***: toeshred has quit IRC (Ping timeout: 255 seconds)
grody has joined #arpnetworks pyvpx: there are plenty of ways to speak with the IPv4 world if you are IPv6 only internally. and if more folks were IPv6 internally, they'd naturally lean towars 'speaking' natively to the rest of the IPv6 world...and then IPv4 might be relegated to the token ring of history.
only problem is IPv6 still kind of sucks. mercutio: the whole ipv4 vs ipv6 thing is interesting
there's a high interest in being "ipv6 ready"
but low interest in actually using ipv6 ***: toeshred has joined #arpnetworks plett: grody: DECT doesn't use the 2.4G ISM band
Not in the UK, at least mkb: mercutio, if you've got a firewall dropping idle connections, do you know of any way to figure out where it is? lily: so, apparently my host was ddosed over the weekend. gotta love spring break. the host is up but the network route is blackholed. whats the process for getting this back on the network?
most places just do like 24 hour block, but this has been down for days now milki: lily: send an email to support NiTeMaRe: n locate /connect OFTC
er
try that again? mercutio: mkb: it's usually the modem/router
lily: any idea why it was ddosed? lily: efnet haters mercutio: erk efnet sucks
i got ddos'ed on efnet once lily: been there too long to leave mercutio: because someone wanted my nick lily: yeah
I have a channel thats been established for a decade
I am a popular target sometimes BryceBot: That's what she said!! lily: ;) mercutio: efnet sucked a decade ago to
too lily: oh sure mercutio: it's nothing new
but last i knew they still hadn't implemented services
or any kind of room management lily: correct
its the wild west mercutio: or any way to hide what ip you're using
so people get ddos'ed lily: people get ddsed on every network. mercutio: i haven't been ddos'ed since using efnet?
since not using efnet lily: ddos is the internet equivalent of tagging
its stupid mercutio: happens more in poorer areas? lily: heeh
I dunno, lots o popular websites get hit too brycec: lol mercutio lily: the IP I chat from is ddos protected (on another provider), and they dont usually decide to spray everything in my domain down
but its spring break I guess
packet party mkb: mercutio, it's outbound from ARP mercutio: mkb: damn i cant' follow now mkb: mercutio: the connection dropping mercutio: oh you're losing connections from arp to somewhere else?
inside tmux or such mkb: yeah
I mean like once a week mercutio: is it routing via arp, or initiated from arp? mkb: from here mercutio: oh only once a week
that could jsut be network glithces
lots of adsl modems here used to drop connections after a minute or two idle
which could easily be more than once a day if you didn't enable "keep alive"
irc has server pings
so is never truly idle mkb: even IRC drops occassionally. network glitches it looks like brycec: Doesn't tmux's default config have a clock, so it's redrawing at least once a minute. mercutio: my freenode drops about once 1 to 8 weeks
once every
but sometimes if it drops once it'll drop again shortly after
brycec: yeh
brycec: but i think he's talkinga bout losing irc connection? -: mercutio does tmux deatch sometimes mercutio: well ^Bd mkb: brycec, if I ssh from inside tmux that connection could be idle (not that ssh doesn't enable keepalive) mercutio: like when i'm sick of getting distracted :) mkb: heh brycec: Very true. I didn't know if you were running tmux on the remote side
(s/running/using/) mercutio: ssh doesn't enable keepalive by default
i don't have keepalive enabled anywhere myself. mkb: mercutio, man ssh_config, /TCPKeepAlive
'The default is "yes"' mercutio: it does key renegotiation occasionally, but that's not often enough to stop nat systems that drop connections a lot
mkb: oh? brycec: But that's not the same as the server ping. That's just a basic TCP keepalive packet mkb: right
ServeAliveInterval is server ping and that is disabled mercutio: i think you need tcp keealive enabled in kernel for that?
oh it does have that enabled by default too. interestnig. mkb: BSD wll do it when SO_KEEPALIVE is set on the socket or the global sysctl is set; I would hope Linux does too mercutio: i'm out of date it seems :) mkb: I just looked at BSD's code this morning :) mercutio: where are you sshing to from arp?
is it to your home or something that has nat and a cheap router? mkb: I'm not. I used to use bgp-spamd and the bgp connection would come undone all the time (it keeps a counter and bgpctl show displays it so I noticed...
now there's freenode
what prompted the question was a connection to arp actually
I leave my work computer on and connected and it's invariably disconnected in the night mercutio: basically most cheap adsl/vdsl/cable/etc routers have really short timeouts to conserve memory mkb: at work we've got our own AS and real routers :) mercutio: memory got raised a while ago, but i think the short timeouts persisted to a degree. mkb: but the firewall may be interfering mercutio: my desktop is still crashing :(
i was trying to test ssh connections dying mkb: anyway I left it on with TCPKeepAlive no and ServerAliveInterval on so we'll see what that does mercutio: i'm going to do it from my server :/
ok two ssh's to arp to persist inside a tmux :)
i still can't figure out why my desktop is crashing
also the ethernet is wedging occasionally, for some strange reason too
which seems strange considering it's i217v
oh seems like it could be a tso bug from what google says
it seems both intel and broadcom seem to acquire a lot of bugs.
