#arpnetworks 2014-01-30,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
mercutioit doesn't bind to anything by deafult
oph
use openntpd
[02:01]
.............................................................. (idle for 5h7mn)
phluxm0unds: loving weechat here
http://www.phluxbox.com/img/vohgi4.png
[07:08]
m0undsusing tmux too?
or is that your window mgr or whatever?
[07:12]
phluxm0unds: tmux
m0unds: I actually have a session over there using tmux -2 -S/var/tmp/tmux-rightmain.sock, I then split that window (^-b-") and run two more tmux instances
[07:13]
mike-burnsThat looks like a Gentoo box. [07:14]
phluxmike-burns: it is :P [07:14]
mike-burnsBam! [07:14]
phluxm0unds: by doing that, and using different bindings specified in an alternative config file (~/.tmux2.conf) I can have two completely separate terminals over there [07:15]
m0undsah, ok [07:15]
phlux(even though they're in one container)
mike-burns: You must've seen my eix-sync doing its thing over there
[07:15]
m0undsright [07:16]
***heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Remote host closed the connection)
[07:16]
mike-burnsphlux: that was the only thing that did _not_ tip me off!
The colors, and the icons in the top right, were the indicator to me.
Gentoo users have better eyesight.
[07:17]
phluxlol [07:18]
mike-burnsThe fontsize and leading, relatedly. [07:18]
phluxmike-burns: Are you a Gentoo user as well? [07:18]
mike-burnsNope. I can't see shit.
Debian on laptop, FreeBSD on server.
GNOME3 on the laptop, too.
[07:19]
phluxAye
I used to change WMs/DEs as often as I'd change socks
but ever since I discovered i3, I've stuck with it aside from some testing for other people
I've been playing this game that I found in portage last night called zsdx
It's a Zelda clone, but damn is it good so far.
[07:24]
mike-burnsWow that looks really good.
I remember when tuxracer was the state of the art.
That or XEvil.
[07:26]
m0undshaha, tuxracer [07:27]
RandalSchwartzI've raced Linus at a local indoor kart track
his nick there: "Tux"
so he's literally the "Tux Racer"
he kicked my ass too
[07:27]
m0undsis he also a penguin? [07:27]
mike-burnsHa. [07:28]
RandalSchwartzmy arms are too short to reach the steering wheel if I lean all the way back, so I have to lean forward and I don't have as solid of a grip [07:28]
phluxlol [07:28]
................................... (idle for 2h51mn)
Yamazaki-kunI think I'm going to have to check out this weechat thing. [10:19]
and damn, 1.93.49.226 is persistent. [10:25]
antssh brute force from china?
yesterday some botnet (mostly from china) was bruteforcing some servers of mine so hard that the ssh server would accept connections anymore
[10:26]
m0undshaha
change your ssh port
Yamazaki-kun: it looks pretty nice. default theme is like default irssi too
i installed it but haven't had a chance to mess with it yet
[10:37]
antthat's so inconvenient, so i only do that on machines i don't login often [10:38]
m0undsmore inconvenient having auth logs full of shit, imo
ssh -p xxxx -l user hostname
not so hard
[10:39]
anti'm thinking about generating firewall rules from the list of networks apnic delegated to china [10:39]
jcvand you can always set per host ports in your ~/.ssh/config
that way you don't even have to remember the -p
[10:39]
m0undsyep [10:40]
antbut i have to do that on every machine i want to use... [10:40]
m0undsi just use the same high 64xxx range port on my hosts
and like magic, the only login activity i see is mine
[10:40]
antand tell all others who want to login there to... [10:40]
m0undsi guess whatever works for you
it's just been my first course of action for the last like 12-13 years, changing the port
haha
[10:41]
mike-burnsMy .ssh/config is in my dotfiles that I carry around with me. [10:52]
Yamazaki-kunAt first I thought it was irssi and then I realized that you can't actually do that [10:53]
jcvyeah, that is right after my .emacs and .bashrc for dot files I really need [10:53]
Yamazaki-kunssh from cn just tried root account
not much force there
[10:53]
mike-burnsSimilarly for me: .vimrc and .zshrc.
I wonder what the other 113 dot files I have are for ...
[10:54]
m0unds.launchcoderc [10:56]
mike-burnsI deleted that one; I never used it!
I do have a .rcrc, for managing my .*rc files.
[10:56]
m0undsdo you have a .rcrcrc file for managing your .rcrc files? [10:57]
mike-burnsAt this point I probably should!
https://github.com/thoughtbot/rcm - I use this (disclaimer: I wrote it).
[10:57]
Yamazaki-kunhm, so even though you have to have forwarding turned on to use jail networking, the TTL doesn't get decremented.
my jails have the same TTL as the main OS instance
I don't think I was expecting that.
[10:57]
mike-burnshttp://thoughtbot.github.io/rcm/ - better docs. [10:58]
***tooth_ is now known as tooth [11:02]
brycecWhat do you have against pf rate-limit/fail2ban/etc? (m0unds, ant)
Noting wrong with changing the port either.
