#arpnetworks 2014-08-26,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
mnathaniI have some too
122.226.223.69 - - [17/Aug/2014:10:24:42 -0400] "GET http://www.k2proxy.com//hello.html HTTP/1.1" 404 2055
[01:00]
kevrup_the_irons: are you around? [01:02]
mnathanikevr: probably best to just ask a question if you have one and he would respond when he is around
or you could always email support@
[01:10]
***pyvpx_ is now known as pyvpx [01:25]
............................................................................ (idle for 6h16mn)
brycecmnathani: It's extremely common. Nothing to worry about if you're not an open proxy, just 2KB wasted.
Make note that many IRC networks, FreeNode included, also do a quick sweep for open proxies (to determine whether the connection is likely a spammer) and you'll see those in your logs for various services too, but they're better identified.
[07:41]
........... (idle for 51mn)
***pseudorandom has joined #arpnetworks [08:33]
........... (idle for 50mn)
mus1cboxevery time that k2 site hits me i'm gonna hit them 10x [09:23]
brycecI don't think it's k2proxy.com's fault...
At least, no guaranteed
I often see other urls requested, like google and msft
And I'm pretty sure they're not the ones crawling ;P
[09:23]
BryceBotThat's what she said!! [09:24]
staticsafeBryceBot: u wot m8 [09:24]
............................ (idle for 2h19mn)
***mus1cbox is now known as mus1cb0x [11:43]
.......... (idle for 46mn)
mnathanimnathani slaps BryceBot
mnathani slaps BryceBot around with a large trout
[12:29]
.... (idle for 15mn)
***mick_laptop has joined #arpnetworks [12:44]
mick_laptopis there a way to pass init=/bin/sh to the bootloader? I lost my password for my instance
I'm logged in, just don't have root or sudo
[12:46]
BryceBotThat's what she said!! [12:47]
antmick_laptop: you can connect to the vnc console and edit the boot command line in the bootloader when the system is booting [12:50]
mick_laptopthanks
I'll try that tonight
[12:52]
.................... (idle for 1h38mn)
***fink has joined #arpnetworks [14:30]
RandalSchwartzgetting weird connectivity
part of the weird might be I'm in ketchikan
but some sites are just popping up quick, others slow
[14:31]
mus1cb0xdo you live there RandalSchwartz? [14:32]
RandalSchwartzno... just a visitor [14:32]
mus1cb0xah
why are you there?
[14:32]
RandalSchwartzbut I'm openvpn to arp, and still getting weirdness
www.insightcruises.com/events/sa22/
even tried a few other vpn
[14:32]
BryceBotThat's what she said!! [14:34]
brycecBryceBot: no [14:34]
BryceBotOh, okay... I'm sorry. 'even tried a few other vpn' [14:34]
m0undshahaha
s/vpn/potatoes
[14:35]
BryceBot<RandalSchwartz> even tried a few other potatoes [14:35]
brycec(Wow, that "no" trained it from 97% to 11%) [14:35]
RandalSchwartzthis is the first time that mtr showed the fifth or sixth hop going through a 10.x address
I fear I'm TCP over TCP at the border of ketchikan
[14:36]
m0undsoh, alaska, cool
how's the weather up there?
[14:38]
RandalSchwartzcool. :) [14:38]
m0undsawesome
just saw 62F as the temp today - that sounds great
haha
m0unds is sick of 90+F temps
[14:38]
RandalSchwartzyeah - switched from summer coat to winter coat for today's shoreside [14:39]
m0undsneat [14:39]
RandalSchwartzI can't get to google.com from here. but I can ssh to arp. but I can't openvpn to my arp box, just a few others.
I wonder if they have screwed up BGP
but that should then still work if I openvpn to somewhere.
