--- Log opened Tue Jul 03 00:00:08 2018 --- Day changed Tue Jul 03 2018 00:00 < android> Can trycorder work on captive portal? 00:13 < wpwpwpwp> soo many abbreviations in networking 00:14 < compdoc> tmi 00:15 < android> which channel for talk about the national? 00:16 < android> thr national can build a computer network 00:16 < android> including quantum security and banking 00:17 < compdoc> never heard of such a thing. 00:17 < compdoc> youre not talking about skynet? 00:18 < android> no skynet looks to be empty 00:18 < android> it can support skynet 00:19 < android> the bankingk system I can design perfect 00:21 < android> an opt-out exchange rate which has no room for speculative exploits 00:25 < android> tue nation 00:25 < android> true nation 00:26 < android> for the network to function it must be a Nation 00:26 < android> the users need be like minded enough to use it 00:26 < android> thus it is an extension of the Nation 00:27 < android> the barring out of speculative exploits requires security and quantum security requires One 00:27 < android> therefore it becomes the last nation 00:28 < android> but if an enemy mimics me first there can be big problems for Earth 00:28 < android> we then by default become binary against me 00:29 < android> because in negligence we allowed we to be subverted under the enemy 00:30 < android> any other commander is a subversion 00:33 < android> if you look at the land seebit as gone over ready for barreness, but then consider has this land any lost sheep on it for the commander 00:34 < android> this is a hold fire order 01:43 < h0dgep0dge> hey peeps. I have an engineering challenge and wanna hear your solution. I already have my solution set up, but I want to hears yours before i tell you what mine is. 01:43 < h0dgep0dge> I have to set up a linux box as a router, connecting to both the lan and the wan and routing between them, but it only has one NIC 01:43 < h0dgep0dge> what do you do? 01:45 < rewt> get another nic 01:47 < h0dgep0dge> I have 33c in my bank account, next 01:47 < rewt> kickstarter 01:48 < h0dgep0dge> lol 01:48 < rewt> i really doubt you have 33c in your bank account; that would go to 0 in no time 01:49 < E1ephant> just naw on the wires, transmitting and recieving 802.1q compliant frames with my teeth 01:49 < E1ephant> duh 01:50 < h0dgep0dge> rewt: https://imgur.com/gallery/bfjIQL7 01:50 < h0dgep0dge> ignore the account with $2900, that's a retirement saving scheme, can't withdraw money from that 01:50 < E1ephant> so first step is get a job? 01:51 < h0dgep0dge> Well sure, but I need my internet working today 01:51 < h0dgep0dge> E1ephant, I like the gnawing idea, maybe get some trained monkeys to route my packets by hand? 01:51 < E1ephant> better find one quickly? 01:51 < E1ephant> I think collision rate may be too high with monkeys 01:51 < Kingrat> h0dgep0dge, well if you have a vlan capable switch that should be easy, vlan 10 lan vlan 20 wan, or whatever you decide on 01:52 < E1ephant> elephants transmit a cleaner signal 01:52 < h0dgep0dge> Kingrat: ding ding ding, winner winner chicken dinner, exactly what I did, works great 01:53 < tds> it's not an especially uncommon setup, even has a wikipedia page ;) https://en.wikipedia.org/wiki/One-armed_router 01:53 < E1ephant> yeah so you came to IRC to tell us all about a 20 year old protocol? 01:54 < h0dgep0dge> Come on guy, I didn't know this was common, I'd assumed most people had resources to do it properly 01:55 < E1ephant> errrr, how is using vlans not doing it properly? 01:55 < E1ephant> build for your use-case 01:55 < batch> join the club h0dgep0dge 01:55 < tds> vlans over multiple bonded interfaces is much nicer than doing individual physical interfaces per l2 segment 01:56 < h0dgep0dge> Well evidently it isn't, but I'd assumed that vlans for this problem would be considered an inelegant hack 01:56 < E1ephant> should we tell them about vxlans? 01:57 < h0dgep0dge> it's not as if i'd expect you to be impressed, I just wanted to ask if there were other approaches that I didn't consider 01:57 < batch> ripv2? 01:57 < E1ephant> hmmmmm, I think it's considered pretty standard, router-on-a-stick (one-armed router) used to be more popular 01:57 < h0dgep0dge> y'all better start being nice to me or i'm taking my ball and going home 01:57 < E1ephant> going away in style now as people put L3/routing everywhere 01:57 < batch> oh ROS 01:57 < h0dgep0dge> all I wanted was to be congratulated for being a genius is that too much to ask? T_T 01:57 < E1ephant> but still a perfectly fine approach to home/smb 01:58 < E1ephant> or tbh anything you want to UTM/L7-fw 01:58 < batch> lol 01:58 < batch> h0dgep0dge wat, you where the one asking 01:58 < batch> ? 01:59 < batch> :p 01:59 < E1ephant> yeah I am so confused 01:59 < h0dgep0dge> the last 2 messages are jokes 02:00 < E1ephant> I do like jokes 02:00 < E1ephant> and also ice cream 02:01 < h0dgep0dge> lucky for you, I have it on good authority that the two often meet on popsicle sticks 02:01 < E1ephant> :D 02:27 < my_mind> hi 02:28 < my_mind> i bought a domain from namesilo.com and set up email forwarding to gmail, so now i have a business email. I was wondering if it's secure enough to use for a business 02:29 < my_mind> it's using SSL 02:30 < Matt|home> evening 02:30 < my_mind> hello 02:30 <+pppingme> my_mind email is mostly sent in the clear, so you need to define "secure" 02:31 < my_mind> what do you mean it's sent in the clear? 