#arpnetworks 2015-01-02,Fri

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***jcv has joined #arpnetworks [00:03]
.......... (idle for 45mn)
kevr_ has quit IRC (Changing host)
kevr_ has joined #arpnetworks
kevr_ is now known as kevr
[00:48]
.......................................................... (idle for 4h49mn)
mnathani] [05:37]
.... (idle for 16mn)
***tabthorpe has quit IRC (Quit: leaving)
tabthorpe has joined #arpnetworks
tabthorpe has quit IRC (Changing host)
tabthorpe has joined #arpnetworks
[05:53]
..................... (idle for 1h44mn)
mike-burns has quit IRC (Quit: WeeChat 1.0.1) [07:39]
..... (idle for 20mn)
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns
[07:59]
...................................... (idle for 3h7mn)
mus1cboxya im not looking forward to using ipv6. so fucking long [11:06]
staticsafejust use DNS [11:11]
brycec^ [11:13]
mus1cboxhow would you assign an ipv6 ip to a new machine, before it's even up and has a chance to be configured with dns?
or maybe it is the dns server
[11:14]
brycecPlus if you have a brain like mine, it's easy to remember /64 portion [11:14]
plettmus1cbox: SLAAC [11:14]
brycecdhcpv6 can register with dns
or use mdns
or just stop caring about addresses...
(i.e. slaac)
[11:14]
mus1cboxoh
so you guys are having a fine experience running ipv6?
[11:19]
mercutiostatic: no-one uses dns on ipv6 [11:20]
brycecHuh ^? [11:20]
mercutiodns reverse lookups bascially don't exist. [11:21]
mus1cboxwtf why not [11:21]
brycecuh... what? ^?
mercutio: you trolling?
[11:21]
mercutiobecause providers never seem to configure it? [11:21]
brycecBecause... DNS still a thing, including PTR. [11:21]
mercutiobrycec: do some traceroutes over ipv6...
you'll quickly see 8/10 or more ipv6 addresses have no reverse dns
[11:21]
bryceclazy providers... Half my v4 hops across comcast don't have ptr's. Doesn't mean nobody DNS' on IPv4 though. [11:22]
mercutiolike tracing www.google.com from arp has 0 dns reverse lookups. [11:22]
brycecNah, it has 1 - google's [11:22]
mercutionot here [11:22]
mus1cboxseems ipv6 is reducing network accessibility for admins [11:23]
brycec11. iad23s23-in-x03.1e100.net 0.0% 6 68.4 68.5 68.4 68.7 0.2 [11:23]
mercutiohttp://pastebin.com/raw.php?i=kFTYJ0W6 [11:23]
plettmercutio: That's not a v6 thing, Google suck at adding v4 PTR records as well as v6 [11:23]
mercutioweird traceroute isn't working with udp or icmp wioth ipv4
oh just timing oitu hop
10 pa-in-f106.1e100.net (74.125.25.106) 30.763 ms 30.771 ms 30.612 ms
i got one google lookup
[11:25]
mus1cboxis it true ipv6 is less secure? [11:25]
brycecNo
It's as-secure as v4
generally
[11:26]
mercutiomus1cbox: lots of users don't do firewalls on ipv6.
and were relying on nat for "firewall" on ipv4.
[11:26]
brycecthere are some security/privacy extensions available to v6 too
As a technology, it's as-secure
[11:26]
mercutioso you may find suddenly you can accept incoming connections when you coiuldn't before. [11:26]
brycecIt's just the same as before "everybody" was NAT'ing [11:26]
mercutiothere are some neighour exhaustion issues too. [11:27]
mus1cboxah [11:27]
brycec(and "everybody" used global v4 addresses) [11:27]
mus1cboxwhat's neighbor exhaustion? [11:27]
mercutiobrycec: yes, but now people have the internet that used to not.
mus1cbox: it's when your subnet gets scanned and your router struggles to deal with checking out who is there.
it's kind of like the "too large bridge domain" issue with ipv4.
http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
[11:27]
mus1cboxoh
ty
does ipv6 improve susceptibility to ddos?
[11:28]
mercutiouhh
ddos is a complex issue.
you can trivially overload switches etc.
it should be fixed sometime.
[11:29]
m0undsthe only improvement to ddos susceptibility is that lots of zombie boxes used to attack stuff don't have ipv6 connectivity yet [11:30]
mus1cboxhahha
security through lack of connectivity :P
[11:31]
mercutiom0unds: i thought hetzner etc had ipv6 now? [11:31]
m0undsmercutio: could be, i have no idea
but there are still tons of compromised residential machines being used as attack sources
[11:32]
mercutiooh wtf
this is worse on that gear than i thought
1 pps of traffic with random ipv6 source address can full ndp table.
[11:32]
mus1cboxpps? [11:32]
mercutiooh that's coming forom inside the network
packet per second
[11:32]
mus1cboxyou don't mean petabyte do you?
oh phew
[11:33]
mercutiothis is sounding worse and worse :)
that's on nexus 5500
with juniper it's slightly better apparently.
