| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | frots has joined #arpnetworks | [01:27] |
| ..... (idle for 21mn) | ||
| up_the_irons | mercutio: yeah, i can't type all those letters with both shift keys pressed | [01:48] |
| frots | bad keyboard | [01:49] |
| up_the_irons | brycec: our router won't let traffic leave that is not from the vlan subnet; so no spoofing | [01:50] |
| brycec | up_the_irons: yeah I figured. | [01:50] |
| up_the_irons | mercutio: any request dns attacks? | [01:51] |
| brycec | but user said that traffic was leaving with the proper (vlan) ip
*shrug* | [01:51] |
| up_the_irons | mnathani: yes, i believe so. my *.arpnetworks.com wildcard cert is on different servers.
brycec: yeah, *shrug* something wrong on his setup, b/c we use OpenVPN ourselves and many other customers do as well | [01:53] |
| brycec | I do too | [01:54] |
| up_the_irons | cool | [01:55] |
| mercutio | up_the_irons: host -t any arpnetworks.com 4.2.2.2
type attacks what they do is find open recursive servers and spam them with any requests for legitimate domains | [02:02] |
| *** | userZero has quit IRC (Remote host closed the connection) | [02:03] |
| mercutio | the recursive servers then keep hitting you again and again with any request for a valid domain name hitting authorative server | [02:03] |
| *** | userZero has joined #arpnetworks | [02:03] |
| mercutio | luckly, it seemed to stop, and not last too long
he may not have been natting his vpn trafic up_the_irons: ... well i've started shifting to blocking all port 53 unless needed to somewhere i've generally been of the limited firewall mindset. ie "allow most things, don't get in the way constantl" y that said i also block port 445 :) as soon as you're forwarding for lots of addresses though, constant port hits show up a bit more | [02:03] |
| up_the_irons | mercutio: yeah we can't block port 53 on our dns cuz that's in heavy use :) | [02:07] |
| mercutio | up_the_irons: yeh, i understand, i'm running dns on vm myself :)
in multiple locations mind you. up_the_irons: do you block unused ips? wee tracing to 174.136.111.255 loops for instance that being a broadcast address normally... cos like when ip probes hit... things like that can loop a bit too | [02:08] |
| up_the_irons | mercutio: no blocking for unused IPs | [02:11] |
| *** | frots has left "WeeChat 0.3.9.2" | [02:16] |
| mercutio | it was only 2 megabit or something of traffic about 12 hours ago or so
for a few hours but sustained but that could add up, if it lasted a long time but for some reason, if your domain get included it'll get hit reasonably often over tiem from random ips. and any requests are meant to give more response than how much data sent i think they're spoofing and trying to hit the pesron doing the query err that it masquerades as | [02:22] |
| .......................................... (idle for 3h29mn) | ||
| *** | cullum has joined #arpnetworks | [05:55] |
| cullum has quit IRC (Quit: ZNC - http://znc.in)
cullum has joined #arpnetworks | [06:03] | |
| .......................... (idle for 2h5mn) | ||
| dzup has quit IRC (Ping timeout: 260 seconds) | [08:09] | |
| dzup has joined #arpnetworks | [08:23] | |
| ........ (idle for 38mn) | ||
| xxza has joined #arpnetworks | [09:01] | |
| xxza has quit IRC () | [09:08] | |
| ............ (idle for 55mn) | ||
| dj_goku has joined #arpnetworks | [10:03] | |
| ............... (idle for 1h12mn) | ||
| dj_goku has quit IRC (Ping timeout: 255 seconds) | [11:15] | |
| .......... (idle for 47mn) | ||
| dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host) dj_goku has joined #arpnetworks | [12:02] | |
| dj_goku has quit IRC (Ping timeout: 255 seconds) | [12:08] | |
| ................................................ (idle for 3h59mn) | ||
| jamiej has joined #arpnetworks | [16:07] | |
| jamiej | hello
busy here, I see (!) | [16:07] |
| RandalSchwartz | it's quiet... too quiet. :) | [16:21] |
| ....... (idle for 31mn) | ||
| brycec | LOUD NOISES | [16:52] |
| RandalSchwartz | loud? | [16:53] |
| brycec | LOUD! | [16:57] |
| RandalSchwartz | LOUD? :) | [16:58] |
| brycec | brycec wishes there were a super-caps | [17:00] |
| mercutio | super-caps? | [17:02] |
| RandalSchwartz | papayrus caps
because... well... that font rocks | [17:03] |
| .... (idle for 18mn) | ||
| mercutio | never heard of it
i use consolas | [17:21] |
| .................. (idle for 1h29mn) | ||
| jamiej | ooooh, so my client doesn't beep on new messages it seems :-) | [18:50] |
| mercutio | heh
that's a good thing? :) | [18:57] |
| jamiej | not sure yet.
it may be configurable..... just waiting on my new arpnetworks vps! .... they aren't late - I'm just impatient! | [18:59] |
| staticsafe | :) | [19:01] |
| jamiej | ah well, 3.00am here, may as wel try again tomorrow
good night/evening/morning whatever! | [19:02] |
| *** | jamiej has quit IRC () | [19:02] |
| ............... (idle for 1h11mn) | ||
| Webhostbudd has joined #arpnetworks | [20:13] | |
| ....................... (idle for 1h54mn) | ||
| brycec | lol super-caps, to be even louder than "LOUD"... somehow | [22:07] |
| .......... (idle for 47mn) | ||
| *** | Lucifer7 has quit IRC (Ping timeout: 246 seconds)
Lucifer7 has joined #arpnetworks | [22:54] |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |