***: ziyourenxiang has quit IRC (Quit: Leaving)
freekevin has quit IRC (Changing host)
freekevin has joined #arpnetworks
freekevin has quit IRC (Quit: vagina)
freekevin has joined #arpnetworks
freekevin has quit IRC (Changing host)
freekevin has joined #arpnetworks mercutio: i can't help but be fascinated by the linode ddos attacks. ***: carvite has quit IRC (Ping timeout: 250 seconds)
carvite has joined #arpnetworks JC_Denton: mercutio: why? mercutio: JC_Denton: they've been ddos'ed since xmas.
with a multi-targeted attack. JC_Denton: ah, yeah. the continuing presence is pretty crazy.
i wonder who they irked. mercutio: i dunno sometimes you hear of sites getting ddosed for a day or two
but a week for a vm provider i find kind of interesting.
i also wonder how many customers they have lost JC_Denton: probably a few
i know a few linode users and it sounds like the support staff have been somewhat unsympathetic forgotten: it's not their fault their getting ddosd by some pricks.. mercutio: JC_Denton: it's actually pretty hard to be sympathetic when you're actively dealing with issues.
JC_Denton: what often happens is someone who doesn't know what is happening so well responds to messages, while someone else deals with the problems.
and so you're left with incomplete responses, but at least some kind of response, and not tying up people dealing with the issue. JC_Denton: oh, i agree
but you shouldn't be snarky mercutio: oh i didn't realise they were being snarky JC_Denton: i actually choose ARP over Linode, because i didn't like support's unusual IPv4 space justification requests mercutio: they were getting ddosed for many days though, so there may have been some sleep deprivation involved.
heh well linode is he.net in california too. JC_Denton: i have my ipv6 he.net shirt ... somewhere mercutio: i actually chose lots of providers originally
it's more like who i dropped :)
but i have this weird fascination with liking to see how the internet performs from different vantage points..
which i suppose is like being fascinated with the weather in various locations around the world :) JC_Denton: yeah, i remember what it was. to get additional IPv4 space, they wanted me to send them the SSL certificates i intended to use.
very weird. mercutio: oh what JC_Denton: and i'm like, guys, it's a /28 not some huge block
i've bounced around providers before mercutio: i think asking for justifaction for a /28 is reasonable
but don't have to get ssl certs. JC_Denton: stuck with slicehost for a good long while until they got absorbed mercutio: slicehost were terrible JC_Denton: justification, sure. but i'm not giving you certs. mercutio: they were using these amd opterons that performed very slowly
and often had disk i/o issues JC_Denton: they also apparently scan their customers with additional space to verify you're "using it correctly"
and i'm like, no... mercutio: heh i heard about that happening in a wide way one time.
i have never seen any proof though JC_Denton: i had a big enough slice that i was virtually dedicated
got in early and had really, really good pricing that was grandfathered mercutio: but lots of people are sitting on unused /24s etc JC_Denton: when rackspace came in, they didn't honor that deal
definitely BryceBot: That's what she said!! mercutio: the thing is that lots of people are misusing /16s.
and the /16s matter so much more than the huge volume of /24s JC_Denton: the old ISP i used to work for would routinely sell /24s without asking
to their credit, they were really, really prompt with canning abuse mercutio: i kind of wish i got a /24 early JC_Denton: but you'd get old school folks who sat on their /24s
or did silly stuff mercutio: or like a /22 JC_Denton: we had a guy who had a /24 routed to his DSL line and he gave like 10-20 of his machines public addresses
these were Windows XP machines, no less mercutio: eek
actually that was really common years ago
because dialup etc would give people direct connection
and the first adsl, cable modems and so on just gave a single computer a direction connection.