I don't understand this failure
I wonder if it's reverse DNS
no... host 206.223.199.52 gives a fast rever
revers
[14:40]
brycecIf you can't hit certain ports, then sounds like filtering. What's the ISP? [14:43]
RandalSchwartzI don't know that it's about certain ports
many web sites come up instantly. Many others don't.
that'd all be 80 or 443
[14:44]
brycecI was focussing on the OpenVPN, but I see where you said some work others don't
*focusing
[14:45]
RandalSchwartzmy openvpn is on udp 443
but even once I'm on a vpn that *does* work, I still get weirdness
[14:45]
brycecSo seems like the ISP (and not the Internet or ARP) is screwy [14:46]
RandalSchwartzI don't see how you come to that conclusion
if I can get *some* VPN, the local ISP can't tell what I'm doing
and yet the behavior seems similar
[14:47]
brycecJust because you got to those VPN doesn't mean your traffic isn't still traveling over that ISP [14:49]
RandalSchwartzbut the packets are opaque [14:49]
brycecI'm suggesting that the ISP has broad problems, dropping packets probably [14:49]
RandalSchwartzno... also tested that with mtr
under 2% loss
[14:49]
brycecBut >0? That sucks [14:50]
RandalSchwartzand this "curl -o /dev/null https://arpnetworks.com/100mb.bin" runs at 500kbps
KBps
well mostly 0
but I saw a few when I went to larger packets
the 10.x address in the mtr still scares me
[14:50]
brycecNothing out of the ordinary in my smokepings https://smokeping.cobryce.com/?target=ARP.ARPWebsite [14:51]
m0undsis it rural enough to be wireless or something? [14:53]
RandalSchwartzahh... I had my openvpn listening on tcp not udp
now I connect fine to arp
[14:53]
m0undsoh, that'd do it [14:53]
brycecm0unds: Well there are no roads to Anchorage, does that count as rural? :P [14:54]
RandalSchwartzbut STILL can't connect to $randomwebsite equally well [14:54]
m0undshaha, it's not rural if you're comparing anchorage to other places in AK [14:54]
RandalSchwartzketchikan is a lot smaller [14:54]
m0undsyeah, i saw it on the map [14:54]
brycecI've been to both :) [14:55]
BryceBotThat's what she said!! [14:55]
brycecBryceBot: no [14:55]
BryceBotOh, okay... I'm sorry. 'I've been to both :)' [14:55]
bryceclol [14:55]
m0undshah [14:56]
RandalSchwartzis that a new trigger?
I think it needs to default to "no", and you can say "yes" :)
[14:56]
BryceBotThat's what she said!! [14:56]
RandalSchwartzheh! [14:56]
brycecRandalSchwartz: It's actually learned, not a "trigger" [14:56]
m0undss/yes/potatoes [14:56]
BryceBot<RandalSchwartz> I think it needs to default to "no", and you can say "potatoes" :) [14:56]
brycecThere's a bayesian net behind it
Like spamassasin, but for "that's what she said"
BryceBot: no
[14:56]
BryceBotOh, okay... I'm sorry. 'I think it needs to default to "no", and you can say "yes" :)' [14:57]
brycecI love hot dogs [14:57]
RandalSchwartzYeah - I'm still just puzzled by this net issue [14:57]
brycecBryceBot: yes [14:57]
BryceBotOkay! twss! 'Yeah - I'm still just puzzled by this net issue' [14:57]
brycecBryceBot: no [14:57]
BryceBotOh, okay... I'm sorry. 'Yeah - I'm still just puzzled by this net issue' [14:57]
RandalSchwartzheh [14:57]
brycecAs you can see, there are both yes and no [14:57]
RandalSchwartz"that's what she said"
this damn net issue
my mtr to www.google.com hits my vpn, then arp, then essentially google
and yet www.google.com doesn't load
but feedly.com does essentially the same, but LOADS IMMEDIATELY.
