#arpnetworks 2013-08-25,Sun

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***fink has quit IRC (Quit: fink) [00:45]
......................... (idle for 2h0mn)
mhoran3 has joined #arpnetworks
ChanServ sets mode: +o mhoran3
mhoran2 has quit IRC (Ping timeout: 260 seconds)
meingtsla has quit IRC (Ping timeout: 260 seconds)
[02:45]
meingtsla has joined #arpnetworks [02:50]
..... (idle for 20mn)
first2know has joined #arpnetworks [03:10]
................................ (idle for 2h36mn)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
[05:46]
.... (idle for 18mn)
heavysixer has quit IRC (Quit: heavysixer) [06:04]
...... (idle for 26mn)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
[06:30]
....... (idle for 31mn)
heavysixer has quit IRC (Quit: heavysixer) [07:01]
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
[07:13]
heavysixer has quit IRC (Quit: heavysixer) [07:25]
......... (idle for 41mn)
fink has joined #arpnetworks [08:06]
.... (idle for 19mn)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
[08:25]
heavysixer has quit IRC (Ping timeout: 245 seconds) [08:30]
................ (idle for 1h17mn)
fink has quit IRC (Ping timeout: 246 seconds)
fink has joined #arpnetworks
[09:47]
...................... (idle for 1h49mn)
HighJinx has quit IRC (Ping timeout: 256 seconds) [11:40]
HighJinx has joined #arpnetworks [11:45]
........... (idle for 52mn)
first2know has quit IRC (Ping timeout: 256 seconds) [12:37]
................ (idle for 1h16mn)
knigma-m has joined #arpnetworks [13:53]
knigma-mHi - been running a VM for a while and everytime I reboot it I find I cannot connect to it again from my laptop for a while. Playing with tcpdump it looks like my outgoing TCP SYNs are not making it to my VM after a reboot. Is there some sort of firewall between my VM and the Internet that could be causing a problem? [13:55]
robonerdhm good question [14:00]
knigma-messentally after a reboot ssh access via TCP port 22 seems down from my laptop for ~25 minutes, but from other IPs it's ok
and ping works
my laptop ssh client will have been trying to reconnect every few seconds during the reboot; I wonder if it's tickling some protection I'm not aware of
it also seems tcp port specific - so far only affecting port 22
SYNs to other TCP ports get through
[14:01]
CaZeHighly doubtful. [14:06]
knigma-mdoubtful perhaps; but something is blocking my SYNs and it's not the OS on the VM sfaict
this time it took 5 minutes for them to get through after a reboot
so essentially I have to wait 5-25 minutes after a reboot before I can reconnect
ideas welcome - if anyone can think of anything else that might cause this behaviour
[14:07]
sdkmvxknigma-m, why is your laptop constantly trying to connect while its off? [14:09]
knigma-mjust what my Windows ssh client does - keep retrying since it's configured to be a persistent connection
...never caused a problem before
means the ssh connection is re-established every time I switch networks or suspend/resume
I've no *evidence* that's triggering the issue; I just cannot think of another explanation
[14:10]
sdkmvxperhaps turning it off and seeing whether it still blocks connections after a reboot will give more information. [14:12]
knigma-mok - I'll do that now ;)
yes - was able to re-connect first time if I allowed a reboot to complete first. Can anyone confirm that there *is* some sort of firewall in front of my VM that would explain this behaviour?
[14:12]
robonerdseems to be. this would be good to know [14:15]
knigma-m...perhaps trying to protect against port scans or random IP searching [14:15]
robonerdthat is question 1. question 2 would be if your client supports reconnect throttling [14:16]
knigma-mq2. No, sadly not. I guess it waits for a TCP connection timeout and once it gets that retries immediately.
I'm fine with it if I can explain it - just I haven't seen any documentation that explains there's a firewall in front of my VM.
...so I spent ages assuming is was somethign screwed up on my laptop
perhaps it looks like a SYN flood, but it really shouldn't that that aggresive, Windows doesn't send that many SYNs.
[14:16]
antknigma-m: there is some kind of filtering to prevent ssh brute force [14:25]
robonerdseems quite aggressive if it's preventing persistent connection clients [14:25]
knigma-mok - thanks; I can live with that - just seems a little too sensitive [14:25]
robonerdyes
i agree
any way we can have that throttled down in sensitivity somewhat?
