--- Log opened Tue Apr 03 09:00:21 2018
09:12 < aaa_> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my router and not any further. When I enter the IP
09:12 < aaa_> into my browser, it opens the login page for my router. So it appears 1.1.1.1 is used as a loopback in my Calix router.
09:12 < aaa_> lol
09:12 < Ben64> stupid things use 1.1.1.1
09:13 < aaa_> ppl at cloudflare are fucking genius
09:13 < Ben64> they really are
09:14 < aaa_> yes this is a requirement to enter the company
09:14 < Ben64> :|
09:14 < hey2> 9.9.9.9
09:15 < yawkat> Well you don't have to use the service...
09:15 < yawkat> Maybe this'll get people to fix their routing at least
09:15 < Peng_> Their other IPs are misrouted less often
09:16 < aaa_> :|
09:20 < aaa_> dns over https
09:22 < Dragon22> How does a transparent spam filter works?
09:23 < grawity> doesn't, if TLS is active
09:23 < Atro> implying TLS
09:23 < grawity> the kind I've seen monitors your connections to port 25 and just kills them if it sees spam
09:23 < grawity> (well the one I've dealt with also filters out any TLS support that the server might advertise)
09:24 < Atro> either way, those spam checkers would check reputation
09:24 < Atro> which is IP
09:24 < Atro> not content
09:24 < grawity> some do both
09:24 < Atro> true, but if first fails, no reason to check content
09:24 < Atro> unless it runs a weight sistem
09:25 < Atro> *system
09:26 < grawity> aaa_: DNS over HTTPS kind of feels very wrong (like something xkcd might have invented ironically), but apparently even the dnscrypt developer prefers it over DNS over TLS https://twitter.com/jedisct1/status/960472089580003328
09:26 < aaa_> lol man
09:27 < Atro> DNS over TCP, what could go wrong?
09:27 < aaa_> I will invent DNS over IRCS for you guys...
09:27 < grawity> nothing – DNS over TCP has been part of the spec since day one?
09:27 < Atro> which is also tcp
09:27 < endre> aaa_: !
09:28 < Atro> i want DNS over GRE pls
09:28 < aaa_> lol
09:28 < grawity> DNS over carrier pigeons
09:28 < endre> DNS over ICMP
09:28 < aaa_> DNS over skype, this one seem legit
09:28 < Dragon22> So there is no "Transparent" spam filter if the mail server uses TLS?
09:29 < Atro> gotta break the TLS to check content
09:29 < aaa_> we are busy inventing the next generation of dns bro
09:29 < Atro> guys
09:29 < Atro> its ez
09:29 < mAniAk-_-> Dragon22: whatever terminates the tls session can see conent
09:29 < Atro> https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
09:29 < Atro> just pick a random number
09:30 < aaa_> seriously ?
09:31 < aaa_> port 81 , dns over skype, done.
09:31 < grawity> mAniAk-_-: yeah but then it's not a "transparent" filter anymore
09:31 < Dragon22> https://www.logsat.com/sfi-spam-filter-download.asp
09:31 < Atro> Dragon22: gross
09:31 < aaa_> The Skype protocol is a proprietary Internet telephony network based on peer-to-peer architecture, used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.
09:31 < Dragon22> Does not do Transparent.
09:32 < House> is skype still p2p?
09:33 < Atro> yes
09:33 < Atro> at least the chat
09:33 < Woodpecker> Question for someone really really smart.
09:33 < House> i see wikipedia still says p2p. just thought there was a watershed lastyear w.r.t. obsoleting older skype versions when they changed to client/server with microsoft servers in the middle of everything
09:34 < grawity> well, they did stop using random PCs as supernodes in favor of centrally hosted ones
09:35 < Woodpecker> I am building a console application that uploads youtube videos to various youtube accounts. In order to do that, you need to open up a browser and login to youtube, etc. I am trying to bypass that. Thus my question
09:36 < grawity> ah so you want the malware-writer kind of smart
09:36 < aaa_> lol
09:36 < grawity> or do you just want to obtain *new* auth tokens from username/password?
09:36 < grawity> that used to be supported via ClientLogin, IIRC; did they remove that
09:36 < House> in 2012 from what im seeing in google results. perhaps still p2p from the 40,000ft view, but maybe more like FBI/NSA controlled TOR exit nodes ;)
09:36 < aaa_> where I can submit my new protocol guys ?
09:37 < Woodpecker> i think you can do it via refresh token
09:37 < grawity> aaa_: write an Internet-Draft for it.
09:37 < Atro> aaa_: IETF
09:37 < aaa_> this is free to submit ?
09:37 < grawity> Woodpecker: where are you going to obtain the refresh token from
09:37 < grawity> Woodpecker: scrape it from Firefox's cookie store? app goes straight into the malware trash can
09:37 < grawity> aaa_: yes
09:37 < Woodpecker> buuut that means that every time i start the application, I need to have a browser open.
09:37 < aaa_> cool.. :)
09:37 < Atro> lol
09:37 < grawity> Woodpecker: get the token once, store it to your own config file
09:38 < grawity> Woodpecker: on 2nd start, refresh it without browser
09:38 < aaa_> what do you want to do ?
09:38 < grawity> aaa_: some hilarious stuff gets submitted as I-D's
09:38 < aaa_> what for example ?
09:38 < grawity> lemme grep
09:38 < grawity> all of draft-omar-*, I think
09:38 < Atro> in b4 1st april stuff
09:39 < Woodpecker> grawity: is it too impractical to try to get the initial access token without having a browser?
09:39 < grawity> Woodpecker: I'm pretty sure they have some flows specially designed for standalone apps
09:39 < Woodpecker> that is really the goal here, just so I dont have to run a desktop on my server.
09:39 < grawity> you don't have to
09:40 < grawity> I mean, instead of opening a browser, print "Please open <url> to get the token"
09:41 < House> internet drafts come before RFCs, but i've only ever seen humorous RFCs
09:41 < Woodpecker> grawity: it needs to be automated. I have to do tooons of uploads.
09:41 < Atro> Woodpecker: use the APi https://developers.google.com/youtube/
09:41 < grawity> aaa_: https://www.google.com/search?q=https://tools.ietf.org/html/draft-omar-
09:41 < grawity> Woodpecker: do you also have tooons of youtube accounts?
09:41 < Woodpecker> grawity: yes.
09:42 < Atro> Woodpecker: minimum you'll need API keys off the tons of accounts :)
09:42 < Woodpecker> lets see... I will probably have about 50 by the time is done. They are brand accounts.
09:43 < grawity> doesn't youtube let you have 50 brand channels on a single account
09:43 < Woodpecker> grawity: yep, thats what I am working with.
09:43 < grawity> so you're only using a single account, then
09:43 < grawity> I'm fairly sure oauth tokens are per-account and not per-channel
09:44 < Woodpecker> grawity: yes, but it prohps you to choose  the brand account after login,
09:44 < Woodpecker> prompts
09:46 < House> is anyone familiar with aruba L3 switch product line?
09:46 < Woodpecker> anyway, is it just a matter of creating some headers to go with the get request that will give me the right channel to start uploading to?
09:49 < Woodpecker> I have very good scraping capabilities, I just need to know what I should focus on building with that information. http is not something I am expert with,
09:51 < Atro> Woodpecker: jesus, use the API
09:51 < Woodpecker> Atro: I am using the api.
09:51 < Atro> so get the tokens
09:51 < Atro> then it's ez
09:51 < Woodpecker> Atro: thats my question. How to get the tokens, without having to open a browser.
09:52 < Atro> Woodpecker: well you only have to get the token once (i doubt they expire)
09:52 < Woodpecker> right now, I can upload 100 videos, but every time, i have to open a browser and manually choose a brand account. I want to automate that.
09:53 < Atro> Woodpecker: get the tokens via browser, as you only gotta do it once, then API the rest
09:53 < Woodpecker> Atro: they need to be refreshed, and I dont want to rely on me, who makes mistakes, to choose the wrong channel to upload to.
09:53 < Atro> https://developers.google.com/youtube/v3/guides/uploading_a_video
09:53 < grawity> refresh them on every startup, what's the problem
09:53 < Atro> he doesn't trust himself
09:54 < Woodpecker> Atro: thats just asking for mistakes. If I have to choose, there is no guarantee i will choose the ridht one every time, unlike if I did it programatically.
09:54 < Atro> Woodpecker: trust the code?
09:54 < Atro> Now you're counter-productive
09:54 < Woodpecker> yes. It only does exactly what I tell it to do.
09:54 < Atro> use aliases in code for tokens, idk
09:55 < Atro> and confirmations
09:55 < Atro> human mistake can be prevented
09:55 < Atro> But alas, the code cant prevent you if you confirmed 99 times for a video and you still did it by mistake
09:55 < Woodpecker> Atro: its like asking you to spell check a document. You can probably do it yourself fairly reliably, but better reliability is doing it with a computer.
09:56 < grawity> if you want "do what I mean, not what I say" technology, you probably want HAL 9000
09:56 < Atro> lol
09:56 < Woodpecker> open the pod bay doors grawity
09:59 < Woodpecker> Anyway, I want the process completely automated as a daemon so I can put it on a remote server, and can have it run itself every time a file is placed into a folder. It reads the metadata, decides which brand channel it goes to, and uploads.