[11:33]
m0undsyes, faster cpu, more ram [11:34]
mus1cboxdeath by 1pbs
pps*
yea i think next time i buy networking gear i'll replace cisco with juniper
[11:34]
mercutioso yeah don't use l3 switches for ipv6? [11:34]
m0undsthere are pitfalls with either
mercutio: yeah, haha
[11:34]
mercutioi hate dhcp
i hate arp
not arp networks
arp the protocol
[11:35]
m0undsYOU BASTARD
GET OUT
[11:36]
mercutioi hate neighbour discovery [11:36]
m0undsi hate my neighbors [11:36]
mus1cboxm0unds: choosing a name like arp networks, you have to expect some confusion [11:36]
mercutioheh [11:36]
m0undsmus1cbox: i know it [11:36]
mercutioi actually kind of think there should just be a secure key between ethernet devices
with maximum advertised ip's etc./
and dynamic routing type stuff with filters.
and cut out bridging type systems
but if using neighbour discovery you could still limit individual users to using too many addresses etc
there's a discussion on nznog about ipv6 prefix size to allocate to end users.
[11:36]
............ (idle for 55mn)
mus1cboxwhat's the thinking? [12:37]
........ (idle for 39mn)
mercutionot much currently.
not the best time of year to get responses :)
whenever i see an interesting post i hope people have interesting replys. but often the good posts don't get many answers.
i'm about to redo my raid... fun times.
going from 3 to 4 drives and new raid array is going to be slightly annoying
as don't have enough sata ports :(
[13:16]
***novae_ has quit IRC (Ping timeout: 265 seconds) [13:35]
novae has joined #arpnetworks [13:40]
mus1cboxdo you use zfs? [13:46]
mercutioyes
and mdadm
i'm using mdadm in raid 10, and zfs in raid-z
but going to do raid 10 for both i think
but raid 0 for bulk storage.
and just backup over network to hard-disk system
this is ssd only :)
only got 3x120gb atm though
and upgrading to 2x250 and 2x480
trying to decide on layout.. i'm thinking like 32gb for mdadm per disk, 4gb for swap, 16gb for proxy, 200gb for zfs
maybe 192gb for zfs, i have to short stroke a bit more the 250s i think.
then like 220x2 extra for zfs raid 0
fuck it i'll just do the root first :)
[13:46]
........................................... (idle for 3h32mn)
i hate grub [17:22]
up_the_irons+1 [17:29]
JC_Dentonlilo felt so much easier [17:37]
mercutioJC_Denton: does lilo support uefi?
i probably should research other boot loaders.
[17:45]
staticsafeno it doesn't [17:49]
.... (idle for 18mn)
brycecelilo does
@wiki elilo
[18:07]
BryceBotLILO (boot loader) :: LILO (LInux LOader) is a boot loader for Linux and was the default boot loader for most Linux distributions in the years after the popularity of loadlin. Today, most distributions use GRUB as the default boot loader. Overview LILO does not depend on a specific file system, and can boot an operating system (e.g., Linux kernel images) from floppy disks... http://en.wikipedia.org/wiki/LILO%20%28boot%20loader%29 [18:07]
....... (idle for 30mn)
dnedne prefers syslinux - recent versions have EFI support [18:37]
........ (idle for 35mn)
mercutiointeresting.
i really just want to be able to select a few different kernels to boot
[19:12]
......................... (idle for 2h2mn)
jpalmerhow many people will stop following me on twitter, if I tweet about a powershell post? :P [21:14]
........ (idle for 37mn)
mercutioheh
only one way to find out :)
Timing buffered disk reads: 4660 MB in 3.00 seconds = 1552.74 MB/sec
nice and fast raid :)
[21:51]
***SpeedBus has quit IRC (Quit: SpeedBus@CrownCloud.net) [22:01]
mus1cboxhttps://www.youtube.com/watch?v=sV_bDXgeg7Q [22:13]
BryceBotYouTube People: "Counterfeiting : Documentary on the Business of Counterfeits and Knock-Offs" by The New School (1h 35m 17s), 892,712 views, 2,727 likes and 256 dislikes. Uploaded 2013-10-01T03:56:12.000Z. [22:13]
mus1cboxinteresting watch, esp for anyone who takes pharmaceutical drugs [22:14]
m0undshahaha, i got a ps3 eye camera for doing head tracking in ARMA and flight sims
my wife was freaked out moving her head and having it pan the view around
[22:25]
mus1cboxstep 1. step 2, Fabio.
(http://www.fabioifc.com/)
[22:31]
.......... (idle for 49mn)
mercutiothat does sound a little disorientating [23:20]
..... (idle for 20mn)
uh oh i'm reading slashdot again. bots are scanning github to steal amazon ec2 keys. [23:40]
mus1cboxhow could that be, git users are soooo smart [23:41]
mercutioheh [23:41]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)