i can't help but be fascinated by the linode ddos attacks.
mercutio: why?
JC_Denton: they've been ddos'ed since xmas.
with a multi-targeted attack.
ah, yeah.  the continuing presence is pretty crazy.
i wonder who they irked.
i dunno sometimes you hear of sites getting ddosed for a day or two
but a week for a vm provider i find kind of interesting.
i also wonder how many customers they have lost
probably a few
i know a few linode users and it sounds like the support staff have been somewhat unsympathetic
it's not their fault their getting ddosd by some pricks..
JC_Denton: it's actually pretty hard to be sympathetic when you're actively dealing with issues.
JC_Denton: what often happens is someone who doesn't know what is happening so well responds to messages, while someone else deals with the problems.
and so you're left with incomplete responses, but at least some kind of response, and not tying up people dealing with the issue.
oh, i agree
but you shouldn't be snarky
oh i didn't realise they were being snarky
i actually choose ARP over Linode, because i didn't like support's unusual IPv4 space justification requests
they were getting ddosed for many days though, so there may have been some sleep deprivation involved.
heh well linode is he.net in california too.
i have my ipv6 he.net shirt ... somewhere
i actually chose lots of providers originally
it's more like who i dropped :)
but i have this weird fascination with liking to see how the internet performs from different vantage points..
which i suppose is like being fascinated with the weather in various locations around the world :)
yeah, i remember what it was.  to get additional IPv4 space, they wanted me to send them the SSL certificates i intended to use.
very weird.
oh what
and i'm like, guys, it's a /28 not some huge block
i've bounced around providers before
i think asking for justifaction for a /28 is reasonable
but don't have to get ssl certs.
stuck with slicehost for a good long while until they got absorbed
slicehost were terrible
justification, sure. but i'm not giving you certs.
they were using these amd opterons that performed very slowly
and often had disk i/o issues
they also apparently scan their customers with additional space to verify you're "using it correctly"
and i'm like, no...
heh i heard about that happening in a wide way one time.
i have never seen any proof though
i had a big enough slice that i was virtually dedicated
got in early and had really, really good pricing that was grandfathered
but lots of people are sitting on unused /24s etc
when rackspace came in, they didn't honor that deal
definitely
That's what she said!!
the thing is that lots of people are misusing /16s.
and the /16s matter so much more than the huge volume of /24s
the old ISP i used to work for would routinely sell /24s without asking
to their credit, they were really, really prompt with canning abuse
i kind of wish i got a /24 early
but you'd get old school folks who sat on their /24s
or did silly stuff
or like a /22
we had a guy who had a /24 routed to his DSL line and he gave like 10-20 of his machines public addresses
these were Windows XP machines, no less
eek
actually that was really common years ago
because dialup etc would give people direct connection
and the first adsl, cable modems and so on just gave a single computer a direction connection.
s/direction/direct/
<mercutio> and the first adsl, cable modems and so on just gave a single computer a direct connection.
on cable networks there was also often broadcast enabled
and you could sniff other computers on your lan
lots of people ran web servers etc on their cable connections too
after he got dcom'd, he asked for a custom firewall, which the company was all too happy to provide (lots of money from custom stuff and consulting)
so you could do a port scan on the cable network and find lots of web servers
ahh
heh, i run a small web server on my cable connection, but it's pretty much for my use
yeah it was popular originally
then it wasn't, and now it is a bit
i just scp stuff personally
the problem is if you get popular, you get hammered a bit
and your upload tanks
yeah
well i have cloudflare in front of mine, and still my own server
i'm not rich enough to multi-home my home connection
but i've known folks that have done it
i'm half multi-homed
usually cable + dsl, with the dsl being a backup
or it being the "server" half of the connection
ie the same addresses on two dsl connections
but i'm default routing out and have to manually change default route to change connections
and because they're both dsl, they can both go down at once
like both of them got cut a few months bakc
because people weren't sensible when digging
yeah, that manual change stuff is meh
i've got comcast and my v4 address rarely changes, but my v6 subnet will sometimes change for no apparent reason
i don't mind manual change at all for home
so i've got to finangle some configs around
mostly routing + my vpn server
i could automate it
and they terminate in two places at least
for home use i figure there's no reason to need things to instantly keep working
as long as you can fix it in a timely fashion
and i have backup route over the other connection for getting in from remote
^^
@weather auckland
Auckland, New Zealand: Partly Cloudy ☁ 73°F (22°C), Humidity: 64%, Wind: From the ENE at 3.0 MPH Gusting to 8.0 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.943710,174.771622 or re-request this with: @weather -v auckland
note to self. Do not reboot boxes when drunk :)
"best" mistake i've seen someone do like that
That's what she said!!
I have 14 servers around the globe with quagga. I have ONE refusing to reuse saved config for quagga its the arp server.. It  sucks.. better fix it some day
clusterssh session with two netapps
one in the process of being decom'd and the other taking its place
vol destroy.  on both filers.
at that time its good to know the backups are tested and working.
eek
this is why i like undo functionality
14 servers around the globe with quagga is brave
4 servers with quagga is brave
good chance 1 of them has issues :)
you know you want to start the migration to bird :)
but on a serious note, i found with quagga if you use the central config file it's more reliable than using bgp, ospf etc configs.
i used to have random problems with quagga/zebra crashing and so forth, and it'd leave all these routes in the routing table
haha they are rocksolid stable.. been running quagga for the last 15 years almost
but been using cisco also.. but went back to quagga.
curious
how come you have stability
did you ever try using ospf with quagga?
yeah.. but I dont need ospf on local nodes just exporting 1 /24 for anycast.
oh
so you don't have route tables in there
and my core routers talk bgp between so no need
yeah 0/0 :)
maybe that's why you have stability :)
yeah..
but I tell you.. ipv6 and quagga sucks very much I just HATE it
going to openbgpd was so amazing
That's what she said!!
and i had no-one to tell haha
yeah we do openbgp for our netnod and ix routers in general
most people don't even know what bgp is
but I like quagga
i like bird's performance
but i prefer openbgpd's config
I like cisco style..
easier..
think with just a /24 anything is easy
yeah but those are the anycast nodes.. my normal routers have plenty more networks :) and multiple 10g connections..
and traffic do flow very good when even over 5gig on one box :)