10:13 < Atro> yeah right, like you wouldnt mess that up as well
10:16 < Woodpecker> Atro: so is it just a matter of constructing a few headers then?
10:18 < Atro> lol
10:20 < Woodpecker> Atro: I guess you dont know ;/
10:20 < Atro> sorry, i can't find a solution for your personal insecurity
10:22 < Woodpecker> Go back to reddit Atro.
10:22 < Atro> no u
10:22 < Woodpecker> They have soylent waiting for you there.
10:22 < Woodpecker> mmmm tasty soylent, eh?
10:26 < system16> hi i my routers internet and wifi leds flash like crazy when i connect my phone to the router this normally happens when i download some heavy files but now it flashes like crazy even when my phone is idle
10:26 < aaa_> gdfded
10:27 < system16> and as soon as i disconnect my phone it stops flashing
10:28 < Dragon22> Reset and Reconfigure the Router after confirming the Phone is not updating something in BG.
10:29 < system16> Dragon22, im afraid that some app is trying to send multimedia without me noticing
10:30 < Atro> its the fbi snooping ur traffic
10:30 < Dragon22> Install No Root Firewall. Block Unwanted APPs
10:30 < Dragon22> if rooted then AF+
10:30 < system16> how can i know that which apps are using my internet in android
10:30 < system16> ?
10:31 < Dragon22> Install "No Root Filewall". It will show a popup.
10:31 < system16> btw i dont live in the u.s
10:31 < Dragon22> where do you live?
10:32 < system16> ME
11:00 < aaa_> mexico?
11:01 < system16> Middle East
11:03 < Apachez> did you meet ashmed?
11:03 < system16> ?
11:03 < system16> who is ashmed ?
11:05 < wadadli> that feeling when you lock yourself out of a remote router.
11:05 < Dragon22> 0)
11:06 < Dragon22> How good is Comodo Dome compared to Sophos?
11:09 < Apachez> system16: the dead terrorist
11:09 < Apachez> I have been told he is from that area
11:09 < system16> no
11:09 < system16> in which country
11:11 < system16> well if he is dead then there is nothing to worry about
11:15 < Apachez> then you havent seen him in action
11:15 < system16> no
11:15 < Apachez> https://www.youtube.com/results?search_query=ashmed+dead+terrorist
11:16 < Dragon22> https://www.ipfire.org, how can IP be on FIRE?
11:17 < system16> Apachez, i live in iran
11:17 < system16> i think he is in afghanistan or iraq.
11:17 < lupine> kamehameha!
11:18 < Dragon22> I have the Powerrr"
11:18 < system16> wait a sec
11:18 < system16> its a film
11:19 < system16> "story character"
11:20 < system16> this guy right ? https://goo.gl/images/2QNTk5
11:20 < MikeSeth> i shot the sheriff
11:21 < pulsar12> the other day we had a RAID-5 (1 disk failure tolerance) that had one disk that failed, so i got the task to replace it. It happens that I swapped the wrong disk causing the server to halt immediatly. Luckily i was able to put back the disk and force it acceptance on the raid controller, and server was able to startup again.
11:22 < lupine> not esx then
11:23 < bezaban> $oldjob managed to swap the wrong raid1 drive
11:23 < pulsar12> esx ?
11:24 < MikeSeth> > machine learning in javascript
11:24 < MikeSeth> ffffuuuuuuuuuuuuuuuu
11:25 < system16> am i the only person in here that knows little about servers ?
11:26 < pulsar12> MikeSeth, as part-time im currently self-studying data science, ML, python topics
11:27 < hey2> pulsar12: you think that's a bad day
11:28 < MikeSeth> pulsar12: every decent disk backplane would have identity leds
11:28 < hey2> Imagine having a entry level tech be assigned the task to replace a drive in a production server
11:28 < MikeSeth> speaking of which I still want to stab the bastard who messed up the backplane config on the last box i had to deal with
11:28 < hey2> he has the SN
11:28 < MikeSeth> hey2: oh no
11:28 < MikeSeth> oh no no no no no
11:28 < hey2> he goes and pulls all the drives out, one at a time
11:28 < hey2> lmao
11:29 < MikeSeth> oh
11:29 < MikeSeth> lupine
11:29 < MikeSeth> mein neger
11:29 < hey2> (this actually happened, by the way… it was a wall of storage servers, and just went down the line looking at the S/Ns)
11:30 < pulsar12> it was a lab production server in my case. I see the indicator leds, but for some reasons I misjudge led to be belonging to the neighbor disk lol
11:30 < MikeSeth> well, yet another proof of there being no god
11:30 < pulsar12> i was so ashamed of myself aha.
11:30 < hey2> MikeSeth: the proof of there being no god is that I am red/green colorblind
11:30 < hey2> and for whatever reason, those are opposite colors used for LEDs lol
11:31 < freakynl> hey2: well, if you don't give him access to the disk management software, where he could actually find the drive bay without needing to pull them, he might have acted differently :P
11:31 < MikeSeth> I bet it's karmic, you must have been a communist in previous life
11:31 < pulsar12> but to my surprise i was able to recover it.
11:31 < hey2> freakynl: well, it says the server number
11:31 < hey2> and the drive number on the server
11:31 < hey2> both labeled on the front
11:32 < freakynl> haha ok fire him
11:32 < MikeSeth> from a cannon
11:32 < MikeSeth> into the sun
11:32 < hey2> this kind of thing is actually not altogether too uncommon
11:32 < Yotson> Why? The company invested a bunch of money into his education.
11:32 < hey2> "If I can unlatch it and remove the drive without opening it up, that means it is hot swappable and I can just pull them out, right?"
11:33 < lupine> ITYM exploitation
11:33 < MikeSeth> Yotson: and now it has to forgo the investment, in the name of natural selection and the purity of the gene pool
11:33 < freakynl> Getting education and being able to actually comprehend and use your education are 2 different things
11:34 < pulsar12> https://www.google.pt/search?dcr=0&biw=1450&bih=795&tbm=isch&sa=1&ei=ZUrDWqbrNdCTsAf_7r3ICA&q=ucs+server+disk+led&oq=ucs+server+disk+led&gs_l=psy-ab.3...9638.10317.0.10429.8.6.0.2.2.0.128.325.1j2.3.0....0...1c.1.64.psy-ab..3.3.214...0i24k1.0.AJfFstYQLg0#imgrc=KOfomoj8afEgcM:&spf=1522748017350
11:34 < hey2> yeah, that needs an arrow or something
11:34 < Yotson> freakynl. He did it again?
11:35 < pulsar12> this is the server, as you see the disk leds are on the edge, so i misjudge the led to belong to the neigbhor disk
11:35 < Yotson> MikeSeth. Only to have to do the investment again, with another entry level which quite possibly would do the same.
11:36 < hey2> Yeah but
11:36 < hey2> It is pretty heavily stressed, we don't care about CPU, RAM, motherboards, whatever
11:36 < hey2> but the HDD? Those are sacred
11:37 < hey2> and these were big 4U supermicro storage chassis where they are just numbered in rows
11:37 < hey2> don't think there was really an excuse
11:37 < TandyUK> hey2: just because the *chassis* has hotswappable disks, does NOT mean they are connected to a hotswap enabled/aware controller
11:38 < TandyUK> youd certainly hope they are, but no guarantees
11:38 < Yotson> Oh definitely. It's a fuckup, shouldn't happen, no excuse will help. But shit does happen. That tech won't be making that mistake again, but at another company. lol
11:39 < TandyUK> personally id login to the server/controller and remove the failed disk from the array before removing it physically
11:39 < pulsar12> TandyUK, that still dont prevent you from removing the wrong disk physically
11:39 < TandyUK> no, but this is good advert why you DONT use 'smart hands' lol
11:40 < hey2> lol
11:40 < TandyUK> i had one once power donwn the wrong half of an exsi cluster (while the half he should have powered down was in maintenance mode)
11:40 < hey2> it makes sense if the hands are smart
11:40 < TandyUK> yeah problem is they never are lol
11:41 < TandyUK> or if they are, they dont tend be bein that role for very long before moving or getting a promotion
11:41 < pulsar12> these are human mistakes that even happen on flight disasters. There was one real case where a plane had on engine on fire, and the pilot managed to shutdown the 'good' engine
11:42 < hey2> reminds me of the floating point error w/ the patriot missile defense system
11:42 < hey2> everyone was just ignoring the rounding w. the mantessa
11:42 < hey2> but one guy took it upon himself to fix it
11:42 < hey2> and then when they actually needed to defend against a missile, it was off by the rounding error
11:43 < hey2> http://www-users.math.umn.edu/~arnold/disasters/patriot.html
11:58 < pulsar12> thanks hey2, good read
12:01 < hey2> it is one of those things that makes you want to double check your work
12:14 < disposable2> do baremetal switches have a way to create a cluster like juniper VC or cisco stackwise?
12:14 < Glomp> im getting occasional lag spikes to the wifi router outside of my room, the only obstruction between the wifi adapter and the router is the wall/door. Is there any reason why it would be doing this? The distance is very short and the RSSI averages 45.
12:15 < Glomp> it spikes to about 80 ms to the router
12:31 < Gollee> Glomp: 2.4 or 5 ghz?
12:35 < lpapp> cgm9: hi again, I got a message from the sysadmins that they think the problem is solved, but it does not seem to.