and are both the generally "preferred" server ethernet adapters. ***: HotTopic has joined #arpnetworks
HotTopic has left
pjs has quit IRC (Read error: Connection reset by peer)
pjs has joined #arpnetworks
pjs is now known as Guest1495
t1495Gues has joined #arpnetworks
Guest1495 has quit IRC (Ping timeout: 255 seconds)
t1495Gues is now known as pjs mkb: mercutio, get to work implementing the new RFC into your TCP stuff :)
scenic routing mercutio: haha
i have not seen, got a link?
i've just noticed that on fast hosts, using my own curl instead of curl improves performance significantly
i mean i knew it used less cpu and could go faster on really fast networks.
i just didn't expect normal fast hosts for it to make a difference
of like 10 to 20% or something
kind of makes me want to make my curl less ugly :) mkb: https://tools.ietf.org/html/rfc7511 brycec: Don't forget https://tools.ietf.org/html/rfc7514 mercutio: damn it needs ipv6
RECN
haha RandalSchwartz: something odd on kvr07?
my server just went wonky
I'll try a reboot mercutio: how does amazon get away with having such terrible search? RandalSchwartz: yeah - my server still running like molasses mercutio: sems strange
bad network or disk or cpu or what? RandalSchwartz: not sure mercutio: tracing to kvr07 looks fine brycec: (heh, I used to have a vps on kvr07, but no longer) RandalSchwartz: yeah... it seems better now.
maybe had a noisy neighbor for a bit
first thing that broke was ssh
hmm. just got a nagios "total processes" alert
maybe I'm getting mail-bombed?
(it's our mail machine) mercutio: is it in swap? RandalSchwartz: looking now
no... mercutio: i've noticed an increase in smtp auth attacks recently in general
ssh has had them for ages regularly
but smtp used to be much more occassional RandalSchwartz: loadav only 2.35 mercutio: i like to stay under 0.6 myself :) BryceBot: That's what she said!! mercutio: of course that's an arbitary number.
and bsd has higher load averages than linux etc. RandalSchwartz: total procs only 93
I wonder what my alert is looking for mercutio: 2.35 on bsd isn't so bad
doesn't it tell you?
it may have culled smtp processes? RandalSchwartz: I'm just viewing through pagerduty mercutio: are you using postfix? RandalSchwartz: yes
because M4 sucks. :) mercutio: do you have maxproc set for smtp in master.cf ? RandalSchwartz: hmm. good question mercutio: it defaults to off
but i recommend setting it RandalSchwartz: yeah, that would make sense mercutio: my personal mail server has it set to 8
buut if lots of users i'd set it a bit higher
well it depends
i'm going straight through to amavis too
so that amavis procesess it before it hits quueue
smtpd_client_connection_count_limit=2
i'm also setting that
so that any one client can't do more than 2 connections RandalSchwartz: looks like it defaults to 100
so yeah - I can probably crank that back mercutio: yeah
if you do the client connection limit it'll make you get less alerts
if one user throws many connections at it
if you get 25,000 connections you're screwed whatever you do :) RandalSchwartz: heh mercutio: welll ddos type from random ip's RandalSchwartz: ok - changed value and "service postfix restart" mercutio: you only need reload
it can take up to a minute for reload to work RandalSchwartz: I'm never sure, especially on master.cf mercutio: but reload is all you need on most postfix changes RandalSchwartz: simple enough to just restart mercutio: ok. RandalSchwartz: server seems sensible now.
haven't rebooted it in quite a few months though
maybe it was just being bitchy
anyway... pagerduty is happy again. mercutio: heh.
postfix has heaps of new things i haven't paid attention to
the last big change i made is goign straight to amavis instead of going through the mail queue first. RandalSchwartz: I'm using mailroute.info instead mercutio: haven't heard of it
i've been using amavis forever
there may be better options now, but don't want to use something external really RandalSchwartz: it's a paid service
they have access to information I can't possibly have mercutio: i don't get much spam
i do get quite a few promotions
especially from amazon RandalSchwartz: merlyn@stonehenge.com has been very public for two decades mercutio: and the normal linkedin crap etc.
most of my spam comes from google, yahoo etc.
ie free email up_the_irons: lily: lol "packet party" lily: :) up_the_irons: mercutio: and lol for suspecting DDoS happens more in poorer areas ;) mercutio: up_the_irons: well it was more tagging that happened in poorer areas
err happens
ddos's on efnet are probably just young kids
when i was yonger making free phone calls was popular etc.
but now things seem more destructive towards individuals up_the_irons: yeah mercutio: why does windows run out of memory with 32gb of ram on a desktop?
bloody braindead. ***: dj_goku_ has joined #arpnetworks
dj_goku has quit IRC (Ping timeout: 265 seconds)
cloudkitsch has joined #arpnetworks
cloudkitsch has quit IRC (Remote host closed the connection) mercutio: i need a proper target to test on verizon's network, anyone got any ideas?
something that doesn't block ping
oh, verizon.net :)