[01:27] *** frots has joined #arpnetworks
[01:48] <up_the_irons> mercutio: yeah, i can't type all those letters with both shift keys pressed
[01:49] <frots> bad keyboard
[01:50] <up_the_irons> brycec: our router won't let traffic leave that is not from the vlan subnet; so no spoofing
[01:50] <brycec> up_the_irons: yeah I figured.
[01:51] <up_the_irons> mercutio: any request dns attacks?
[01:51] <brycec> but user said that traffic was leaving with the proper (vlan) ip
[01:51] <brycec> *shrug*
[01:53] <up_the_irons> mnathani: yes, i believe so.  my *.arpnetworks.com wildcard cert is on different servers.
[01:54] <up_the_irons> brycec: yeah, *shrug*
[01:54] <up_the_irons> something wrong on his setup, b/c we use OpenVPN ourselves and many other customers do as well
[01:54] <brycec> I do too
[01:55] <up_the_irons> cool
[02:02] <mercutio> up_the_irons: host -t any arpnetworks.com 4.2.2.2
[02:02] <mercutio> type attacks
[02:03] <mercutio> what they do is find open recursive servers and spam them with any requests for legitimate domains
[02:03] *** userZero has quit IRC (Remote host closed the connection)
[02:03] <mercutio> the recursive servers then keep hitting you again and again with any request for a valid domain name hitting authorative server
[02:03] *** userZero has joined #arpnetworks
[02:03] <mercutio> luckly, it seemed to stop, and not last too long
[02:05] <mercutio> he may not have been natting his vpn trafic
[02:06] <mercutio> up_the_irons: ... well i've started shifting to blocking all port 53 unless needed to somewhere
[02:06] <mercutio> i've generally been of the limited firewall mindset.
[02:06] <mercutio> ie "allow most things, don't get in the way constantl"
[02:06] <mercutio> y
[02:07] <mercutio> that said i also block port 445 :)
[02:07] <mercutio> as soon as you're forwarding for lots of addresses though, constant port hits show up a bit more
[02:07] <up_the_irons> mercutio: yeah we can't block port 53 on our dns cuz that's in heavy use :)
[02:08] <mercutio> up_the_irons: yeh, i understand, i'm running dns on vm myself :)
[02:08] <mercutio> in multiple locations mind you.
[02:08] <mercutio> up_the_irons: do you block unused ips?
[02:09] <mercutio> wee
[02:09] <mercutio> tracing to 174.136.111.255 loops for instance
[02:09] <mercutio> that being a broadcast address normally...
[02:10] <mercutio> cos like when ip probes hit... things like that can loop a bit too
[02:11] <up_the_irons> mercutio: no blocking for unused IPs
[02:16] *** frots has left "WeeChat 0.3.9.2"
[02:22] <mercutio> it was only 2 megabit or something of traffic about 12 hours ago or so
[02:22] <mercutio> for a few hours
[02:22] <mercutio> but sustained
[02:23] <mercutio> but that could add up, if it lasted a long time
[02:24] <mercutio> but for some reason, if your domain get included it'll get hit reasonably often over tiem from random ips.
[02:25] <mercutio> and any requests are meant to give more response than how much data sent
[02:25] <mercutio> i think they're spoofing and trying to hit the pesron doing the query
[02:26] <mercutio> err that it masquerades as
[05:55] *** cullum has joined #arpnetworks
[06:03] *** cullum has quit IRC (Quit: ZNC - http://znc.in)
[06:04] *** cullum has joined #arpnetworks
[08:09] *** dzup has quit IRC (Ping timeout: 260 seconds)
[08:23] *** dzup has joined #arpnetworks
[09:01] *** xxza has joined #arpnetworks
[09:08] *** xxza has quit IRC ()
[10:03] *** dj_goku has joined #arpnetworks
[11:15] *** dj_goku has quit IRC (Ping timeout: 255 seconds)
[12:02] *** dj_goku has joined #arpnetworks
[12:02] *** dj_goku has quit IRC (Changing host)
[12:02] *** dj_goku has joined #arpnetworks
[12:08] *** dj_goku has quit IRC (Ping timeout: 255 seconds)
[16:07] *** jamiej has joined #arpnetworks
[16:07] <jamiej> hello
[16:09] <jamiej> busy here, I see (!)
[16:21] <RandalSchwartz> it's quiet... too quiet. :)
[16:52] <brycec> LOUD NOISES
[16:53] <RandalSchwartz> loud?
[16:57] <brycec> LOUD!
[16:58] <RandalSchwartz> LOUD? :)
[17:00] * brycec wishes there were a super-caps
[17:02] <mercutio> super-caps?
[17:03] <RandalSchwartz> papayrus caps
[17:03] <RandalSchwartz> because... well... that font rocks
[17:21] <mercutio> never heard of it
[17:21] <mercutio> i use consolas
[18:50] <jamiej> ooooh, so my client doesn't beep on new messages it seems :-)
[18:57] <mercutio> heh
[18:57] <mercutio> that's a good thing? :)
[18:59] <jamiej> not sure yet.
[19:00] <jamiej> it may be configurable..... just waiting on my new arpnetworks vps!
[19:00] <jamiej> .... they aren't late - I'm just impatient!
[19:01] <staticsafe> :)
[19:02] <jamiej> ah well, 3.00am here, may as wel try again tomorrow
[19:02] <jamiej> good night/evening/morning whatever!
[19:02] *** jamiej has quit IRC ()
[20:13] *** Webhostbudd has joined #arpnetworks
[22:07] <brycec> lol super-caps, to be even louder than "LOUD"... somehow
[22:54] *** Lucifer7 has quit IRC (Ping timeout: 246 seconds)
[22:55] *** Lucifer7 has joined #arpnetworks