12:36 < lpapp> ping still takes again on the first few runs, and then it is ok... but browser still takes ages to load even google.com
12:36 < lpapp> does ping do something different to browsers why the browser remains slow?
12:37 < Gollee> haha yes
12:37 < Gollee> browsers to HTTP, ping does ICMP
12:37 < Gollee> different protocols
12:38 < cgm9> lpapp: with the resolv.conf option enabled?
12:38 < cgm9> maybe the browser also verifies if site is on the "bad list"
12:39 < grawity> usually only for sites which hit the local bloom filter
12:39 < grawity> if it's Firefox, it *might* be checking in with the OCSP server(s)
12:39 < cgm9> anyway , capture a new pcap
12:40 < grawity> but in general, visiting a website does involve a ton of regular ordinary DNS and HTTP(S) requests
12:40 < lpapp> cgm9: also, I have now only two nameservers in resolv.conf one broken
12:41 < lpapp> anyway, how is it possible that ping starts working from about the third time, really?
12:41 < lpapp> given that my setup has not changed.
12:41 < grawity> the OS picks a different nameserver randomly
12:41 < cgm9> it should not pick it random..
12:41 < lpapp> if there is some caching introduced on the server side, how is it possible that the browser does not benefit from it, only the command line?
12:41 < cgm9> they should be tried in roder
12:41 < lpapp> indeed
12:41 < grawity> depends on what options resolv.conf has
12:42 < grawity> assuming, in fact, that the standard glibc resolver is even being used
12:42 < lpapp> I had to restart firefox to become faster
12:42 < lpapp> after commenting out the nameserver, odd.
12:42 < grawity> (and not e.g. dnsmasq or systemd-resolved, which have a different algorithm for selecting nameservers)
12:42 < grawity> and the browser makes *quite a few more* DNS requests than ping
12:42 < lpapp> without commenting, it never speeds up like ping.
12:42 < lpapp> it is so damn annoying, so "random" behavior.
12:43 < lpapp> is it really this difficult to get a proxy right?
12:43 < lpapp> or are they noobs?
12:43 < lpapp> sorry, nameservers
12:43 < grawity> idk I'd have said it's not difficult to investigate DNS issues unless you're a noob
12:44 < Glomp> Gollee : 5 ghz
12:44 < Glomp> there are two other networks sharing the same channel
12:44 < Glomp> unfortunately all the available channels have 1-2 other networks
12:45 < cgm9> lpapp: .. all I can say, if you want to figure this out.. capture pcap
12:45 < cgm9> and then we can look inside
12:50 < cgm9> grawity: yea, I had glibc in mind with "default" opts.. which is what lpapp IIRC from last time
12:50 < Glomp> also is anyone here familiar with powerline adapters for wifi networks?
12:50 < grawity> from last time IIRC lpapp also ran Arch which may or may not have systemd-resolved active by default
12:50 < grawity> I've used powerline, but I don't quite get "powerline for wifi"
12:51 < lpapp> cgm9: I will try to do that. I have just verified ping google.com on another machine, and it seems it only speeds up for the 4-5th try on that as well.
12:51 < lpapp> so at least I know it is not just an issue with my arch setup
12:51 < grawity> if you yourself admit that your 2nd nameserver is broken, it's an issue with your 2nd nameserver
12:51 < lpapp> also, their fix looks scary... /etc/resolv.conf gets populated with only two nameservers now rather than three, and one is broken, so if the other one also gets broken, all bets are off.
12:51 < grawity> if you want to make things faster – in general – look into a local cache, e.g. nscd or resolved or unbound
12:52 < cgm9> so resolvd from systemd does random pickup by default?
12:54 < lpapp> I want them to fix the thing rather than non-tech-savy Linux engineers having to work this around by running and maintaining local caches.
12:54 < grawity> "non-tech-savvy engineers"
12:54 < lpapp> cgm9: I do not think so, because then it would randomly break rather than working persistently from attempt X.
12:55 < lpapp> the resolv.conf only contains a search line and two nameservers.
12:55 < lpapp> no options, etc.
12:56 < Glomp> does anyone know why i keep getting 80 ms spikes to my router outside my room? the only obstruction is the wall/door and its a short distance away. Its on a 5 ghz channel with two other networks at the moment.
12:57 < mAniAk-_-> maybe those two other networks
12:57 < mAniAk-_-> maybe another client in your network
12:57 < mAniAk-_-> maybe a shitty driver
12:57 < mAniAk-_-> maybe shitty settings
12:57 < grawity> cgm9: it primarily chooses nameservers in order, but also tracks which interface they belong to (e.g. openvpn can add VPN-specific nameservers), and which "features" they offer (such as EDNS0)
12:57 < lpapp> cgm9: so shall I capture only on a specific dns port?
12:58 < grawity> cgm9: but since it's a daemon which knows how to syslog, I think it could literally tell you what server it's trying right now
12:59 < cgm9> ok 10x for the info
12:59 < cgm9> lpapp: capture just port 53
12:59 < lpapp> tcpdump -i eth0 -w outputfile.pcap 'port 53'?
12:59 < lpapp> s/eth0/whatever/
12:59 < cgm9> yep
13:01 < Glomp> so just one or two other networks in the same channel can cause ping times to your router to spike?
13:02 < grawity> possibly
13:02 < grawity> how many networks are around, though
13:02 < Glomp> just 5 ghz ones? or do you mean the ones sharing the same channel?
13:03 < Dragon22> If have to assign IP address from a Single subnet 1.1.1.0/24 to PCs on two Different VLANs - 20 and 30, how can you make them communicate with each other?
13:04 < grawity> Dragon22: why do you have to do that
13:04 < Dragon22> grawity: One of my friend asked me this.
13:04 < grawity> riiiiight.
13:05 < Dragon22> Without breaking the SUBNET how?
13:05 < Glomp> huh thats weird, running acrylic wifi caused my wifi to disconnect
13:05 < grawity> what's the reason for not breaking the subnet?
13:05 < grawity> the ability to use broadcast/multicast?
13:05 < grawity> because you're not gonna get that between VLANs anyway
13:05 < grawity> hence the question, "why do you need to do that"
13:07 < Dragon22> I thought so, but its a valid question. I also said so. By breaking the subnet into two, using a router I can make the PCs talk to each other.
13:07 < Dragon22> But is there a alternate way?
13:07 < grawity> it's a valid question that will give useless answers
13:07 < grawity> there are alternate ways, such as Proxy ARP
13:07 < grawity> but that *still* involves putting a router in between
13:08 < grawity> even though all hosts think it's a single big /24
13:08 < Dragon22> Okay. Thats interesting.
13:08 < grawity> I suppose you can configure the router to also pass through broadcasts, yes
13:08 < grawity> fun fact: proxy ARP existed before they invented subnets
13:09 < Dragon22> But unless the router has two interfaces in each VLAN, can it talk using Proxy ARP?
13:09 < grawity> the router needs an interface in each VLAN
13:09 < grawity> it could be connected to a single trunk port, and perform VLAN tagging/untagging itself
13:09 < grawity> doesn't matter if the VLAN interfaces are physical or virtual
13:12 < Dragon22> The switch is supposed to connect to the router via a TRUNK port, which will allow passing vlan 20 and 30. How to do the tagging and untagging without the Router Virtual Interfaces?
13:12 < mAniAk-_-> Glomp: well yes, wifi is shared
13:16 < Glomp> OK, well i was thinking of bypassing the wifi problem with a powerline adapter but the problem is that theres only one power socket near the router and thats being used by a power board. will powerline adapters work with power boards?
13:17 < Emperorpenguin> Yes
13:19 < Captain_Haddock> Hello
13:20 < Emperorpenguin> Aye Captain_Haddock
13:20 < Captain_Haddock> :)
13:26 < Glomp> penguin : was that meant for me?
13:26 < lpapp> cgm9: so I have three pcaps for you
13:26 < lpapp> I did dig @10.104.66.32 google.com three times where 10.104.66.32 is the offending nameserver
13:26 < lpapp> is that sufficient?
13:26 < lpapp> the first two runs were slow, the third was fast.
13:27 < tpanarch1st> hello, Proxmox channel is exceptionally quiet i'm trying to follow these instructions: https://pve.proxmox.com/wiki/Renaming_a_PVE_node - my current hosts file is: https://pastebin.com/nS4P8CkQ - would I be right in renaming this file on the line 192.168.1.104 pve.lan pve pvelocalhost to 192.168.1.104 newname.lan newname pvelocalhost please? Thanks
13:27 < tpanarch1st> essentially, the node name is derived from the hosts file
13:27 < Gollee> test it and see what happens
13:27 < tpanarch1st> Gollee: bit scared to do that in case there are any unforseen consequences in getting it wrong
13:28 < FlatulentOne> https://imgur.com/bD38OqD
13:28 < Gollee> wtf
13:28 < Gollee> NSFW that shit FlatulentOne
13:28 < FlatulentOne> Gollee: No that is a spoiler
13:28 < Gollee> ............
