↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
*** | fink has quit IRC (Quit: fink) | [00:45] |
......................... (idle for 2h0mn) | ||
mhoran3 has joined #arpnetworks
ChanServ sets mode: +o mhoran3 mhoran2 has quit IRC (Ping timeout: 260 seconds) meingtsla has quit IRC (Ping timeout: 260 seconds) | [02:45] | |
meingtsla has joined #arpnetworks | [02:50] | |
..... (idle for 20mn) | ||
first2know has joined #arpnetworks | [03:10] | |
................................ (idle for 2h36mn) | ||
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [05:46] | |
.... (idle for 18mn) | ||
heavysixer has quit IRC (Quit: heavysixer) | [06:04] | |
...... (idle for 26mn) | ||
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [06:30] | |
....... (idle for 31mn) | ||
heavysixer has quit IRC (Quit: heavysixer) | [07:01] | |
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [07:13] | |
heavysixer has quit IRC (Quit: heavysixer) | [07:25] | |
......... (idle for 41mn) | ||
fink has joined #arpnetworks | [08:06] | |
.... (idle for 19mn) | ||
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [08:25] | |
heavysixer has quit IRC (Ping timeout: 245 seconds) | [08:30] | |
................ (idle for 1h17mn) | ||
fink has quit IRC (Ping timeout: 246 seconds)
fink has joined #arpnetworks | [09:47] | |
...................... (idle for 1h49mn) | ||
HighJinx has quit IRC (Ping timeout: 256 seconds) | [11:40] | |
HighJinx has joined #arpnetworks | [11:45] | |
........... (idle for 52mn) | ||
first2know has quit IRC (Ping timeout: 256 seconds) | [12:37] | |
................ (idle for 1h16mn) | ||
knigma-m has joined #arpnetworks | [13:53] | |
knigma-m | Hi - been running a VM for a while and everytime I reboot it I find I cannot connect to it again from my laptop for a while. Playing with tcpdump it looks like my outgoing TCP SYNs are not making it to my VM after a reboot. Is there some sort of firewall between my VM and the Internet that could be causing a problem? | [13:55] |
robonerd | hm good question | [14:00] |
knigma-m | essentally after a reboot ssh access via TCP port 22 seems down from my laptop for ~25 minutes, but from other IPs it's ok
and ping works my laptop ssh client will have been trying to reconnect every few seconds during the reboot; I wonder if it's tickling some protection I'm not aware of it also seems tcp port specific - so far only affecting port 22 SYNs to other TCP ports get through | [14:01] |
CaZe | Highly doubtful. | [14:06] |
knigma-m | doubtful perhaps; but something is blocking my SYNs and it's not the OS on the VM sfaict
this time it took 5 minutes for them to get through after a reboot so essentially I have to wait 5-25 minutes after a reboot before I can reconnect ideas welcome - if anyone can think of anything else that might cause this behaviour | [14:07] |
sdkmvx | knigma-m, why is your laptop constantly trying to connect while its off? | [14:09] |
knigma-m | just what my Windows ssh client does - keep retrying since it's configured to be a persistent connection
...never caused a problem before means the ssh connection is re-established every time I switch networks or suspend/resume I've no *evidence* that's triggering the issue; I just cannot think of another explanation | [14:10] |
sdkmvx | perhaps turning it off and seeing whether it still blocks connections after a reboot will give more information. | [14:12] |
knigma-m | ok - I'll do that now ;)
yes - was able to re-connect first time if I allowed a reboot to complete first. Can anyone confirm that there *is* some sort of firewall in front of my VM that would explain this behaviour? | [14:12] |
robonerd | seems to be. this would be good to know | [14:15] |
knigma-m | ...perhaps trying to protect against port scans or random IP searching | [14:15] |
robonerd | that is question 1. question 2 would be if your client supports reconnect throttling | [14:16] |
knigma-m | q2. No, sadly not. I guess it waits for a TCP connection timeout and once it gets that retries immediately.