I do NOT understand this behavior
[14:57]
m0undsare you routing everything over the vpn? [15:00]
RandalSchwartzyes
even dns
[15:00]
m0undshuh, funky [15:00]
RandalSchwartzyou're telling me! [15:00]
BryceBotThat's what she said!! [15:01]
brycecCan you curl/lynx/wget/whatever www.google.com on your vps? [15:01]
RandalSchwartzI think your bayes was a little loose
you mean on my laptop?
[15:01]
brycecRandalSchwartz: no I mean on the openvpn server
(I know, obvious things to check)
[15:01]
RandalSchwartzWell, what's weird, is it works on my laptop [15:02]
brycecFWIW my bayes requires a 97% match [15:02]
RandalSchwartzit's just safari and chrome and firefox that can't get it
chome says "establishing secure connection" then stops.
[15:02]
brycecI wonder if your browsers are trying ipv6? And can you curl google from your laptop?
(because debugging connectivity in a browser is convoluted compared to "curl -v")
[15:03]
RandalSchwartzhmm. maybe v6 interesting.
yes, google from laptop curl
both http and https
[15:04]
brycecAnd curl used v4? [15:05]
RandalSchwartzPresume so
but I have no default v6 route
[15:05]
brycecWould've been in the -v output. If curl can reach it but not browsers...
RandalSchwartz: did you curl https:// ?
[15:05]
RandalSchwartzlemme try [15:05]
brycecMight be an MTU thing [15:05]
RandalSchwartz... * Rebuilt URL to: https://www.google.com/
* Hostname was NOT found in DNS cache
* Trying 74.125.25.99...
ahh... so if I set my MTU lower somehow?
[15:06]
brycecAssuming the issue is on your computer
More likely some naughty gear along the path
[15:07]
RandalSchwartzthat wouldn't explain why some sites and not others
same opaque content either way
[15:08]
brycechttp works when https doesn't often means that the SSL cert being returned is hitting an MTU ceiling somewhere along the path [15:09]
RandalSchwartzreduced mtu from 1500 to 1400 for both wifi and tunnel
no - http doesn't work
google.com for either, no work.
at least not in browser. works in curl.
what else is browser doing? :(
[15:09]
brycecRandalSchwartz: browser is automatically switching to https because Google is on the HSTS list
(one more reason to use curl :P)
You could try http://74.125.25.99 in the browser to test, perhaps (if it doesn't provide the hsts header)
[15:10]
RandalSchwartzbrowser still paused
worked fine at command-line though
[15:11]
brycecDid the browser pause saying "establishing secure connection"?
Perhaps your browsers are trying a proxy? (grasping at straws)
Perhaps you should just reboot? :P
[15:12]
RandalSchwartzOooh... google main page came up, and still trying to "establish secure connection"
hmm. https://www.superfish.com/

what the F is that
[15:13]
brycecmalware
http://malwaretips.com/blogs/superfish-window-shopper-adware/
[15:14]
RandalSchwartzdammit.
can't get taht page either
what's the uninstall instructions
I can't even hit sfari's extensions page
[15:15]
brycecRandalSchwartz: can you access vps3.cobryce.com? I'll host a copy
(that vps is on ARP)
[15:16]
RandalSchwartzno it's probably still gonna try to hit superfish [15:16]
brycecRandalSchwartz: curl http://sprunge.us/TXIK
just a copy/paste of the text on the page
(Apparently there about 5 different places to uninstall/remove it)
Relevant https://support.mozilla.org/en-US/questions/878411 :)
"How do remove www.superfish.com permanently - it interferes whenever I open my Firefox browser ... no matter which website I wish to visit ?"
Looks like a bunch of plugins/extensions use it for ad revenue
RandalSchwartz: try starting Firefox in safe mode (without loading any extensions)
https://support.mozilla.org/en-US/questions/830223 "How did Superfish get on my PC?"