13:28 < Gollee> fucking asshole
13:28 < FlatulentOne> ruins the joke
13:28 < aaa_> thank man
13:29 < Gollee> it's not a joke
13:29 < FlatulentOne> i waa going to say it was a screenshot of an error message
13:29 < aaa_> its a joke
13:29 < Gollee> fucking ignored
13:29 < lpapp> cgm9: grawity first slow: https://www.dropbox.com/s/fkeqioo4tx7mx0i/dns-dig.pcap?dl=0
13:29 < FlatulentOne> on a router or something
13:29 < FlatulentOne> and ask for help
13:29 < grawity> lpapp: hold on for a moment
13:29 < lpapp> second slow: https://www.dropbox.com/s/ki9mbpf4u1lbzjr/dns-dig-2.pcap?dl=0
13:29 < grawity> I thought you were investigating ping and firefox
13:29 < lpapp> third fast: https://www.dropbox.com/s/hp86fq43qjgtmse/dns-dig-3.pcap?dl=0
13:30 < FlatulentOne> then you think you are opening a screenshot of an error message and then surprise! its jennifer lawrence's nude pussy
13:30 < lpapp> firefox remains hell slow until the nameserver is commented in /etc/resolv.conf
13:30 < lpapp> and restarted
13:30 < grawity> well duh, if the nameserver is slow
13:30 < lpapp> chromium seems to be bleeding fast
13:30 < lpapp> however, it is still odd that dig itself speeds up from the third
13:30 < lpapp> so does ping
13:30 < lpapp> not sure what is going on really
13:30 < lpapp> anyway, I pcapped dig, let me know if you want to pcap something else
13:31 < grawity> I'd say dig doesn't speed up – the server itself speeds up, because it *finally* receives an answer from upstream and stores it in cache
13:31 < lpapp> possible, pcap should confirm that?
13:31 < grawity> let's check
13:32 < grawity> yes
13:32 < grawity> the 1st one is SERVFAIL, the server saying: "I give up, I didn't get any reply from my upstreams"
13:32 < FlatulentOne> you suck dicks grawity?
13:32 < grawity> the 2nd one has a TTL of 292 seconds
13:32 < FlatulentOne> you faggit
13:33 < grawity> the 3rd one has a TTL of 284 seconds, most likely served from the local cache
13:33 < FlatulentOne> grawity: eat cocks
13:34 < lpapp> grawity: pardon my ignorance, but what does this upstream reference mean?
13:35 < grawity> the server where 10.104.66.32 is getting its data from
13:36 < lpapp> so how is this different from last time then?
13:36 < lpapp> what may they have changed
13:37 < lpapp> anyway, I can possibly live with this.
13:37 < lpapp> Not sure why Firefox sucketh while Chrome is ok.
13:37 < lpapp> should I capture the dns port when trying to load google.com in Firefox or do you have any better ideas?
13:38 < lpapp> the sysadmins blocked Chrome for webmail access :)
13:38 < lpapp> fantastic guys, I must confess.
13:38 < lpapp> (Chrome on Linux, works ok on Windows)
13:38 < lpapp> I suppose if I could potentially lie to the webmail server about my identity in Chrome on Linux, that could also work.
13:39 < tpanarch1st> anybody?
13:39 < grawity> are those your LAN's DNS servers?
13:40 < tpanarch1st> the reason i need to get it right is because of the old settings (unfortunately they are in an unplugged hard drive!)
13:40 < lpapp> grawity: as far as I am aware they are in our office in the UK, but managed in Switzerland
13:40 < lpapp> not sure I can tell you more and/or whether that is what you were looking for.
13:40 < lpapp> my ip is 10.104.68.90
13:41 < lpapp> nameserver's is 10.104.66.32
13:41 < lpapp> if that helps
13:42 < tpanarch1st> ahhh, i'll swap over the hard drives :-p it'll be quicker :)
13:45 < Miguel2013> hey I found a bug in ping
13:45 < Miguel2013> https://imgur.com/bocmEoC
13:45 < Miguel2013> destination host unreached yet it says 4 packets were received by plan ping on windows
13:46 < Captain_Haddock> You found this bug on May 9, 2016? :|
13:46 < Miguel2013> yes sir! :D
13:46 < djph_> a bug in windows, who'd have ever guessed?
13:46 < Miguel2013> I had it on windows 7
13:46 < Miguel2013> I still have it but don't use it. so is it a bug
13:46  * djph_ bangs surprise-o-meter on the table
13:47 < djph_> ... hmm ... must be broken
13:47 < grawity> it says "Reply from: " 4 times
13:47 < grawity> that's 4 packets
13:47 < grawity> how is that a bug
13:47 < Miguel2013> replied from my own host
13:48 < Miguel2013> the pc sending the packets responded it self saying itcan't reach the other host
13:48 < grawity> what is your IP address as shown in 'ipconfig'
13:48 < Miguel2013> that ip 192.168.1.6
13:48 < grawity> but whether it's your own host or not, it did get a reply
13:48 < djph> that's YOUR host telling you, the meatsack acting as the chair -> keyboard interface, that it cannot reach the intended target.
13:49 < grawity> I'm not entirely sure in which situations it'll do that
13:49 < grawity> maybe when the route is there but it cannot get an ARP reply
13:50 < Captain_Haddock> I'm unable to access certain sites from my computer. The traceroute for these sites always end up hitting IPs like 100.66.0.5 and 100.66.0.9, which are apparently " used as Shared Address Space. Traffic from these addresses does not come from IANA. IANA has simply reserved these numbers in its database and does not use or operate them. We are not the source of activity you may see on logs or in e-mail records. Please
13:50 < Captain_Haddock> refer to http://www.iana.org/abuse/"
13:50 < Miguel2013> probably was nmap making the other host hate my host
13:50 < Captain_Haddock> Is this some routing misconfiguration?
13:50 < djph> Captain_Haddock: sounds like your ISP is using CGNAT.  Complain to them that the gateway(s) in question are fubar.
13:50 < Captain_Haddock> The sites (nytimes.com, vimeo.com ...) are accessible from my webserver.
13:51 < Captain_Haddock> djph: OK, thanks!
13:51 < grawity> "shared address space" in other words means that your entire home is behind the ISP's carrier-grade NAT
13:51 < Miguel2013> I gotta go shave
13:52 < Captain_Haddock> It seems to be happening upstream within a different ISP's network.
13:52 < grawity> how do you know it's a different ISP
13:54 < mAniAk-_-> Captain_Haddock: traceroute not going all the way to some "webpage" has nothing to do with actually being able to reach that webpage
13:55 < Miguel2013> done
13:55 < grawity> Captain_Haddock: can you pastebin traceroutes of broken site *and* a working site for comparison
13:55 < grawity> not that we're able to do anything with that anyway
13:56 < Miguel2013> I'll try
13:57 < Captain_Haddock> Actually, the problem appears to be at NIXI (National Internet Exchange of India) which facilitates peering between Indian ISPs as it's the last hop before I start seeings these 100.66.0.0 IPs. Lemme paste the traceroute.
13:57 < grawity> hmm that's an odd choice of network for an IXP
13:58 < mAniAk-_-> eh, it looks bad but works fine
14:01 < Captain_Haddock> grawity: mAniAk-_-: http://paste.debian.net/1018292/
14:01 < grawity> great, a routing loop
14:02 <+xand> nice
14:04 < TandyUK> high quality indian internets right there lol
14:04 < Miguel2013> I have no experience with that other than the packet is being rerouted cause of the header type
14:06 < Captain_Haddock> nytimes.com routes properly now, but still can't load the site.
14:06 < djph> TandyUK: at least they're using proper RFC6598 addresses
14:06 < Gollee> how do you know it routes properl
14:06 < Miguel2013> Captain_Haddock, are u from india
14:07 < djph> Miguel2013: or at least there for some reason or other -- airtelbroadband.*in*
14:08 < Captain_Haddock> Gollee: It reaches the nytimes.com IP in 6 hops? It was looping like crazy earlier.
14:08 < Captain_Haddock> Miguel2013: Yes.
14:09 < Miguel2013> Captain_Haddock, they're in the middle of a migratiojn
14:09 < Captain_Haddock> Miguel2013: Who are?
14:09 < Miguel2013> .in telecon
14:10 < djph> the entire TLD is in migration ... ?
14:10 < Miguel2013> djph, is probably a small one
14:12 < djph> Miguel2013: do you have proof of this statement?
14:14 < ZexaronS> Hey
14:14 < ZexaronS> You networking people excited for 5G much ?
14:14 < djph> meh
14:15 < djph> don't do much in the mobile industry.
14:15 < ZexaronS> Yeah, do we really need 4K Movies on the phones in every corner ...
14:15 < Gollee> yes
14:16 < ZexaronS> Oh please :p
14:16 < Gollee> technology should always move forward
14:16 < Gollee> who knows what new things are discovered and improved along the way
14:16 < Gollee> also, 5G is much more than getting 4K movies to your phone
14:17 < djph> better / more connected society is probably a good thing, but I think we're soon coming to a point where data (for "consumers") is quite fast enough
14:17 < ZexaronS> The problem is, there's a cost to it, in case of wireless, the cost is your's any everyone's health
14:18 < Gollee> do you have any proof for that statement?
14:18 < ZexaronS> maybe this for starters https://patents.google.com/patent/US6506148B2/en
14:18 < djph> approximately 150-200 years of history with non-ionizing radio frequencies tends to disagree with that statement.
14:18 < Gollee> patent != actual medical study
14:18 < Gollee> get some real proof
14:19 < lupine> technology doesn't actually always move forward
14:19 < dogbert_2> m000000000000000000000
14:20 < djph> lupine: yeah, it usually moves to the right, and down.
14:20 < Captain_Haddock> So routing to nytimes.com's IP is fine. But it redirects requests to a different IP:443 which is looping.