But fail2ban, or a pf rule goes a long way
[11:06]
anti had rate limiting once, but then botnets began to use different ips for each try, so i disabled it
also i don't really care about the auth.log entries so until yesterday it didn't bother me at all
[11:07]
brycecpass in on egress proto tcp to any port ssh flags S/SA keep state (max-src-conn 30, max-src-conn-rate 2/4, overload <ssh_brute_hosts> flush global) label "ssh_brute_match"
bam.
It's pretty strict, and I'm okay with that. (And no I don't bother expire entries from ssh_brute_hosts)
[11:08]
Yamazaki-kunI just see it as a cosmetic solution. I guess it does clean up the logs, though
best way to stop Rumpelstiltkin attacks is to disable password-based authentication.
[11:11]
***solj has joined #arpnetworks [11:13]
Yamazaki-kunOh, and a really nice regression for FreeBSD 10: make sure you devfs_load_rulesets="YES" in /etc/rc.conf if you like your jails' devfs to be suitably barren
rc.d/jail should fail-secure if it can't find the devfs ruleset you're telling it to load.
sadly, it doesn't.
No point in jailing anything if it can still get to kmem.
[11:13]
brycecI see it as more than just cosmetic. Saves resources (cpu, memory, disk space) and bandwidth. [11:14]
Yamazaki-kunI guess it depends how hard they're hitting you.
okay, and I just checked auth.log. Still annoying even though it's the one Chinese dude.
Yamazaki-kun runs off to work.
[11:15]
brycecThat pf line is from a shell host I co-admin. We're a bit of a target ;) [11:18]
solji'm having trouble connecting to udp:1194 on my machine from outside arpnetworks. is there anyone here who might be able to help? [11:24]
brycecYou can always help yourself :p [11:24]
soljsolj grins [11:24]
brycecI can vouch that UDP/1194 works perfectly fine, I have a relatively large openvpn net [11:24]
soljsolj sighs. let me try restarting it out of band then [11:25]
brycecWhat about in-band access, no ssh?
(As in: If you can't ssh, and you can't connect to openvpn, then yeah maybe you have bigger issues :p)
[11:25]
soljno, i can ssh to the public ip, but i have to edit hosts, etc [11:26]
brycecAnd for the record, "help yourself" means tcpdump [11:28]
***xiphias_ has joined #arpnetworks
xiphias has quit IRC (Read error: Connection reset by peer)
[11:28]
brycecBut OpenVPN fails? Anything useful in the logs? [11:42]
soljbrycec: yeah, but now it's working again
TLS Error: Unroutable control packet received from [AF_INET]REDACTED:1194 (si=3 op=P_ACK_V1)
was what was happening
brycec: the interesting part was that it was working for other nodes at arp
[11:48]
...... (idle for 26mn)
m0undsbrycec: i prefer a log that isn't full of stuff, so i change the port and rate limit :) [12:19]
brycecgood m0unds [12:19]
.................................. (idle for 2h49mn)
***NiTeMaRe has quit IRC (Ping timeout: 265 seconds)
NiTeMaRe has joined #arpnetworks
xiphias_ has quit IRC (Ping timeout: 265 seconds)
xiphias has joined #arpnetworks
xiphias has quit IRC (Changing host)
xiphias has joined #arpnetworks
[15:08]
.................. (idle for 1h25mn)
up_the_irons"There have been no allocations made from this
block as of yet, however, once we do begin issuing from this block, the
minimum allocation size for this /10 will be a /28 and the maximum
allocation size will be a /24.
"
wut? ARIN is going to start issuing /28s??
[16:38]
staticsafeyep
it has begun
[16:39]
m0undshttp://thylaa.tumblr.com/post/69207958886/more [16:40]
bryceclol [16:42]
m0undsman, i'm all out of stuff to do [16:46]
..... (idle for 23mn)
http://arstechnica.com/tech-policy/2014/01/att-plan-to-shut-off-public-switched-telephone-network-moves-ahead-at-fcc/ [17:09]
BryceBotArs Technica: "AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC" [17:09]
.................. (idle for 1h27mn)
mercutioup_the_irons: scary :)
i actually like it in a way
apnic are giving people /22s
for people without existing allocations
or who haven't made their final allocation
a lot of peopel can suffice on a /26
that said i woudlnt' want to have smaller than a /24
i bet there's people filtering on /24 with no default
and so unless someone is going to advertise the greater /10 and provide backup routing it sounds dangerous
apparently there are some 512k bgp prefix limits lying around
currently global routing table is about 465k (k being 1024 with both)
so even 10% more routes could run into issues on some platforms soon
[18:36]
m0undsyea, there's a lot of old stuff barely hanging on [18:48]
***rgouveia has quit IRC (Ping timeout: 265 seconds)
rgouveia has joined #arpnetworks
[18:56]
....... (idle for 33mn)
r0ni has joined #arpnetworks [19:30]
....... (idle for 32mn)
m0unds has quit IRC (Quit: let's try weechat)
m0unds has joined #arpnetworks
[20:02]
m0unds has quit IRC (Quit: whoops)
m0unds has joined #arpnetworks
[20:10]
..... (idle for 21mn)
m0undshuh, weechat is pretty nice [20:32]
.......... (idle for 47mn)
***r0ni has quit IRC (Quit: Textual IRC Client: www.textualapp.com) [21:19]
.............. (idle for 1h5mn)
phluxyeah
it is
[22:24]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)