[02:01] it doesn't bind to anything by deafult [02:01] oph [02:01] use openntpd [07:08] m0unds: loving weechat here [07:11] http://www.phluxbox.com/img/vohgi4.png [07:12] using tmux too? [07:13] or is that your window mgr or whatever? [07:13] m0unds: tmux [07:14] m0unds: I actually have a session over there using tmux -2 -S/var/tmp/tmux-rightmain.sock, I then split that window (^-b-") and run two more tmux instances [07:14] That looks like a Gentoo box. [07:14] mike-burns: it is :P [07:14] Bam! [07:15] m0unds: by doing that, and using different bindings specified in an alternative config file (~/.tmux2.conf) I can have two completely separate terminals over there [07:15] ah, ok [07:15] (even though they're in one container) [07:16] mike-burns: You must've seen my eix-sync doing its thing over there [07:16] right [07:16] *** heavysixer has joined #arpnetworks [07:16] *** ChanServ sets mode: +o heavysixer [07:16] *** heavysixer has quit IRC (Remote host closed the connection) [07:17] phlux: that was the only thing that did _not_ tip me off! [07:17] The colors, and the icons in the top right, were the indicator to me. [07:17] Gentoo users have better eyesight. [07:18] lol [07:18] The fontsize and leading, relatedly. [07:18] mike-burns: Are you a Gentoo user as well? [07:19] Nope. I can't see shit. [07:19] Debian on laptop, FreeBSD on server. [07:19] GNOME3 on the laptop, too. [07:24] Aye [07:24] I used to change WMs/DEs as often as I'd change socks [07:25] but ever since I discovered i3, I've stuck with it aside from some testing for other people [07:25] I've been playing this game that I found in portage last night called zsdx [07:25] It's a Zelda clone, but damn is it good so far. [07:26] Wow that looks really good. [07:26] I remember when tuxracer was the state of the art. [07:27] That or XEvil. [07:27] haha, tuxracer [07:27] I've raced Linus at a local indoor kart track [07:27] his nick there: "Tux" [07:27] so he's literally the "Tux Racer" [07:27] he kicked my ass too [07:27] is he also a penguin? [07:28] Ha. [07:28] my arms are too short to reach the steering wheel if I lean all the way back, so I have to lean forward and I don't have as solid of a grip [07:28] lol [10:19] I think I'm going to have to check out this weechat thing. [10:25] and damn, 1.93.49.226 is persistent. [10:26] ssh brute force from china? [10:29] yesterday some botnet (mostly from china) was bruteforcing some servers of mine so hard that the ssh server would accept connections anymore [10:37] haha [10:37] change your ssh port [10:38] Yamazaki-kun: it looks pretty nice. default theme is like default irssi too [10:38] i installed it but haven't had a chance to mess with it yet [10:38] that's so inconvenient, so i only do that on machines i don't login often [10:39] more inconvenient having auth logs full of shit, imo [10:39] ssh -p xxxx -l user hostname [10:39] not so hard [10:39] i'm thinking about generating firewall rules from the list of networks apnic delegated to china [10:39] and you can always set per host ports in your ~/.ssh/config [10:40] that way you don't even have to remember the -p [10:40] yep [10:40] but i have to do that on every machine i want to use... [10:40] i just use the same high 64xxx range port on my hosts [10:40] and like magic, the only login activity i see is mine [10:40] and tell all others who want to login there to... [10:41] i guess whatever works for you [10:41] it's just been my first course of action for the last like 12-13 years, changing the port [10:41] haha [10:52] My .ssh/config is in my dotfiles that I carry around with me. [10:53] At first I thought it was irssi and then I realized that you can't actually do that [10:53] yeah, that is right after my .emacs and .bashrc for dot files I really need [10:53] ssh from cn just tried root account [10:53] not much force there [10:54] Similarly for me: .vimrc and .zshrc. [10:54] I wonder what the other 113 dot files I have are for ... [10:56] .launchcoderc [10:56] I deleted that one; I never used it! [10:56] I do have a .rcrc, for managing my .*rc files. [10:57] do you have a .rcrcrc file for managing your .rcrc files? [10:57] At this point I probably should! [10:57] https://github.com/thoughtbot/rcm - I use this (disclaimer: I wrote it). [10:57] hm, so even though you have to have forwarding turned on to use jail networking, the TTL doesn't get decremented. [10:58] my jails have the same TTL as the main OS instance [10:58] I don't think I was expecting that. [10:58] http://thoughtbot.github.io/rcm/ - better docs. [11:02] *** tooth_ is now known as tooth [11:06] What do you have against pf rate-limit/fail2ban/etc? (m0unds, ant) [11:06] Noting wrong with changing the port either. [11:06] But fail2ban, or a pf rule goes a long way [11:07] i had rate limiting once, but then