14:20 < freakynl> any ideas on what I should make of this?
14:20 < freakynl> $ ping -s 1500 10.0.10.6
14:20 < freakynl> PING 10.0.10.6 (10.0.10.6) 1500(1528) bytes of data.
14:20 < freakynl> 1508 bytes from 10.0.10.6: icmp_seq=1 ttl=64 time=12.5 ms
14:20  * lupine applies an affine transform
14:20 < Captain_Haddock> FML.
14:20 < lupine> it moves where I want it to!
14:20 < ZexaronS> there is, but it takes effort to go through, also there's just some people who wouldn't take any precaution, they'll keep waiting for more studies, but they do come out every now and then and it's usually "not conclusive enough" for anyone's mind to change
14:20 < freakynl> So I send 1500 bytes of data (1528 including headers) and I get 1508 back? That isn't supposed to happen is it?
14:20 < djph> lupine: you have an interesting take on tech trees :)
14:21 < djph> freakynl: what about it?
14:21 < lupine> ZexaronS: consider the various long-term longitudinal studies on the matter
14:21 < freakynl> djph: where did my 20 bytes go? :)
14:21 < lupine> each one comes back and says "we're ok for this time frame, but we haven't yet ruled out this longer time frame"
14:21 < lupine> so another is commissioned (the latest, for mobile phones, being COSMOS)
14:21 < djph> freakynl: what 20 bytes? you sent 1500, got 1508 in response
14:21 < lupine> precautionary principle only takes us so far without indicators of harm
14:22 < djph> oh, right ... I see it now.  the 1528 in parenthesis...
14:22 < freakynl> I send 1500 data bytes (1528 including IP and ICMP headers). Why do I get 1508 back and not 1500 or 1528 (if counting headers)?
14:22 < djph> it didn't "go" anywhere - 1508 + 20 more header bytes.
14:22 < ZexaronS> Gollee: One interesting thing to think about is that, would the multi billion telecom industry easily allow studies to be done that would destroy the whole industry overnight ?
14:22 < lupine> yay, conspiracy
14:22 < lupine> the answer is yes
14:23 < lupine> consider all the other harmful practices that have been discovered and outlawed over time
14:23 < Miguel2013> djph, I don't have proof
14:23 < freakynl> Hmm so it does count the ICMP headers on the response?
14:23 < djph> 1508 is MTU  when dealing with 802.1q tagging ... and ... oh hell, it's too early to try and remember all the conditionals to 1508 + headers and whatnot.  You're fine :P
14:24 < endre> 1508 is for dealing with pppoe
14:24 < Miguel2013> ZexaronS, I think I was attacked from the goverment with electromagnetic frequencies I was getting headaches
14:24 < ZexaronS> Every now and then, some do come out thankfully http://pittsburgh.cbslocal.com/2018/03/29/can-cellphones-cause-cancer/
14:24 < djph> endre: thought it was 1492 for pppoe?
14:24 < Gollee> freakynl: it does look weird indeeed. Can you see how much the 10.0.10.6 is actually sending? If it does indeed only send 1508 back, you should look at its ICMP implementation for the answer to why that happens
14:24 < Gollee> freakynl: there's no easy answer to your quesiton
14:24 < Miguel2013> ZexaronS, and hear a sound like magnetic fields. could it been them? I was getting into political activism
14:25 < TandyUK> [13:14] <ZexaronS> You networking people excited for 5G much ?   << not really, give me an actual cable over any sort of wireless signal any day
14:25 < endre> djph: not in the case of rfc4638
14:25 < freakynl> djph: Well, actually we're not fine, but see this on other networks as well. ISP is having MTU and fragmentation issues. Doesn't hamper most of the VPN traffic, but large print jobs die rather quickly as they heavily depend on the MTU *and* fragmented packets and they're screwing up fragmentation royaly
14:25 < lupine> > no links to anything
14:26 < djph> why in the name of cthulhu are you printing across the internet?
14:26 < TandyUK> freakynl: you could lower your MTU drastically to try and evade the issue
14:26 < TandyUK> but ^^^
14:27 < TandyUK> and fwiw, i meant lower the MTU in use on your VPN which your printing data should be going over
14:27 < TandyUK> if its going over public internet, kill yourself now
14:27 < djph> ... VPN printing, eh?
14:27 < TandyUK> well the fact it has to leave the building tells me the printer isnt in it
14:27 < TandyUK> or somethign is royally fucked up
14:28 < lupine> the study: https://www.niehs.nih.gov/news/newsroom/releases/2018/february2/index.cfm
14:30  * xand stabs gitlab
14:30 < TandyUK> cell phones cause cancer? well id never have guessed puttign a high power transmitter next to your head would be in any way bad..... lmao
14:30 < TandyUK> in other news, the sun is hot
14:31 < lupine> (they don't cause cancer)
14:31 < qman__> RF exposure well above the legal limit causes cancer
14:31 < djph> TandyUK: hmm, the equivalent of 70 years of exposure over two years ...
14:31 < qman__> Not cell phones
14:31 < lupine> totally can
14:31 < djph> RF exposure over the legal limit causes you to cook ...
14:32 < TandyUK> to me cancer == any tumor, whether thats malignant or not
14:32 < djph> ... mmmm cooked meatsacks...
14:32 < lupine> the biological basis for that is simple enough - being cooked causes cell damage which must be repaired, which can go wrong, which leads to cancer
14:32 < TandyUK> it might not be nasty, but its still a tunor
14:32 < djph> but you get more funding if you call it cancer!
14:32 < lupine> but it doesn't happen at high legal RF outputs
14:32 < lupine> this is also how the aspartame nuts justify themselves, incidentally
14:33 < qman__> Cell phones do not produce anywhere near the exposures they tested
14:33 < TandyUK> the doc you just linked suggests otherwise lol
14:33 < lupine> "look if you apply it at really high concentrations to rats it gives them cancers"
14:33 < djph> lupine: the whatnow?
14:33 < lupine> plenty of people believe artificial sweeteners cause cancer
14:33 < djph> ah
14:33 < lupine> they might contribute to obesity (although less than sugar does), but definitely not cancer
14:33 < qman__> Some do
14:33 < lupine> sorry, no
14:34 < djph> there was a study as to why artificial sweeteners are bad for kids -- IIRC, something with the extra chlorine ions or some such, and breaking them off funny like is bad.
14:34 < TandyUK> i wouldnt go so far as to say aspartame and the like cause cancer directly, however they do break down to formaldehyde in your gut, which isnt good for you
14:34 < lupine> sigh
14:34 < TandyUK> give me stuff with actual sugar in thanks
14:34 < lupine> ok, let me rephrase
14:34 < lupine> it's not as cancerous as bacon
14:34 < djph> in adults - meh you may get dementia.  in kids - meh, you get sterile (although, having seen many kids ... that might not be a bad thing)
14:35 < TandyUK> give nthe conspiracy theories (and blatantly stated facts) that the 'powers that be' want 95% population reduction, I can quite believe the 'makig kids sterile' bit is known, and the point
14:35 < djph> ... or maybe I have that backwards.  either way, it's about as bad as letting them eat lead paint.
14:36 < TandyUK> by the time we catch on in masses to these facts, its already too late to do anything abut it
14:36 < lupine> it's honestly not
14:36 < djph> hmm
14:36 < lupine> it's quite a bit less bad than letting them eat bacon
14:37 < djph> bacon had nothing to do with what I was talking about.
14:37 < TandyUK> well thats your belief, youre welcome to it, I nor any of my kids/family will ever get offered any artifical sweetener (or stuff containing it) by me
14:37 < djph> TandyUK: HFCS count?
14:37 < lupine> it's an indicator of relative risk
14:38 < lupine> it is irrational to eat bacon, but refuse to imbibe artificial sweeteners
14:38 < TandyUK> and "Generally recognised as safe" !== "safe"
14:38 < djph> bacon is more deadly what for all the grease.  jesus christ that stuff burns like a motherfucker
14:38 < qman__> There are some pretty nasty effects fromvthe older, more well kniwn artificial sweeteners, the newer ones are supposedly better but itbjust hasn't been that long
14:38 < qman__> the effects of real sugar are well known
14:38 < lupine> the rot runs deep here
14:39 < djph> qman__: it's tasty, and should only be consumed in moderation?
14:39 < dogbert_2> LOLOL...f00d will kill you if you eat enuf of it :)
14:40 < TandyUK> food is deadly in large quantities, i mean a ton of steak could kill you if it landed on you :P
14:41 < TandyUK> quick, ban steak!!!
14:41 < qman__> You have yet to state any reasoning behind your bacon claim
14:41 < lupine> bacon is carcinogenic at a known level
14:41 < TandyUK> tbfh i completely missed the bacon claim
14:41 < dogbert_2> LOL
14:41 < qman__> If youbhurn it, sure, lots of carcinogens
14:41 < lupine> no, if you eat it
14:41 < lupine> it genuinely is
14:41 < Eryn_1983_FL> hey peeps how is it going
14:42 < qman__> Same with anything if you hurn it
14:42 < Eryn_1983_FL> so i am setting up a dns server on my home network..
14:42 < lupine> even gently cooked
14:42 < qman__> Burn
14:42 < lupine> all cured meats are
14:42 < lupine> my contention is that this level of carcinogenity is greater than any demonstrated level of carcinogenity of aspartame or whatever
14:43 < Eryn_1983_FL> is it possible to have dns server on 192.168.1.0 network, and it resolve other network 10.10.1.0 ?
