mercutio: oph
use openntpd phlux: m0unds: loving weechat here
http://www.phluxbox.com/img/vohgi4.png m0unds: using tmux too?
or is that your window mgr or whatever? phlux: m0unds: tmux
m0unds: I actually have a session over there using tmux -2 -S/var/tmp/tmux-rightmain.sock, I then split that window (^-b-") and run two more tmux instances mike-burns: That looks like a Gentoo box. phlux: mike-burns: it is :P mike-burns: Bam! phlux: m0unds: by doing that, and using different bindings specified in an alternative config file (~/.tmux2.conf) I can have two completely separate terminals over there m0unds: ah, ok phlux: (even though they're in one container)
mike-burns: You must've seen my eix-sync doing its thing over there m0unds: right ***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Remote host closed the connection) mike-burns: phlux: that was the only thing that did _not_ tip me off!
The colors, and the icons in the top right, were the indicator to me.
Gentoo users have better eyesight. phlux: lol mike-burns: The fontsize and leading, relatedly. phlux: mike-burns: Are you a Gentoo user as well? mike-burns: Nope. I can't see shit.
Debian on laptop, FreeBSD on server.
GNOME3 on the laptop, too. phlux: Aye
I used to change WMs/DEs as often as I'd change socks
but ever since I discovered i3, I've stuck with it aside from some testing for other people
I've been playing this game that I found in portage last night called zsdx
It's a Zelda clone, but damn is it good so far. mike-burns: Wow that looks really good.
I remember when tuxracer was the state of the art.
That or XEvil. m0unds: haha, tuxracer RandalSchwartz: I've raced Linus at a local indoor kart track
his nick there: "Tux"
so he's literally the "Tux Racer"
he kicked my ass too m0unds: is he also a penguin? mike-burns: Ha. RandalSchwartz: my arms are too short to reach the steering wheel if I lean all the way back, so I have to lean forward and I don't have as solid of a grip phlux: lol Yamazaki-kun: I think I'm going to have to check out this weechat thing.
and damn, 1.93.49.226 is persistent. ant: ssh brute force from china?
yesterday some botnet (mostly from china) was bruteforcing some servers of mine so hard that the ssh server would accept connections anymore m0unds: haha
change your ssh port
Yamazaki-kun: it looks pretty nice. default theme is like default irssi too
i installed it but haven't had a chance to mess with it yet ant: that's so inconvenient, so i only do that on machines i don't login often m0unds: more inconvenient having auth logs full of shit, imo
ssh -p xxxx -l user hostname
not so hard ant: i'm thinking about generating firewall rules from the list of networks apnic delegated to china jcv: and you can always set per host ports in your ~/.ssh/config
that way you don't even have to remember the -p m0unds: yep ant: but i have to do that on every machine i want to use... m0unds: i just use the same high 64xxx range port on my hosts
and like magic, the only login activity i see is mine ant: and tell all others who want to login there to... m0unds: i guess whatever works for you
it's just been my first course of action for the last like 12-13 years, changing the port
haha mike-burns: My .ssh/config is in my dotfiles that I carry around with me. Yamazaki-kun: At first I thought it was irssi and then I realized that you can't actually do that jcv: yeah, that is right after my .emacs and .bashrc for dot files I really need Yamazaki-kun: ssh from cn just tried root account
not much force there mike-burns: Similarly for me: .vimrc and .zshrc.
I wonder what the other 113 dot files I have are for ... m0unds: .launchcoderc mike-burns: I deleted that one; I never used it!
I do have a .rcrc, for managing my .*rc files. m0unds: do you have a .rcrcrc file for managing your .rcrc files? mike-burns: At this point I probably should!
https://github.com/thoughtbot/rcm - I use this (disclaimer: I wrote it). Yamazaki-kun: hm, so even though you have to have forwarding turned on to use jail networking, the TTL doesn't get decremented.
my jails have the same TTL as the main OS instance
I don't think I was expecting that. mike-burns: http://thoughtbot.github.io/rcm/ - better docs. ***: tooth_ is now known as tooth brycec: What do you have against pf rate-limit/fail2ban/etc? (m0unds, ant)
Noting wrong with changing the port either.
