!! [19:35] I have 14 servers around the globe with quagga. I have ONE refusing to reuse saved config for quagga its the arp server.. It sucks.. better fix it some day [19:36] clusterssh session with two netapps [19:36] one in the process of being decom'd and the other taking its place [19:36] vol destroy. on both filers. [19:36] at that time its good to know the backups are tested and working. [19:44] eek [19:44] this is why i like undo functionality [19:45] 14 servers around the globe with quagga is brave [19:45] 4 servers with quagga is brave [19:45] good chance 1 of them has issues :) [19:45] you know you want to start the migration to bird :) [19:45] but on a serious note, i found with quagga if you use the central config file it's more reliable than using bgp, ospf etc configs. [19:46] i used to have random problems with quagga/zebra crashing and so forth, and it'd leave all these routes in the routing table [19:49] haha they are rocksolid stable.. been running quagga for the last 15 years almost [19:50] but been using cisco also.. but went back to quagga. [19:50] curious [19:50] how come you have stability [19:50] did you ever try using ospf with quagga? [19:50] yeah.. but I dont need ospf on local nodes just exporting 1 /24 for anycast. [19:50] oh [19:50] so you don't have route tables in there [19:50] and my core routers talk bgp between so no need [19:50] yeah 0/0 :) [19:51] maybe that's why you have stability :) [19:51] yeah.. [19:51] but I tell you.. ipv6 and quagga sucks very much I just HATE it [19:51] going to openbgpd was so amazing [19:51] That's what she said!! [19:51] and i had no-one to tell haha [19:51] yeah we do openbgp for our netnod and ix routers in general [19:51] most people don't even know what bgp is [19:51] but I like quagga [19:52] i like bird's performance [19:52] but i prefer openbgpd's config [19:53] I like cisco style.. [19:53] easier.. [20:10] think with just a /24 anything is easy [20:25] yeah but those are the anycast nodes.. my normal routers have plenty more networks :) and multiple 10g connections.. [20:25] and traffic do flow very good when even over 5gig on one box :) [21:01] *** jbergstroem has quit IRC (Remote host closed the connection) [21:02] *** jbergstroem has joined #arpnetworks