[15:17]
RandalSchwartzI can't see any of those [15:20]
BryceBotThat's what she said!! [15:20]
brycecBryceBot: no [15:21]
BryceBotOh, okay... I'm sorry. 'I can't see any of those' [15:21]
brycecEven after? │15:18:55 brycec | RandalSchwartz: try starting Firefox in safe mode (without loading any extensions) [15:21]
***sga0_ has joined #arpnetworks [15:21]
RandalSchwartzhow do you do that? [15:22]
brycecPretty sure there's a shortcut for it in the start menu [15:22]
***pjs has quit IRC (Read error: Connection reset by peer) [15:22]
brycec(sounds like you're using Windows - please correct me if I'm wrong) [15:22]
RandalSchwartz"start menu"
no - OSX
wait - neil says he's better after reboot
gonna
try that
[15:22]
brycecEither hold the Option key while starting, or /Applications/Firefox.app/Contents/MacOS/firefox-bin -safe-mode [15:23]
RandalSchwartzok - rebooted
let's see if this is still a problem
google.com seems to come up ok
in chrome. not in safari
[15:27]
***sga0__ has joined #arpnetworks
pseudodoge has joined #arpnetworks
fink has quit IRC (Read error: Connection reset by peer)
fink has joined #arpnetworks
m0unds__ has joined #arpnetworks
acf___ has joined #arpnetworks
sga0 has quit IRC (*.net *.split)
m0unds_ has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
eryc_ has joined #arpnetworks
pseudorandom has quit IRC (Ping timeout: 246 seconds)
sga0_ has quit IRC (Ping timeout: 329 seconds)
fink has quit IRC (Read error: Connection reset by peer)
fink has joined #arpnetworks
acf___ has quit IRC (Ping timeout: 240 seconds)
acf__ has quit IRC (*.net *.split)
acf__ has joined #arpnetworks
mus1cb0x has quit IRC (Ping timeout: 240 seconds)
mus1cbox has joined #arpnetworks
[15:37]
.......... (idle for 48mn)
jbergstroemRandalSchwartz: dns issues? chrome disregards some stuff like hosts afaik [16:32]
***sga0__ has quit IRC (Read error: Connection reset by peer) [16:32]
jbergstroemhad "site" issues yesterday which worked just fine in chrome but bad everywhere else; turned out i had stuff laying around in hosts [16:34]
***sga0 has joined #arpnetworks [16:35]
......... (idle for 42mn)
fink has quit IRC (Quit: fink) [17:17]
RandalSchwartzhard to tell. But once I refreshed from this morning's backup, everything is good. [17:28]
acf__RandalSchwartz, brycec: fwiw, I was seeing similar issues with Google over an ARP IPv6 tunnel today
sometimes Google will load fast
sometimes it will just stop loading, and I have to refresh
then it loads immediately
it's still happening for me
I think pages are cached, so the problem appears to go away
[17:32]
RandalSchwartzBack on ship, all pages equally slow. :)
Something infected my machine earlier today
to go off to SuperFish
probably the first bar I was at
Neil's machine was fixed by a reboot
mine didn't get fixed until I restored from this morning's clone
[17:35]
but thank goodness, it seems to be rid of whatever I picked up from that first wifi hotspot [17:42]
acf__hmm... Google IPv6 used to go over any2ix I thought
I know Google IPv4 did
[17:44]
RandalSchwartzRandalSchwartz wanders off [17:46]
....... (idle for 33mn)
***sga0 has quit IRC (Read error: Connection reset by peer)
sga0 has joined #arpnetworks
[18:19]
.......... (idle for 45mn)
acf__ is now known as acf_ [19:07]
...................... (idle for 1h45mn)
pseudodoge has quit IRC (Ping timeout: 240 seconds)
novae has quit IRC (Ping timeout: 272 seconds)
novae has joined #arpnetworks
[20:52]
................................... (idle for 2h51mn)
pseudorandom has joined #arpnetworks
pseudorandom has quit IRC (Ping timeout: 240 seconds)
[23:48]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)