14:43 < lupine> we'll all keep eating bacon anyway. if any of us cut it out, it'll be on vegetarian-moral, rather than health, grounds
14:43 < Kingrat> i mean just about every food that tastes good is bad for you in some way or another, doesnt mean im going to give up and start eating rice cakes and kale
14:43 < Eryn_1983_FL> is works like that even on a large lan with a router/s
14:43 < Eryn_1983_FL> its just going to work at layer 3 and move those packets to the other network to their final destination
14:43 < TandyUK> Eryn_1983_FL: your dns server can listen on and resolve for whatever subnets it likes
14:44 < Eryn_1983_FL> ok
14:44 < TandyUK> how you get the requests to it might involve routing, or making sure it has nics in the relevantlayer2 networks
14:44 < TandyUK> same for the replies
14:44 < Eryn_1983_FL> it has to have anic on both networks
14:44 < TandyUK> not necesarily no, if there is a router between them with routes
14:44 < Eryn_1983_FL> ok,
14:47 < freakynl> TandyUK: Yea I tried that this weekend. Problem is, it was really weird to begin with. Uptil 1380 were no issues, 1380-1400 always returned fragmentation needed (with DF set), 1400-1420 *occasionally* (~5% of the time) returned fragmentation needed - no response ever. 1420+ never fragmentation needed response, packets just vanished.
14:47 < freakynl> Especially the 1400-1420 region has me worried, that's pretty messed up
14:48 < freakynl> They fixed some stuff over the weekend, seemed stable this morning. Screwed up again now :/
14:53 < wr> need to connect a cisco home router to a hitron router, what would be cheap best model to use?
14:54 < djph> I take it the hitron is supposed to just be a modem now?
15:02 < pulsar12> freakynl, who is the source IP who sends you fragmentation needed ?
15:27 < clincks> Hi all, on a laptop I’m running a VMWare with several ubuntu virtual servers. Virtual Machine Network cards are configured has “bridget”. Note: I need that the virtual servers are accessible from the outside world. I jump with my laptop from one DHCP environment to another (typically from one customers to another). How should I configure my Ubuntu servers to be able to intercommunicate between them and being acces
15:27 < clincks> sible from www ? I was thinking about a DynDns solution… but I don’t always have internet connection by the customers… so this won’t always work. Thanks for your help.
15:28 < Gollee> host the servers on a proper server that doesn't move around
15:28 < Gollee> host the VMs*
15:29 < djph> ^
15:31 < Kingrat> i mean yeah, running stuff like that on a laptop and moving from place to place is madness, but you could set up a vpn tunnel to a remote stationary site and port forward through your tunnel
15:32 < Kingrat> even if you use dyndns when you move to another site that doesnt mean their firewall is going to automatically open up and port forward to your laptop for you
15:32 < Kingrat> so you still need something to be sationary/stable
15:36 <+xand> clincks: connect them to a VPN that has such access
15:38 < lpapp> hi, are two nameservers in /etc/resolv.conf scary?
15:39 < Gollee> no
15:39 < system16> dragon22 there is no such a thing called no root filewall in google play
15:39 < djph> lpapp: as opposed to ... three nameservers?
15:39 < TandyUK> or 7?
15:40 < clincks> Most of trafic is local. External usage is only for demo purpose.
15:41 < lpapp> yeah, something more
15:41 < clincks> stationary host is not an option
15:41 < lpapp> two do not seem that high availability, but then I could be wrong.
15:42 < ||cw> clincks: the closest you can get to a reliable option is to use NAT network and configure vmware's port forwarding
15:42 < TandyUK> clincks: just use NAT with the host, this wont care if internet is actually available (the host is your guests router)
15:42 < ||cw> with brigded and depending on random DHCP servers you have zero control
15:42 <+xand> lpapp: two is... normaly
15:42 <+xand> -y
15:43 < psprint> Guys I need a static route on WiFi router, network 192.168.10.* should be routed to 192.168.1.4, web interface doesn't have that option, is there something that can be done?
15:43 <+xand> replace router
15:43 < ||cw> psprint: and it doens't have ssh?  upgrade the router?
15:43 < ||cw> or fix your weird subnetting?
15:44 < psprint> just utilizing an old eth card
15:45 < TandyUK> what has that got to do with anything?
15:45 < clincks> NAT seems I think the best option...
15:45 < psprint> yeah, I thought about NAT, it's the solution actually, not fully functional, but it is
15:45 < TandyUK> psprint: that wasnt aimed at you
15:45 < TandyUK> you just need to fix your subnets, or get a router that actually lets you control routes
15:45 < clincks> But then I need to change the network card in VMWare (not an issue)...
15:46 < psprint> TandyUK: it's just that my old eth card adds to topology, not typical all-under-wifi-router topology then
15:46 < clincks> TandyUK, I connect by customer with my laptop over wifi most of the cases
15:47 < TandyUK> or just bridge the nics
15:47 < TandyUK> so it doesnt matter if you wire/wifi
15:47 < TandyUK> unless youre on winblows
15:47 < TandyUK> ubuntu and the like ship with this config out of the box now i believe
15:48 < psprint> thanks, didn't thought about bridging
15:48 < Apachez> TandyUK: wanna hug?
15:50 < clincks> TandyUK, host of laptop is windows 10
15:51 < clincks> running VMWare ... and several ubuntu on it
16:09 < TandyUK> Apachez: never turn down a free hug :
16:09 < TandyUK> :)
16:12 < ||cw> clincks: doesn't vmware still let you swap a NIC's network on the fly?  you just need to release/renew dhcp in the guest to switch
16:13 < ||cw> psprint: the NAT/bridge comments are not for you, they do not help you.  just cahneg the IP on your eth card.
16:13 < psprint> haha
16:31 < superkuh> Hah. That guy in here yesterday complaining about AT%T misrouting 1.1.1.0/24 posted on dslreports too and now it's made hackernews.
16:31 < superkuh> Er, &
16:36 <+xand> ha
16:37 <+xand> superkuh: I expect it's rather common :(
16:38 < superkuh> https://www.dslreports.com/forum/r31901379-AT-T-gateway-5268ac-maybe-others-misrouting-1-1-1-0-24
16:38 < superkuh> https://news.ycombinator.com/item?id=16740694
16:38 < superkuh> dslreports post seems to match very closely the pastebin from yesterday.
16:38 < superkuh> In terms of formatting.
16:41 < ychaouche> Hello ##networking
16:41 < Atro> get out
16:41 < ychaouche> I was reading about shorewall rules and learned about connection marks. What would be a use case for them ?
16:42 < Atro> so shorewall is iptables made easy?
16:43 < ychaouche> no it's another interface to netfilter.
16:49 < mAniAk-_-> ychaouche: marks can be used with tc
16:50 < ychaouche> mAniAk-_-: what's an example use case ?
16:50 < ychaouche> (to do what ?)
16:53 < mAniAk-_-> look up what tc can do
16:54 < ychaouche> traffic shaping
16:55 < lupine> also tagging traffic from a particular process for debugging
16:57 < pulsar12> ychaouche, if you want for example do CoS, it will simplify things for you. you 'classify' different types of traffic with a mark. then on CoS processing you match only the mark (otherwise you would need to apply all the specific criteria again)
17:13 < ychaouche> ok thanks
17:19 <+catphish> morning
17:25 < ychaouche> o/
17:36 < niozerotoo> Hi
17:36 < skyroveRR> Hi
18:04 < Apachez> superkuh: B2 Bredband (aka bredbandsbolaget) in sweden seems to misroute 1.1.1.1 too
18:04 < Apachez> they do this in their distlayer
18:05 < Apachez> while the other ip 1.1.0.0 or whatever it was works
18:08 < niozerotoo> Apachez: är du svensk ?
18:11 < Maarten> certain AT&T gateways (pace 5268ac) also misroute 1.1.1.1 - and pretty much ALL Cisco wireless controllers use 1.1.1.1 as the captive portal, such as the public broadband in starbucks, airports, hotels, etc, etc.... Good thing it isn't a critical service! :D
18:17 < Holo> Hahahahaha
18:17 < Holo> This is like network shaming
18:17 < Apachez> niozerotoo: kanske, hurså?
18:18 < Apachez> this is how it looks like for a b2 customer:
18:18 < Apachez> <> 2    <1 ms    <1 ms    <1 ms  static-213-115-3-58.sme.bredbandsbolaget.se [213.115.3.58]
18:18 < Apachez> <> 3    <1 ms    <1 ms    <1 ms  1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]
18:19 < Apachez> how it should look like (give or take):
18:19 < Apachez>  5. netnod-ix-ge-a-sth-1500.cloudfla  0.0%     9    1.1   1.4   1.1   3.2   0.6
18:19 < Apachez>  6. 1dot1dot1dot1.cloudflare-dns.com  0.0%     9    1.1   1.1   1.0   1.1   0.0
18:20 < Apachez> 1.0.0.1 was the other ip and that works for the customers where 1.1.1.1 seems to be nullrouted or whatever
18:21 < rtmataeu34> hey whats goin on :)
18:21 < plasma> weird
18:47 < ShapeShifter499> Holo: skyroveRR Criggie I figured out my PPP serial Raspberry Pi connection issue.     I had to remove 'proxyarp' and instead enable forwarding and ARP via sysctl options on the Host Pi.      My working configuration is posted here   https://gist.github.com/ShapeShifter499/0d113c17392865aeeada5af8bd14d6b3
19:07 < v0rt_> hi
19:08 < v0rt_> how scalability works with a dns server? let's say google dns is just 2 ip addresses how all traffic to them are balanced?