[14:25]
knigma-mit's just one persistent client - so I guess only a SYN a second [14:26]
antha, found it: http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=ssh+syn&action=search&error=0 [14:33]
robonerdit should be higher
like more than 60 in 1 minute, not 10
[14:34]
knigma-mthanks - good - problem understood - that's kina crazy low though [14:34]
robonerdno brute force will be effective at only 1 per second
brute force begins at 10+/sec imo
[14:34]
anti have seen ssh brute force at much lower rates... [14:37]
knigma-mrunning a quick test; a few successful ssh connections also trips the filter, so it's not resistricted to unsuccessful attempts
just "ssh x.y.z ls" a few times trips it
[14:37]
antno it just counts syns [14:38]
knigma-mbut a relatively short break from SYNs seems to remove the filter; so my problem is that my ssh client never takes a break [14:39]
antto only count unsuccessful attempts the rate limiting would need to happen on the host not on some router in between [14:39]
knigma-myep - would require a stateful rule; ok well at least I know it's not my end that's broken - thanks for the input [14:40]
anterr, host is ambigous. i mean the ssh server, i.e. the vps [14:40]
knigma-mthe "rule" only blocks SYNs, once existing TCP connections from the same IP aren't impacted [14:42]
antwell, that would be very bad... [14:43]
robonerd:) [14:43]
antlike typing to fast and get disconnected... [14:43]
knigma-mlol [14:44]
robonerd:P
i need to make that a t shirt; "I type so fast my firewall's TCP throttle rate is exceeded"
[14:44]
***knigma-m_ has joined #arpnetworks
knigma-m has quit IRC (Read error: Connection reset by peer)
knigma-m_ is now known as knigma-m
[14:47]
..... (idle for 20mn)
knigma-m_ has joined #arpnetworks
knigma-m has quit IRC (Read error: Connection reset by peer)
[15:09]
........ (idle for 35mn)
knigma-m_ is now known as knigma-m [15:44]
......................................... (idle for 3h24mn)
fink has quit IRC (Quit: fink) [19:08]
fink has joined #arpnetworks [19:20]
.......................... (idle for 2h6mn)
fink has quit IRC (Quit: fink) [21:26]
................... (idle for 1h32mn)
up_the_irons2that would indeed be a good tshirt [22:58]
..... (idle for 20mn)
brycecoh hey it's another up_the_irons2 [23:18]
up_the_ironsmigrating to latest weechat and bitlbee, so i have two servers runnin' at the moment
anyone have a way to get better 256 color support in weechat 4? i mean, i have it doing 256 colors, but *by default*, it only defines like 20 of them... you can define others, but i'd rather not have to do it all on my own ;)
[23:19]
brycecup_the_irons/up_the_irons2: After the earlier discussion, I went looking through the FAQ but there's no mention that ARP has any firewalling. I think this really ought to be published, eg "we don't firewall anything except..." [23:20]
up_the_ironsi tend to agree [23:20]
brycecbrycec was under the impression that there was absolutely no firewalling [23:20]
mnathaniThen there is the outbound UDP ratelimiting as well [23:29]
brycecoh is there? any specific ports? [23:30]
brachiationare you cheating on irssi?
poor irrsula...
[23:34]
brycecbrachiation: up_the_irons has run weechat for as long as I can remember, and even longer according to the logs :p [23:36]
brachiationi could have sworn it was irssi... i like irssi myself. [23:37]
brycecI'm happy with irssi. I've tried weechat, and have no complaints really... I'm just entrenched in irssi nowadays [23:37]
brachiationthe default weechat theme reminds me of a circus. [23:38]
mike-burnsThe /clown_act command is my favorite part, though the /lion_tamer bit is fun too. [23:39]
***first2know has joined #arpnetworks [23:41]
brachiationi like how they gzip all those clowns in the carball. [23:42]
robonerdbrycec i agree, it should be explicit somewhere
docs!
[23:43]
up_the_ironsbrachiation: nah, i've been on weechat for as long as i can remember.. was in irssi before [23:54]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)