s/direction/direct/ BryceBot: <mercutio> and the first adsl, cable modems and so on just gave a single computer a direct connection. mercutio: on cable networks there was also often broadcast enabled
and you could sniff other computers on your lan
lots of people ran web servers etc on their cable connections too JC_Denton: after he got dcom'd, he asked for a custom firewall, which the company was all too happy to provide (lots of money from custom stuff and consulting) mercutio: so you could do a port scan on the cable network and find lots of web servers
ahh JC_Denton: heh, i run a small web server on my cable connection, but it's pretty much for my use mercutio: yeah it was popular originally
then it wasn't, and now it is a bit
i just scp stuff personally JC_Denton: the problem is if you get popular, you get hammered a bit
and your upload tanks mercutio: yeah
well i have cloudflare in front of mine, and still my own server JC_Denton: i'm not rich enough to multi-home my home connection
but i've known folks that have done it mercutio: i'm half multi-homed JC_Denton: usually cable + dsl, with the dsl being a backup
or it being the "server" half of the connection mercutio: ie the same addresses on two dsl connections
but i'm default routing out and have to manually change default route to change connections
and because they're both dsl, they can both go down at once
like both of them got cut a few months bakc
because people weren't sensible when digging JC_Denton: yeah, that manual change stuff is meh
i've got comcast and my v4 address rarely changes, but my v6 subnet will sometimes change for no apparent reason mercutio: i don't mind manual change at all for home JC_Denton: so i've got to finangle some configs around
mostly routing + my vpn server mercutio: i could automate it
and they terminate in two places at least
for home use i figure there's no reason to need things to instantly keep working
as long as you can fix it in a timely fashion
and i have backup route over the other connection for getting in from remote JC_Denton: ^^ mercutio: @weather auckland BryceBot: Auckland, New Zealand: Partly Cloudy ☁ 73°F (22°C), Humidity: 64%, Wind: From the ENE at 3.0 MPH Gusting to 8.0 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.943710,174.771622 or re-request this with: @weather -v auckland mrsaint: note to self. Do not reboot boxes when drunk :) JC_Denton: "best" mistake i've seen someone do like that BryceBot: That's what she said!! mrsaint: I have 14 servers around the globe with quagga. I have ONE refusing to reuse saved config for quagga its the arp server.. It sucks.. better fix it some day JC_Denton: clusterssh session with two netapps
one in the process of being decom'd and the other taking its place
vol destroy. on both filers. mrsaint: at that time its good to know the backups are tested and working. mercutio: eek
this is why i like undo functionality
14 servers around the globe with quagga is brave
4 servers with quagga is brave
good chance 1 of them has issues :)
you know you want to start the migration to bird :)
but on a serious note, i found with quagga if you use the central config file it's more reliable than using bgp, ospf etc configs.
i used to have random problems with quagga/zebra crashing and so forth, and it'd leave all these routes in the routing table mrsaint: haha they are rocksolid stable.. been running quagga for the last 15 years almost
but been using cisco also.. but went back to quagga. mercutio: curious
how come you have stability
did you ever try using ospf with quagga? mrsaint: yeah.. but I dont need ospf on local nodes just exporting 1 /24 for anycast. mercutio: oh
so you don't have route tables in there mrsaint: and my core routers talk bgp between so no need
yeah 0/0 :) mercutio: maybe that's why you have stability :) mrsaint: yeah..
but I tell you.. ipv6 and quagga sucks very much I just HATE it mercutio: going to openbgpd was so amazing BryceBot: That's what she said!! mercutio: and i had no-one to tell haha mrsaint: yeah we do openbgp for our netnod and ix routers in general mercutio: most people don't even know what bgp is mrsaint: but I like quagga mercutio: i like bird's performance
but i prefer openbgpd's config mrsaint: I like cisco style..
easier.. mercutio: think with just a /24 anything is easy mrsaint: yeah but those are the anycast nodes.. my normal routers have plenty more networks :) and multiple 10g connections..
and traffic do flow very good when even over 5gig on one box :) ***: jbergstroem has quit IRC (Remote host closed the connection)
jbergstroem has joined #arpnetworks