it doesn't bind to anything by deafult oph use openntpd m0unds: loving weechat here http://www.phluxbox.com/img/vohgi4.png using tmux too? or is that your window mgr or whatever? m0unds: tmux m0unds: I actually have a session over there using tmux -2 -S/var/tmp/tmux-rightmain.sock, I then split that window (^-b-") and run two more tmux instances That looks like a Gentoo box. mike-burns: it is :P Bam! m0unds: by doing that, and using different bindings specified in an alternative config file (~/.tmux2.conf) I can have two completely separate terminals over there ah, ok (even though they're in one container) mike-burns: You must've seen my eix-sync doing its thing over there right phlux: that was the only thing that did _not_ tip me off! The colors, and the icons in the top right, were the indicator to me. Gentoo users have better eyesight. lol The fontsize and leading, relatedly. mike-burns: Are you a Gentoo user as well? Nope. I can't see shit. Debian on laptop, FreeBSD on server. GNOME3 on the laptop, too. Aye I used to change WMs/DEs as often as I'd change socks but ever since I discovered i3, I've stuck with it aside from some testing for other people I've been playing this game that I found in portage last night called zsdx It's a Zelda clone, but damn is it good so far. Wow that looks really good. I remember when tuxracer was the state of the art. That or XEvil. haha, tuxracer I've raced Linus at a local indoor kart track his nick there: "Tux" so he's literally the "Tux Racer" he kicked my ass too is he also a penguin? Ha. my arms are too short to reach the steering wheel if I lean all the way back, so I have to lean forward and I don't have as solid of a grip lol I think I'm going to have to check out this weechat thing. and damn, 1.93.49.226 is persistent. ssh brute force from china? yesterday some botnet (mostly from china) was bruteforcing some servers of mine so hard that the ssh server would accept connections anymore haha change your ssh port Yamazaki-kun: it looks pretty nice. default theme is like default irssi too i installed it but haven't had a chance to mess with it yet that's so inconvenient, so i only do that on machines i don't login often more inconvenient having auth logs full of shit, imo ssh -p xxxx -l user hostname not so hard i'm thinking about generating firewall rules from the list of networks apnic delegated to china and you can always set per host ports in your ~/.ssh/config that way you don't even have to remember the -p yep but i have to do that on every machine i want to use... i just use the same high 64xxx range port on my hosts and like magic, the only login activity i see is mine and tell all others who want to login there to... i guess whatever works for you it's just been my first course of action for the last like 12-13 years, changing the port haha My .ssh/config is in my dotfiles that I carry around with me. At first I thought it was irssi and then I realized that you can't actually do that yeah, that is right after my .emacs and .bashrc for dot files I really need ssh from cn just tried root account not much force there Similarly for me: .vimrc and .zshrc. I wonder what the other 113 dot files I have are for ... .launchcoderc I deleted that one; I never used it! I do have a .rcrc, for managing my .*rc files. do you have a .rcrcrc file for managing your .rcrc files? At this point I probably should! https://github.com/thoughtbot/rcm - I use this (disclaimer: I wrote it). hm, so even though you have to have forwarding turned on to use jail networking, the TTL doesn't get decremented. my jails have the same TTL as the main OS instance I don't think I was expecting that. http://thoughtbot.github.io/rcm/ - better docs. What do you have against pf rate-limit/fail2ban/etc? (m0unds, ant) Noting wrong with changing the port either. But fail2ban, or a pf rule goes a long way i had rate limiting once, but then botnets began to use different ips for each try, so i disabled it also i don't really care about the auth.log entries so until yesterday it didn't bother me at all pass in on egress proto tcp to any port ssh flags S/SA keep state (max-src-conn 30, max-src-conn-rate 2/4, overload flush global) label "ssh_brute_match" bam. It's pretty strict, and I'm okay with that. (And no I don't bother expire entries from ssh_brute_hosts) I just see it as a cosmetic solution. I guess it does clean up the logs, though best way to stop Rumpelstiltkin attacks is to disable password-based authentication. Oh, and a really nice regression for FreeBSD 10: make sure you devfs_load_rulesets="YES" in /etc/rc.conf if you like your jails' devfs to be suitably barren rc.d/jail should fail-secure if it can't find the devfs ruleset you're telling it to load. sadly, it doesn't. No point in jailing anything if it can still get to kmem. I see it as more than just cosmetic. Saves resources (cpu, memory, disk space) and bandwidth. I guess it depends how hard they're hitting you. okay, and I just checked auth.log. Still annoying even though it's the one Chinese dude. That pf line is from a shell host I co-admin. We're a bit of a target ;) i'm having trouble connecting to udp:1194 on my machine from outside arpnetworks. is there anyone here who might be able to help? You can always help yourself :p I can vouch that UDP/1194 works perfectly fine, I have a relatively large openvpn net What about in-band access, no ssh? (As in: If you can't ssh, and you can't connect to openvpn, then yeah maybe you have bigger issues :p) no, i can ssh to the public ip, but i have to edit hosts, etc And for the record, "help yourself" means tcpdump But OpenVPN fails? Anything useful in the logs? brycec: yeah, but now it's working again TLS Error: Unroutable control packet received from [AF_INET]REDACTED:1194 (si=3 op=P_ACK_V1) was what was happening brycec: the interesting part was that it was working for other nodes at arp brycec: i prefer a log that isn't full of stuff, so i change the port and rate limit :) good m0unds "There have been no allocations made from this block as of yet, however, once we do begin issuing from this block, the minimum allocation size for this /10 will be a /28 and the maximum allocation size will be a /24. " wut? ARIN is going to start issuing /28s?? yep it has begun http://thylaa.tumblr.com/post/69207958886/more lol man, i'm all out of stuff to do http://arstechnica.com/tech-policy/2014/01/att-plan-to-shut-off-public-switched-telephone-network-moves-ahead-at-fcc/ Ars Technica: "AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC" up_the_irons: scary :) i actually like it in a way apnic are giving people /22s for people without existing allocations or who haven't made their final allocation a lot of peopel can suffice on a /26 that said i woudlnt' want to have smaller than a /24 i bet there's people filtering on /24 with no default and so unless someone is going to advertise the greater /10 and provide backup routing it sounds dangerous apparently there are some 512k bgp prefix limits lying around currently global routing table is about 465k (k being 1024 with both) so even 10% more routes could run into issues on some platforms soon yea, there's a lot of old stuff barely hanging on huh, weechat is pretty nice yeah it is