botnets began to use different ips for each try, so i disabled it [11:07] also i don't really care about the auth.log entries so until yesterday it didn't bother me at all [11:08] pass in on egress proto tcp to any port ssh flags S/SA keep state (max-src-conn 30, max-src-conn-rate 2/4, overload flush global) label "ssh_brute_match" [11:08] bam. [11:09] It's pretty strict, and I'm okay with that. (And no I don't bother expire entries from ssh_brute_hosts) [11:11] I just see it as a cosmetic solution. I guess it does clean up the logs, though [11:12] best way to stop Rumpelstiltkin attacks is to disable password-based authentication. [11:13] *** solj has joined #arpnetworks [11:13] Oh, and a really nice regression for FreeBSD 10: make sure you devfs_load_rulesets="YES" in /etc/rc.conf if you like your jails' devfs to be suitably barren [11:14] rc.d/jail should fail-secure if it can't find the devfs ruleset you're telling it to load. [11:14] sadly, it doesn't. [11:14] No point in jailing anything if it can still get to kmem. [11:14] I see it as more than just cosmetic. Saves resources (cpu, memory, disk space) and bandwidth. [11:15] I guess it depends how hard they're hitting you. [11:17] okay, and I just checked auth.log. Still annoying even though it's the one Chinese dude. [11:18] * Yamazaki-kun runs off to work. [11:18] That pf line is from a shell host I co-admin. We're a bit of a target ;) [11:24] i'm having trouble connecting to udp:1194 on my machine from outside arpnetworks. is there anyone here who might be able to help? [11:24] You can always help yourself :p [11:24] * solj grins [11:24] I can vouch that UDP/1194 works perfectly fine, I have a relatively large openvpn net [11:25] * solj sighs. let me try restarting it out of band then [11:25] What about in-band access, no ssh? [11:26] (As in: If you can't ssh, and you can't connect to openvpn, then yeah maybe you have bigger issues :p) [11:26] no, i can ssh to the public ip, but i have to edit hosts, etc [11:28] And for the record, "help yourself" means tcpdump [11:28] *** xiphias_ has joined #arpnetworks [11:28] *** xiphias has quit IRC (Read error: Connection reset by peer) [11:42] But OpenVPN fails? Anything useful in the logs? [11:48] brycec: yeah, but now it's working again [11:49] TLS Error: Unroutable control packet received from [AF_INET]REDACTED:1194 (si=3 op=P_ACK_V1) [11:49] was what was happening [11:53] brycec: the interesting part was that it was working for other nodes at arp [12:19] brycec: i prefer a log that isn't full of stuff, so i change the port and rate limit :) [12:19] good m0unds [15:08] *** NiTeMaRe has quit IRC (Ping timeout: 265 seconds) [15:10] *** NiTeMaRe has joined #arpnetworks [15:12] *** xiphias_ has quit IRC (Ping timeout: 265 seconds) [15:13] *** xiphias has joined #arpnetworks [15:13] *** xiphias has quit IRC (Changing host) [15:13] *** xiphias has joined #arpnetworks [16:38] "There have been no allocations made from this [16:38] block as of yet, however, once we do begin issuing from this block, the [16:38] minimum allocation size for this /10 will be a /28 and the maximum [16:38] allocation size will be a /24. [16:38] " [16:39] wut? ARIN is going to start issuing /28s?? [16:39] yep [16:39] it has begun [16:40] http://thylaa.tumblr.com/post/69207958886/more [16:42] lol [16:46] man, i'm all out of stuff to do [17:09] http://arstechnica.com/tech-policy/2014/01/att-plan-to-shut-off-public-switched-telephone-network-moves-ahead-at-fcc/ [17:09] Ars Technica: "AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC" [18:36] up_the_irons: scary :) [18:36] i actually like it in a way [18:37] apnic are giving people /22s [18:37] for people without existing allocations [18:37] or who haven't made their final allocation [18:37] a lot of peopel can suffice on a /26 [18:39] that said i woudlnt' want to have smaller than a /24 [18:39] i bet there's people filtering on /24 with no default [18:40] and so unless someone is going to advertise the greater /10 and provide backup routing it sounds dangerous [18:43] apparently there are some 512k bgp prefix limits lying around [18:43] currently global routing table is about 465k (k being 1024 with both) [18:44] so even 10% more routes could run into issues on some platforms soon [18:48] yea, there's a lot of old stuff barely hanging on [18:56] *** rgouveia has quit IRC (Ping timeout: 265 seconds) [18:57] *** rgouveia has joined #arpnetworks [19:30] *** r0ni has joined #arpnetworks [20:02] *** m0unds has quit IRC (Quit: let's try weechat) [20:02] *** m0unds has joined #arpnetworks [20:10] *** m0unds has quit IRC (Quit: whoops) [20:11] *** m0unds has joined #arpnetworks [20:32] huh, weechat is pretty nice [21:19] *** r0ni has quit IRC (Quit: Textual IRC Client: www.textualapp.com) [22:24] yeah [22:24] it is