I'm fine with it if I can explain it - just I haven't seen any documentation that explains there's a firewall in front of my VM. ...so I spent ages assuming is was somethign screwed up on my laptop perhaps it looks like a SYN flood, but it really shouldn't that that aggresive, Windows doesn't send that many SYNs. | [14:16] |
ant | knigma-m: there is some kind of filtering to prevent ssh brute force | [14:25] |
robonerd | seems quite aggressive if it's preventing persistent connection clients | [14:25] |
knigma-m | ok - thanks; I can live with that - just seems a little too sensitive | [14:25] |
robonerd | yes
i agree any way we can have that throttled down in sensitivity somewhat? | [14:25] |
knigma-m | it's just one persistent client - so I guess only a SYN a second | [14:26] |
ant | ha, found it: http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=ssh+syn&action=search&error=0 | [14:33] |
robonerd | it should be higher
like more than 60 in 1 minute, not 10 | [14:34] |
knigma-m | thanks - good - problem understood - that's kina crazy low though | [14:34] |
robonerd | no brute force will be effective at only 1 per second
brute force begins at 10+/sec imo | [14:34] |
ant | i have seen ssh brute force at much lower rates... | [14:37] |
knigma-m | running a quick test; a few successful ssh connections also trips the filter, so it's not resistricted to unsuccessful attempts
just "ssh x.y.z ls" a few times trips it | [14:37] |
ant | no it just counts syns | [14:38] |
knigma-m | but a relatively short break from SYNs seems to remove the filter; so my problem is that my ssh client never takes a break | [14:39] |
ant | to only count unsuccessful attempts the rate limiting would need to happen on the host not on some router in between | [14:39] |
knigma-m | yep - would require a stateful rule; ok well at least I know it's not my end that's broken - thanks for the input | [14:40] |
ant | err, host is ambigous. i mean the ssh server, i.e. the vps | [14:40] |
knigma-m | the "rule" only blocks SYNs, once existing TCP connections from the same IP aren't impacted | [14:42] |
ant | well, that would be very bad... | [14:43] |
robonerd | :) | [14:43] |
ant | like typing to fast and get disconnected... | [14:43] |
knigma-m | lol | [14:44] |
robonerd | :P
i need to make that a t shirt; "I type so fast my firewall's TCP throttle rate is exceeded" | [14:44] |
*** | knigma-m_ has joined #arpnetworks
knigma-m has quit IRC (Read error: Connection reset by peer) knigma-m_ is now known as knigma-m | [14:47] |
..... (idle for 20mn) | ||
knigma-m_ has joined #arpnetworks
knigma-m has quit IRC (Read error: Connection reset by peer) | [15:09] | |
........ (idle for 35mn) | ||
knigma-m_ is now known as knigma-m | [15:44] | |
......................................... (idle for 3h24mn) | ||
fink has quit IRC (Quit: fink) | [19:08] | |
fink has joined #arpnetworks | [19:20] | |
.......................... (idle for 2h6mn) | ||
fink has quit IRC (Quit: fink) | [21:26] | |
................... (idle for 1h32mn) | ||
up_the_irons2 | that would indeed be a good tshirt | [22:58] |
..... (idle for 20mn) | ||
brycec | oh hey it's another up_the_irons2 | [23:18] |
up_the_irons | migrating to latest weechat and bitlbee, so i have two servers runnin' at the moment
anyone have a way to get better 256 color support in weechat 4? i mean, i have it doing 256 colors, but *by default*, it only defines like 20 of them... you can define others, but i'd rather not have to do it all on my own ;) | [23:19] |
brycec | up_the_irons/up_the_irons2: After the earlier discussion, I went looking through the FAQ but there's no mention that ARP has any firewalling. I think this really ought to be published, eg "we don't firewall anything except..." | [23:20] |
up_the_irons | i tend to agree | [23:20] |
brycec | brycec was under the impression that there was absolutely no firewalling | [23:20] |
mnathani | Then there is the outbound UDP ratelimiting as well | [23:29] |
brycec | oh is there? any specific ports? | [23:30] |
brachiation | are you cheating on irssi?
poor irrsula... | [23:34] |
brycec | brachiation: up_the_irons has run weechat for as long as I can remember, and even longer according to the logs :p | [23:36] |
brachiation | i could have sworn it was irssi... i like irssi myself. | [23:37] |
brycec | I'm happy with irssi. I've tried weechat, and have no complaints really... I'm just entrenched in irssi nowadays | [23:37] |
brachiation | the default weechat theme reminds me of a circus. | [23:38] |
mike-burns | The /clown_act command is my favorite part, though the /lion_tamer bit is fun too. | [23:39] |
*** | first2know has joined #arpnetworks | [23:41] |
brachiation | i like how they gzip all those clowns in the carball. | [23:42] |
robonerd | brycec i agree, it should be explicit somewhere
docs! | [23:43] |
up_the_irons | brachiation: nah, i've been on weechat for as long as i can remember.. was in irssi before | [23:54] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |