can anyone think of why all of a sudden i started getting port 22: Connection refused when trying to ssh into my vps?
i haven't made any recent pf rule changes, and i can ping it
linux?
some linux are set up with an autothrottle... too many failures and the port is shut down for a while.
that's part of why I don't run sshd on 22 any more
I use a high port
it's too expensive to do a full netscan on high ports to see if there's an sshd
when so many people run them on 22
i don't think it usually connection refuses, i think it usually just accepts and disconnects?
there  may be ssh rate limit though
mus1cbox: http://support.arpnetworks.com/kb/main/is-there-a-firewall-filter-rate-limit-or-similar-device-applied-to-my-traffic
hmm that's per ip, so he'd have to be doing 15 connections within 60 seconds from his ip to hit that.
you can actually easily configure opensshd to listen on multiple ports too
Yup
I just stopped listening to 22 because I was tired of, as Steve Gibson puts it, listening to the "background radiation" of the net
i prefer ip acl's.
if I ever knew where I was sshing from... sure.
well yeah it doesn't work if you ssh from random locaitons
"nomad" is my middle name
which looks weird on my passport yes.
then maybe running on port 443 would help you
yeah, I actually do that for one box
so I can tunnel through https firewall
i'm dumping on an unused ip
i haven't seen anything yet
CONNECT some.box:443
dropbears easy bouncing can be handy
socat can do it on the command line :)
telnet scan
from turkey.
then sip scan from US
open sip server is scarier than open ssh server.
Does any of this mean my unmanaged / dumb switch has spanning tree? 802.3, 802.3u, 802.3ab, 802.3x, 802.1P
also 802.1P QoS
don't think so
having qos seems curious though
http://en.wikipedia.org/wiki/IEEE_802.1D
IEEE 802.1D :: 802.1D is the IEEE MAC Bridges standard which includes Bridging, Spanning Tree and others. It is standardized by the IEEE 802.1 working group. It includes details specific to linking many of the other 802 projects including the widely deployed 802.3 (ethernet), 802.11 (Wi-Fi) and 802.16 (WiMax) standards.  VLAN (virtual LAN) is not part of 802.1D, but specified in 802.1Q.  Publishing history:  1990 — Original publication...
think that's what you're looknuig for
mercutio: thanks
mnathani_: you shouldn't need stp anyway.
I like loop detection / automatic blockiing
does it do snmp?
doubt it
maybe you can trigger on high packet counts.
i suppose you could awlays get a manged switch
it cost like $35 - 8 port gigabit unmanaged
i'm using a cheap managed switch that has stp
brand?
edgecore
ECS2000-26T
there's a few similar ones to that though
fanless 24 port gigabit+2 sfp
low power usage, minimal management
http://www.edge-core.com/ProdDtl.asp?sno=393&ECS4210-28T
I was going to guess ^
i think the one you linked is newer
http://www.amazon.com/Cisco-SG200-26-Ethernet-Mini-GBIC-SLM2024T/dp/B004GHMU5G/ref=sr_1_2?ie=UTF8&qid=1423719865&sr=8-2&keywords=26++port+managed+switch
Amazon: "Cisco SG200-26 Gigabit Ethernet Smart Switch with 24 10/100/1000 Ports and 2 Combo Mini-GBIC Ports (SLM2024T)"
i think that does stp
maybe the 8 port one does even
oh i can do sflow
huh it has upnp too
why would upnp be ona layer 2 switch?
wow it even has dual firmware versions on it
http://www.edge-core.com/qapage.asp?sno=138
that's kind of cool
not that i need it
your Amazon switch: Shipping: Currently, item can be shipped only within the U.S.
which item was that?
Cisco SG200-26 Gigabit Ethernet Smart Switch
there's cheap ram on amazon atm btw
ahh
did you want that many ports?
16 should be plenty
did you want sfp?
no need for sfp
http://www.amazon.com/TP-LINK-TL-SG3210-10-port-Pure-Gigabit-1000Mbps/dp/B006B7R3YC/ref=sr_1_11?ie=UTF8&qid=1423721081&sr=8-11&keywords=managed+switch
Amazon: "TP-LINK TL-SG3210 10-port Pure-Gigabit L2 Managed Switch, 8 10/100/1000Mbps ports, 2 Gigabit SFP  slots"
this switch is cheaper
however my mikrotik came with one sfp
That's what she said!!
dunno if that hips to you
it doesn't ship to me
you can use direct attach cables for like $10
but limited length
so yeah there's a few options for cheapish managed switches now
they usually have terrible interfaces
but if you just setup and forget it's probably a non issue really
this is the one I have now: http://www.amazon.com/dp/B00A121WN6/ref=psdc_281414_t3_B006B7R3YC
Amazon: "TP-LINK TL-SG108 8-Port 10/100/1000Mbps Desktop Gigabit Steel Cased Switch, IEEE 802.1p QoS, Up to 72% Power Saving"
it used to be that all the managed switches had fans
which put me off
because tehy're always tiny fans
that has tiny buffer
you'll probably find most managed switches have slightly bigger buffers
and it used to be only netgear had cheap managed switch
then they had a newer version which was worse
whats the highest throughput one can expect across a gigabit link - server to server?
i get a little over 970 megabit i think
with linux to linux
but i disable tcp time stamps
but yeah with 1.5k mtu it's around 970 megabit.
i seem to recall at least.
@wa 970 megabits per second to megabytes per second
some ethernets do lower
convert 970 Mb\/s  (megabits per second) to megabytes per second;121.3 MB\/s  (megabytes per second);0.97 Gb\/s  (gigabits per second);9.7×10^8 b\/s  (bits per second);~~ 0.78 × OC24 speed ( 1.244×10^9 b\/s );~~ 0.97 × 1000BASE-T speed ( 1 Gb\/s );~~ OC18 speed ( 9.331×10^8 b\/s );information rate;[time]^(-1) [information];Time to transfer 1 gigabyte:,  ->8.2 seconds,  ->0.14 minutes;Time to transfer 1 terabyte:,  ->8247 seconds,  ->137 minu
err some cards
[  4]  0.0-10.0 sec  1.09 GBytes   938 Mbits/sec
this is one random test
maybe i had higher mtu
@wa 938 megabits per second to megabytes per second
convert 938 Mb\/s  (megabits per second) to megabytes per second;117.3 MB\/s  (megabytes per second);0.938 Gb\/s  (gigabits per second);9.38×10^8 b\/s  (bits per second);~~ 0.94 × 1000BASE-T speed ( 1 Gb\/s );~~ OC18 speed ( 9.331×10^8 b\/s );~~ 1.2 × FireWire (IEEE 1394b) 800 speed ( 786432 kb\/s );information rate;[time]^(-1) [information];Time to transfer 1 gigabyte:,  ->8.5 seconds,  ->0.14 minutes;Time to transfer 1 terabyte:,  ->8529 se
i used to think ethernet had higher latency than it does.
but a lot of it's the cards, computer etc.
like you can do 50 micro seconds latency for ethernet
but it's still common to see over 0.1 msec
on intel cards changing ethtool can help
and linux's scheduling seems to help with ping -f
realtek don't do colaescing so lower delay, and higher overhead.
but anyway, at high speeds it's easy to get a drop in performance from packet loss
and larger queue sizes can decrease the chance of that happening, but can also increase jitter
but you can use fq_codel in linux to not go faster than gig and so point to ponit is fine
but multi point to point can still suck
it only matters if you're sharing between file server and internet on the pipe
and you can always just rate limit file server to 900 megabit or something
http://www.amazon.com/Cisco-SG200-26-Ethernet-Mini-GBIC-SLM2024T/dp/B004GHMU5G/ref=sr_1_2?ie=UTF8&qid=1423719865&sr=8-2&keywords=26++port+managed+switch
Amazon: "Cisco SG200-26 Gigabit Ethernet Smart Switch with 24 10/100/1000 Ports and 2 Combo Mini-GBIC Ports (SLM2024T)"
this says it ships to me
oh
it doesn't link the 8 port
i mean the $88.99 one
adn it seems to suggest it still supports stp on cisco's site
but amazon comments semeed to suggest annoying firmware issues
http://www.amazon.com/NETGEAR-ProSAFE-GS108T-Gigabit-1000Mbps/dp/B003KP8VSK/ref=pd_cp_e_2
Amazon: "NETGEAR ProSAFE GS108T 8-Port Gigabit Smart Switch 10/100/1000Mbps"
even this says stp support
lol @ "2)Breaking UDP is unacceptable, as its widely used."
That's what she said!!
but it's netgear so it may be crap
yeah i hadn't notice that when i mentioned it mnathani_  :)
i assumei t's one of their linksys products.
why would they deliberately cheapen their brand by using the cisco name on inferior products?
i dunno
do you remember how bad linksys modems were?
maybe they weren't around there
but they were terrible here.
but the linksys phones were fine.
all I seem to recall Linksys related were there wrt54 line of wireless routers
newegg rates that netgear switch low
the ones that overheated?
and people ranted and raved about being able to run custom firmware.
the default firmware sucked :/
tp-link routers have terrible firmware too.
but their hardware seems to be "surprisingly good"
and their price is always great.
i took a gamble with my switch
there were like no reviews around
http://www.amazon.com/TP-LINK-TL-SG108E-8-Port-Gigabit-Tag-Based/dp/B00K4DS5KU/ref=sr_1_33?s=pc&ie=UTF8&qid=1423722704&sr=1-33
Amazon: "TP-LINK TL-SG108E 8-Port Gigabit Easy Smart Switch with 8 10/100/1000 Mbps RJ45 Ports, MTU/Port/Tag-Based VLAN, QoS and IGMP"
that says it has loop protection too
hangon isn't that what you had
TP-LINK TL-SG108
no E at the end
ahh
yeh so it still has short queue length
but it allows port mirroring and loop protection
the one you linked?
or the one I have
108E
there's  table down the bottom
it includes your one too
it doesn't have a web based gui too
i don't think it supports lacp either
i don't know if you want to do lacp
http://www.amazon.com/dp/B009LEJJM6/ref=psdc_281414_t3_B00K4DS67C
Amazon: "TP-LINK TL-SG2216 16-Port Gigabit Smart Switch with 2 Combo SFP Slots, 802.1Q VLAN, L2/L3/L4 QoS, IGMP Snooping, Port Security, Storm Control, Web-based Management"
what about this one?
I like that one
managed, gigabit, under $200
it also does port mirroring
and snmp
lacp
i can't see sflow support :/
is sflow kind of like netflow?
yeah
except it's not usually every packet
oh rmon is like sflow too apparently
oh but it doesn't do the useful groups :/
can windows do lacp / link aggregation
yeah
but you need two connections normally
server OS only?
don't think so
http://hardforum.com/showthread.php?t=1762818
so yeah you need proper network drivers.
oh the switch can store a network key :)
for ssh
nice
http://www.tp-link.com/resources/document/TL-SG2216_V2_UG.pdf
hmm it can do dhcp filtering too
the doc / manual is quite extensive
they're all like that
explains stuff + theory with diagrams etc
one guy was complaining about vxworks having security vulnerabilities
but i think most of them are like that too
oh my switch has ssh too
Welcome to Vitesse Command Line Interface (v1.0).
dunno what that is :)
FWIW I have a TP-Link TL-SG2424 I've been quite happy with.
is that the same series?
(24 GbE w/4 SFP, fully managed, etc)
dyeah looks same specs but sfp
I'd say a similar series
oh and still fanless
brycec: how bad is the web interface?
mercutio: It's meh
No worse than netgear's
that's not saying anything :)
netgear are bottomo f the barrel :)
I prefer it to its commandline, but that's not saying much either.
heh
but stability is fine?
I'd disagree, but the only managed switches I've ever admin'd were Netgear (7326 and 7?24) and this TP-Link
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1099870606) 127 days, 7:11:46.06
ahh you're doing snmp to it :)
(I am because otherwise I'd have to proxy to get to its web interface, but I have ssh on a machine local to it)
oh the web interface says uptime
System Uptime217d 18:37:03
my computers definitely have lower uptime than that :)
It's crashed just once in its 1+ years. It was overloaded due to a loop I'd introduced, before I'd setup loop detection / rSTP
i've only used one buggy switch
(And that was on a previous firmware too)
and it would bug out again and again
but only when configing things
was still damn annoying
it was to do with vlan config
heh i saw my switch has new firmware, but no changelog
i'm not really racing to update it
This switch isn't doing too much, bunch of vlan tagging, igmp snooping (both v4 and v6), basic broadcast throttling and STP / loop detection (off the top of my head)
yeah most people don't even use vlans
I like the TP-link has native ipv6 support
i'm not using vlans atm
for management?
Even for such simple things as  wifi network as guests, all of that ssid traffic is pushed to a dedicated vlan
hmm
yeah that's a nice idea
i wonder if i can do that
I don't see why not.. but I have no idea what equipment you have :P
tp-link ac1750
i can't see it
i could just use separate router for guest wireless
Is this at all relevant? http://www.tp-link.com/en/article/?faqid=418
well yeah i saw that
but i can't see anything like that in the web ui :)
i could just stick openwrt on it :)
i have it on the secondary anyway
Well then ditch the stock fw and put something like openwrt on it :p
lol
apparently cisco has announced 2.5 gigabit ethernet support now
   http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/catalyst-multigigabit-switching/multigigabit-ethernet-technology.pdf