19:08 < UncleDrax> Geo-locating/Anycasting and load-balancers
19:09 < UncleDrax> the actual quad8 server you ping may not be the actual server I would hit
19:10 < v0rt_> UncleDrax: can you explain it in more details?
19:10 < v0rt_> or a doc to read about?
19:10 < UncleDrax> wikipedia has articles for Anycast and geocast
19:11 < v0rt_> how load balancers work in this case if the ip is only one?
19:11 < UncleDrax> but if you search for how CDNs work, it'd be similar
19:11 < UncleDrax> wikipedia also has an article on Load Balancing (Computing)
19:13 < v0rt_> ok
19:13 < v0rt_> wikipedia is the new best doc source then
19:13 < UncleDrax> it's a good start
19:25 < v0rt_> UncleDrax: ok, geocast is how CDNs work, but what about a single ip? it is unique (8.8.8.8) and located in one single AS, so it will receive traffic from whole world, right?
19:27 < UncleDrax> why do you think an AS has to be contigious and monolithically-housed?
19:27 < UncleDrax> *contiguous
19:27 < v0rt_> AFAIK, an IP address is located in only one AS and not in more
19:28 < UncleDrax> sure
19:28 < UncleDrax> but that doesn't address my question.
19:28 < UncleDrax> as it wasn't about IPs, it was about ASes
19:28 < v0rt_> so if google dns ip is located in US, also traffic from japan is routed to that AS, or not?
19:29 < UncleDrax> from the outside perspective, I can advertise an AS in 1000 different places.
19:29 < UncleDrax> so why couldn't I advertise my IP block from each of those 1000 sites?
19:30 < v0rt_> so everybody in the world that use google dns will connect to 8.8.8.8 (and 8.8.4.4)?
19:30 < ||cw> routing can be faked, but on a global scope that requires some coordination
19:30 < v0rt_> uhm
19:30 < UncleDrax> it's my responsibility, as the ASN operator, to make sure that it works on the inside. but I can annouce a wholey indepent-for-a-region routing table that does something like include quad8.
19:30 < ||cw> google's big enough to pull it off though, having backbone routers route 8.8.8.8 to whatever local pipe they want
19:30 < UncleDrax> and my typing is super-bad today :/
19:31 < ||cw> idk if they actually do that, just it's technically possible
19:31 < v0rt_> so, those 2 IPs are advertised in multiple AS, so geocast will used to connect to the 'servers' in those ASes?
19:32 < UncleDrax> that's more AnyCast
19:32 < UncleDrax> but ya
19:33 < v0rt_> so if I am in japan and connect to 8.8.8.8, I am connecting to this address advised in one of japan AS. If you are connecting to 8.8.8.8 from US, you are connecting to this ip advertised in your AS, and so on
19:34 < UncleDrax> effectively, yes
19:34 < v0rt_> makes sense now :)
19:34 < UncleDrax> so in short, it's, as CW said, a whole bunch of lying
19:34 < UncleDrax> but it works out
19:35 < v0rt_> CW?
19:35 < UncleDrax> .. at least that's all my understanding, having never actually done any of it
19:35 < v0rt_> ah, that nick, sorry :D
19:35 < UncleDrax> ya
19:36 < v0rt_> let me learn how anycast works in real world and not in my lan :)
19:37 < ||cw> lying to rules based processing systems is one of my favorite things to do
19:37 < v0rt_> it is quite impossible to understand deeply, unless you are not working for a big provider
19:38 < UncleDrax> ya, occasionally I ponder if I need to setup stuff like Anycast for my DNS servers.. then I remember I only got like 10-15k customer ports and there's no need to do that
19:38 < v0rt_> my dns server has just 5 users, so...
19:39 < v0rt_> sometime 7 :)
19:42 < afx_> Hello everyone! Does anyone know if there is a simulation software for Hirschmann switches?
19:43 < UncleDrax> offhand, never heard of one, but you might ask the manu.. they seem to be a specialized sector manufacturer (ie: industrial/hardened)
19:45 < afx_> Thank you UncleDrax
19:46 < v0rt_> so basically it works like dns root servers
19:56 < NonSecwitter> looking at a Cisco Prime like solution for configuration and change management. I'm leaning towards MS SCOM for servers and PRTG for networks. Any good ideas for switch configuration management?
20:14 < Pigman168> Heya
20:15 < Pigman168> Is the source IP in a packet sent to a website for example the local IP or the public IP?
20:15 <+pppingme> the "source" ip is changed as it passes through any nat device
20:15 <+pppingme> otherwise the destination wouldn't have a path to reply
20:16 < Pigman168> Gotcha, tyvm. So sent as is to the router it would be the local IP right?
20:16 <+pppingme> if by local you mean by pre-nat ip, yeah
20:18 < c|oner>  with all the billions of dollars of network innovation, is there not a way that I can use wired and wireless at the same time with the same IP address
20:18 < c|oner> or , a seamless switchover
20:18 < Pigman168> Is there a way to spoof the NAT IP from a device itself?
20:19 < c|oner> fast roaming from ethernet to wifi :D
20:19 < qman__> to use the same IP you would have to bridge the connections together
20:19 <+pppingme> c|oner yeah, there is, and its easy
20:19 < UncleDrax> not enough people to warrent an easy way of doing it c|oner . that said. create a bond0 type interface of them
20:19 < qman__> this is not a particularly good idea, though
20:19 < UncleDrax> with a higher cost for the wireless so it'll prefer wired if available
20:19 <+pppingme> Pigman168 what are you calling the "nat ip" ?
20:19 <+pppingme> nat is a process, it doesn't have an address
20:20 < c|oner> yeah that still makes for a switchover when you unplug and walk away though, UncleDrax
20:20 < Pigman168> Oh my bad, I'm pretty new to networking
20:20 < Pigman168> So I think the correct question would be: is there a way to spoof the IP address after the NAT protocoll?
20:21 < c|oner> nothing dirty would be worth doing, has to be nice, has to be someone smart who invents it
20:21 <+pppingme> c|oner what OS?
20:21 < c|oner> in this case, MacOS
20:22 <+pppingme> Pigman168 whats the point, or goal?
20:22 <+pppingme> it would just confuse the nat process
20:22 <+pppingme> not confuse, but break it
20:22 < qman__> Pigman168: technically yes, but it's not particularly useful - you'd never get the response, and all the upstream network equipment is set up to filter things like that out
20:22 < Pigman168> qman__: How would they filter that out?
20:23 < qman__> because they know which networks they're connected to and which addresses can possibly be there
20:23 < qman__> and ignore everything else
20:23 < Pigman168> Oh, so you could use a range of the addresses within that network?
20:23 < qman__> yes, but again, typically your ISP will use a /30 for your modem
20:24 < qman__> or an otherwise small range assigned directly to you
20:24 < Pigman168> qman__: What's a /30? Sorry
20:25 <+pppingme> nah, isp's rarely use /30's for modems, especially not in a residential environment
20:25 < qman__> an ipv4 network with two usable addresses, yours and your gateway
20:25 < Pigman168> Oh I see
20:26 <+pppingme> in general cable modems act more like an ethernet bridge, while adsl modems tend to act more like ppp (similar to dialup)
20:26 < ||cw> I haven't seen a /30 used since I was setting up T1s using adtrans
20:26 < qman__> a /30 is the default setup for business class cable, at least
20:26 < qman__> I haven't used residential in a long time
20:27 < qman__> the last time I had residential it was also a /30 but that was many years ago
20:27 < Pigman168> So a /30 allows up to X modems to connect to that ipv4 network as a bridge?
20:27 < ||cw> qman__: not that last one I did, but it could have been masked in a layer I couldn't see
20:28 < ||cw> Pigman168: no, it's a point to point, there's 2 devices and nothing else
20:28 < Pigman168> Oh I see, thanks!
20:28 <+pppingme> Pigman168 not typical..  most cable modem environments will implement a /24 or larger and all the modems pretty much act like ports on a big ethernet switch
20:28 < ||cw> there might be a "cloud" that the 2 points get piped through, cable and frame relay work that way
20:29 < Pigman168> What does the size of the network affect?
20:30 < qman__> the number of possible addresses
20:30 < Pigman168> (/24 vs /30 if I understood it correclty)
20:30 < Pigman168> Oh ok
20:30 < qman__> i.e. you cannot spoof an address that doesn't exist on the network and expect it to leave
20:30 < Pigman168> Gotcha
20:30 <+pppingme> 2^(32-x) = number of possible ip's
20:30 < qman__> when that network only has 2 possible addresses, you and your gateway, then you cannot spoof anything
20:30 <+pppingme> where x is typically expressed as /x
20:31 < Pigman168> Ah ok tyvm
20:31 < tds> (only valid for legacy ip, otherwise you want 128 ;)
20:31 < Pigman168> pppingme: Is there a way to find out what setup my ISP has?
20:31 < Pigman168> traceroute or something like that?