But fail2ban, or a pf rule goes a long way ant: i had rate limiting once, but then botnets began to use different ips for each try, so i disabled it
also i don't really care about the auth.log entries so until yesterday it didn't bother me at all brycec: pass in on egress proto tcp to any port ssh flags S/SA keep state (max-src-conn 30, max-src-conn-rate 2/4, overload <ssh_brute_hosts> flush global) label "ssh_brute_match"
bam.
It's pretty strict, and I'm okay with that. (And no I don't bother expire entries from ssh_brute_hosts) Yamazaki-kun: I just see it as a cosmetic solution. I guess it does clean up the logs, though
best way to stop Rumpelstiltkin attacks is to disable password-based authentication. ***: solj has joined #arpnetworks Yamazaki-kun: Oh, and a really nice regression for FreeBSD 10: make sure you devfs_load_rulesets="YES" in /etc/rc.conf if you like your jails' devfs to be suitably barren
rc.d/jail should fail-secure if it can't find the devfs ruleset you're telling it to load.
sadly, it doesn't.
No point in jailing anything if it can still get to kmem. brycec: I see it as more than just cosmetic. Saves resources (cpu, memory, disk space) and bandwidth. Yamazaki-kun: I guess it depends how hard they're hitting you.
okay, and I just checked auth.log. Still annoying even though it's the one Chinese dude. -: Yamazaki-kun runs off to work. brycec: That pf line is from a shell host I co-admin. We're a bit of a target ;) solj: i'm having trouble connecting to udp:1194 on my machine from outside arpnetworks. is there anyone here who might be able to help? brycec: You can always help yourself :p -: solj grins brycec: I can vouch that UDP/1194 works perfectly fine, I have a relatively large openvpn net -: solj sighs. let me try restarting it out of band then brycec: What about in-band access, no ssh?
(As in: If you can't ssh, and you can't connect to openvpn, then yeah maybe you have bigger issues :p) solj: no, i can ssh to the public ip, but i have to edit hosts, etc brycec: And for the record, "help yourself" means tcpdump ***: xiphias_ has joined #arpnetworks
xiphias has quit IRC (Read error: Connection reset by peer) brycec: But OpenVPN fails? Anything useful in the logs? solj: brycec: yeah, but now it's working again
TLS Error: Unroutable control packet received from [AF_INET]REDACTED:1194 (si=3 op=P_ACK_V1)
was what was happening
brycec: the interesting part was that it was working for other nodes at arp m0unds: brycec: i prefer a log that isn't full of stuff, so i change the port and rate limit :) brycec: good m0unds ***: NiTeMaRe has quit IRC (Ping timeout: 265 seconds)
NiTeMaRe has joined #arpnetworks
xiphias_ has quit IRC (Ping timeout: 265 seconds)
xiphias has joined #arpnetworks
xiphias has quit IRC (Changing host)
xiphias has joined #arpnetworks up_the_irons: "There have been no allocations made from this
block as of yet, however, once we do begin issuing from this block, the
minimum allocation size for this /10 will be a /28 and the maximum
allocation size will be a /24.
"
wut? ARIN is going to start issuing /28s?? staticsafe: yep
it has begun m0unds: http://thylaa.tumblr.com/post/69207958886/more brycec: lol m0unds: man, i'm all out of stuff to do
http://arstechnica.com/tech-policy/2014/01/att-plan-to-shut-off-public-switched-telephone-network-moves-ahead-at-fcc/ BryceBot: Ars Technica: "AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC" mercutio: up_the_irons: scary :)
i actually like it in a way
apnic are giving people /22s
for people without existing allocations
or who haven't made their final allocation
a lot of peopel can suffice on a /26
that said i woudlnt' want to have smaller than a /24
i bet there's people filtering on /24 with no default
and so unless someone is going to advertise the greater /10 and provide backup routing it sounds dangerous
apparently there are some 512k bgp prefix limits lying around
currently global routing table is about 465k (k being 1024 with both)
so even 10% more routes could run into issues on some platforms soon m0unds: yea, there's a lot of old stuff barely hanging on ***: rgouveia has quit IRC (Ping timeout: 265 seconds)
rgouveia has joined #arpnetworks
r0ni has joined #arpnetworks
m0unds has quit IRC (Quit: let's try weechat)
m0unds has joined #arpnetworks
m0unds has quit IRC (Quit: whoops)
m0unds has joined #arpnetworks m0unds: huh, weechat is pretty nice ***: r0ni has quit IRC (Quit: Textual IRC Client: www.textualapp.com) phlux: yeah
it is