20:32 < tds> Pigman168: you may be able to just see through the router's web ui (or cli or whatever it exposes)
20:33 < ||cw> it might show in a trace, but it depends on the modem and topology
20:33 < qman__> keep in mind that producing invalid traffic is technically using a computer network in an unauthorized manner which is a felony in the united states
20:33 < Pigman168> tds: That sounds very unlikely no? :o
20:33 < qman__> what is your actual goal?
20:33 < Pigman168> Sending out as many packets as possible from 1 machine
20:34 < tds> otherwise, you could try a traceroute and see within what range goes directly over the wan interface, and at what address it goes via the router's default gateway
20:34 < qman__> spoofing addresses will not increase the voume of traffic you can produce
20:35 < ||cw> Pigman168: like with ping -f?
20:35 < ||cw> even if you manage to spoof, all that gets you is that replies go to the spoofed address.  what does that get you?
20:37 < Pigman168> qman__: well yeah in terms of quantity, but if you use the same IP it'll be shut down quickly.
20:37 < qman__> if your goal is denial of service, that is absolutely a felony and we will not help you do that
20:37 < Pigman168> ||cw: Not sure what you mean sorry :s
20:37 < Pigman168> (with ping -f)
20:38 < ||cw> ping flood.  sends as many packets as possible, reports on packet loss.  handy for a quick sanity check.
20:39 < ||cw> Pigman168: and yeah, that's why DDoS and botnets were invented.
20:39 < ||cw> so, good luck with that
20:39 < Pigman168> Yeah, not necessarily a ping flood though.
20:39 < Pigman168> Seems too mundane/ineffective
20:40 < qman__> if you attempt to flood via your ISP, you will definitely be caught, you will lose your service for violation of terms, and you may be criminally charged
20:40 < Pigman168> Oh, thanks for the heads up.
20:40 < Pigman168> I tend not to think things through :p
20:41 < Pigman168> Gotta catch a train, thanks again for the help everyone
21:38 < UncleDrax> every time someone flood-pings, another angel crys because his traceroutes seem to not work.
21:40 < TV`sFrank> lol
21:43 < UncleDrax> and we have to explain to them how Traceroute should actually be used
21:49 < ||cw> a flood trace?
21:50 < TV`sFrank> isn't traceroute deprecieted? I thought there was something "else"
21:50 < TV`sFrank> or am I thinking of nslookup
21:51 < UncleDrax> ya. a lot ofppl use MTR, but it's still traceroute. this is more of a 'rando router does ICMP rate-limiting' (you know, because they like having CPU avail for important stuff) comment.
21:51 < UncleDrax> so it causes people to flip out when they start getting *'s in thier traceroutes
21:52 <+pppingme> TV`sFrank nope, its not, there are some tools that are "more preferred" by some people, but traceroute is fully supported and there is nothing depreciated about it
21:52 < TV`sFrank> UncleDrax, pppingme: ah okay thanks
21:53 < HEROnymous> traceroute can be a useful diagnostic tool
21:54 < UncleDrax> absolutely. but many people read the results incorrectly.
21:54 < TV`sFrank> yeah I just refreshed my (lack of) memory by reading the traceroute man page heh
21:54 < TV`sFrank> there's a lot of things you can do with it that I'd forgotten about
21:55 < HEROnymous> UncleDrax, also there's apparently a lot of disparity in how it works (my understanding is that on windows, it does not use udp, while on many other platforms it does?  or something like that.)
21:55 < TV`sFrank> ugh the windows version is, for all intents and purposes, ALMOST broken, and at very least crippled
22:26 < v0rt_> can I say to dig to use anycast OR unicast?
22:35 < tds> v0rt_: no - as far as dig is aware it's just communicating with a server over udp, it doesn't have any control of the routing of that traffic
22:35 < v0rt_> ah ok, thanks
22:36 < v0rt_> is there a simple standalone dns client that supports unicast and anycast?
22:39 < Apachez> funny that youtube fails to livestream the assault on youtube hq...
22:40 < Poster> probably difficult to get someone to go follow them with a camera
22:42 <+pppingme> v0rt_ client has no concept of anycast
22:42 <+pppingme> Apachez was just thinking that
22:43 < v0rt_> so, just sent udp packet to the first resolver ip in resolv.conf?
22:43 < v0rt_> and if it fails go to the second, and so on
22:45 <+pppingme> Apachez they are saying its a chick..
22:45 < Apachez> the cbs livefeed zoomed in a killed frozen yoghurt lying on its side in the sun, sad
22:46 < Apachez> could been a milshake of some sort, hard to tell from the angle and distance
22:48 < Apachez> somebody wanted to stop the cobra kai premiere?
22:49 < Apachez> multiple injured servers reports says
22:58 <+pppingme> wow, cancelled adsl in december, modem still sync's
22:59 < mutante> heh, they are probably like "credit card still syncs"
23:01 <+pppingme> mutante nope.. had to reverse in January, they haven't touched since
23:01 <+pppingme> ppp auth does fail
23:01 < mutante> ah :)
23:02 <+pppingme> although I'd imagine if I found another set of cred's they'd probably work
23:02 < mutante> is that really so surprising? i thought all you pay for is a set of credentials anyways
23:03 < mutante> i mean.. otherwise they would have to actively block your hardware or something.. and now
23:03 < mutante> how
23:03 <+pppingme> cable company has no issues doing it at hardware level
23:10 < Apachez> black female shooter, this will be fun...
23:12 < Apachez> multiple hurt frozen yoghurts on the scene
23:14 < Spice_Boy> frozen yoghurt?
23:15 < mutante> how messed up do you have to be to say that kind of thing .. it's going to be fun
23:18 < TV`sFrank> mutante: who are you talking to?
23:21 < Apachez> "they said it was a male woman"... wtf youtube employees are nuts?
23:22 < Apachez> https://www.youtube.com/watch?v=3RfHcOUHnAc   https://www.youtube.com/watch?v=oSr-2aa5TKo   https://www.youtube.com/watch?v=9fWkHeEbC6s
23:29 < Apachez> donald trump has been briefed, sad...
23:29 < wewlad> hello, `netstat -ln` returns this line: `tcp 0 0 :::9000 :::* LISTEN`  is it an ipv6 listener?
23:30 < Dagger> it's a v6 socket listening on ::, port 9000
23:30 < Dagger> v6 sockets listening on :: can accept v4 connections, provided that net.ipv6.bindv6only is left at its default value of 0
23:30 < wewlad> if it's ipv6, why is it tcp, not tcp6?
23:30 < wewlad> :(
23:30 < wewlad> wait
23:30 < Dagger> TCP is TCP. there's no special TCP version for IPv6
23:30 < Apachez> so female snowflake shoot her boyfriend and then commited suicide... according to news stations
23:30 < wewlad> v6 sockets can accept v4 connections??
23:31 < wewlad> Dagger: https://askubuntu.com/questions/614702/what-is-an-origin-and-solution-for-port-9000-connection-refused-error grep tcp6
23:32 < Dagger> I know netstat says that, but it means TCP on AF_INET6
23:32 < Dagger> not sure why it doesn't for you. maybe a new version changed that?
23:33 < Spice_Boy> did he call her fat?
23:33 < Apachez> IM NOT FAT!
23:33 < Apachez> ohh sorry
23:33 < Apachez> ;)
23:33 < jesse1010> does docsis 3.1 reduce latency?
23:33 < Spice_Boy> maybe he drew a cartoon of something
23:33 < Apachez> more like  "do I look fat in this dress?"
23:33 < wewlad> Dagger: I'm using netstat from busybox 1.24.2
23:33 < Apachez> if you think too long you lose
23:33 < Apachez> if you say "yes" you lose
23:33 < teprrr> isn't netstat also deprecated in favor of ss?
23:34 < Apachez> if you say "no" you lose
23:34 < Spice_Boy> just point her towards a mirror
23:34 < Dagger> wewlad: oh, busybox will be a completely different implementation
23:36 < Apachez> press conf now
23:37 < TV`sFrank> Spice_Boy: This isn't the schoolyard.  Become an adult and behave as such or simply shut the fuck up and be a spectator.
23:37 < Spice_Boy> okay mum
23:38 < TV`sFrank> Grow up.
23:38 < Apachez> 3 gunned down + shooter suicide so 4 body count so far
23:38 < TV`sFrank> Immature slackjawed yank pig.
23:39 < wewlad> yay trump
23:40 < TV`sFrank> lol someone really needs to remove people like that from the genepool, and fast
23:52 < cYmen> is there a /proc/net/arp for ipv6?
23:53 < Dagger> try `ip -6 neighbor`?
23:53 < wiresharked> Dagger: What linux distro is he running?
23:53 < cYmen> Dagger: I'm looking for something that I could parse. Is that stable enough?
23:53 < Apachez> so the white dude is standing there in a tshirt while the black dude is suited up with some winter coat... what temp are there exactly in san franscisco right now?
23:54 < Apachez> +15C / +59F
23:55 < Dagger> cYmen: good question. I've not seen it change
23:56 < wiresharked> Apachez: Is there a reason to change the maxuserport setting in windows?
23:56 < cYmen> Dagger: I was a bit irritated because the output for 4 and 6 is different...
23:58 < Apachez> body pics on abc news... the shooter is under a yellow blanket outdoors just outside the entrence from the cafeteria
23:59 < strive> ?
--- Log closed Wed Apr 04 00:00:32 2018