02:31 < my_mind> it's using ssl 02:31 < my_mind> it's using ssl from namesilo and from gmail 02:31 < Matt|home> so i have something of a complex question/situation 02:32 < my_mind> Matt|home: shoot 02:32 < E1ephant> my_mind: yeah that is between you and gmail, not between you and senders 02:32 < Matt|home> my roommate is not home right now, and he was able to get the internet guy to come and install everything. i've got a hardwired ethernet connection to -somewhere- but im fairly confident it's in his room which is locked. now im fairly certain he's too incompetent to do anything complicated like download wireshark and do packet sniffing. 02:33 < my_mind> so it's not secure enough for business? 02:33 < E1ephant> I mean is the question is email secure for business? 02:33 < E1ephant> I think lots of businesses would agree 02:33 < Matt|home> how do i get a detailed map of my current network, and presumably my modem/router login info if i even -have- that (this is a uh.. fiber optic connection) 02:33 <+pppingme> again, how are you defining secure?? Its probably as secure as 90% of other business's.. 02:33 < Matt|home> and how do i prevent other people from seeing my network traffic without bothering with like a VPN or encrypting my data or whatever 02:34 < E1ephant> just my thoughts, but gmail is a good email product 02:34 <+pppingme> but remember, many companies have strict rules on what email can and can't be used for, often the rules are mandated by legislation (law). 02:34 < E1ephant> for business or personal (I've used both) 02:35 < my_mind> I'm wondering if I can offer this service to a company 02:35 < Matt|home> im listening i just need to brb 02:35 < my_mind> set up business emails through email forwarding from a domain registrar 02:35 < E1ephant> Matt|home: ask your ISP? 02:37 < my_mind> I mean I'm also thinking of implementing protonmail.com for more sensitive emails for the companies I'll offer this service to 02:37 < E1ephant> the entire network termination is behind a locked door? and they didn't show you? :S 02:37 < E1ephant> my_mind: as in you want to be an email reseller? 02:38 < my_mind> E1ephant: something like that 02:38 < my_mind> E1ephant: I want to add it to my network setup business 02:38 < my_mind> currently, I set up networks for small businesses 02:38 < E1ephant> yeah hand off as much as possible, dealing with email is nasty 02:39 < my_mind> I've dealt and worked with a company that wanted exchange server in house 02:39 < my_mind> i was fine with that 02:39 < E1ephant> eh yuck 02:39 < my_mind> i know 02:39 < my_mind> its the job, man. customer is always right 02:40 < my_mind> they wanted exchange server 02:41 < my_mind> is anyone here familiar with email forwarding for use as business emails? 02:41 < wpwpwpwp> lol exchange server, I am sorry 02:41 < wpwpwpwp> :( 02:41 < my_mind> I'm trying to figure out if namesilo.com is reliable 02:41 < my_mind> i don't wanna offer it to a company and end up with downtime 02:42 < my_mind> is there a website that shows you the frequency of downtime of a certain website? 02:43 < E1ephant> gandi.net? 02:44 < my_mind> E1ephant: thank you, but it didn't provide me with any useful info 02:46 <+pppingme> how reliable someones website is, isn't really related to how reliable their dns and email infrastructre are.. 02:46 < Matt|home> E1ephant - i wasn't here when it got set up. 02:47 < my_mind> pppingme: makes sense 02:47 < Matt|home> nmap should show most of the nodes and stuff on here right? 02:49 < E1ephant> anything that responds in the subnet you're scanning 02:49 < Matt|home> mkay. let's see if i can't pull the login from this schmuck 02:49 < Matt|home> so in terms of preventing him from touching any of my traffic what can i do about it 02:49 < my_mind> vpn 02:50 < Matt|home> eh don't those cost money normally 02:50 < my_mind> yup 02:50 < RJ45> any CCTV experts here? 02:50 < my_mind> RJ45: cool username. im impressed 02:50 < Matt|home> my_mind setting my own vpn up would basically still route traffic through my other internet connection though so it'd be kinda pointless i assume? 02:50 < RJ45> thx 02:51 < E1ephant> L0rd nik0n approves 02:51 < E1ephant> that is so elite 02:52 < RJ45> anyone know is an AHD-N DVR can handle an 'AHD-H' camera? 02:52 < RJ45> both are 1080p specs 02:52 < Matt|home> hm looks like they didn't give him the router login info 02:52 < my_mind> Matt|home: i don't think so 02:52 < Matt|home> sorry? 02:53 < my_mind> Matt|home: im pretty sure a vpn would isolate you 02:53 < my_mind> you'd still use your roommate 02:53 < E1ephant> uwot m8 02:53 < my_mind> *roomates router obviously 02:54 < Matt|home> VPN is basically i pay a company to route my traffic through them so it gets encrypted? 02:54 < my_mind> E1ephant: what's "uwot"? 02:54 < my_mind> Matt|home: yes 02:54 < Matt|home> im already shelling out too much money. i'll find another solution 02:54 < my_mind> Matt|home: vpn routes your traffic through a "tunnel" that's heavily encrypted 02:55 < my_mind> no one sees your traffic except for you and the website you visit 02:55 < Matt|home> im curious what my speeds and caps are though, i wasn't told. 02:55 < Matt|home> i'll check in a second.. 02:55 < my_mind> VPNs usually slow down iinternet speed by 3x 02:55 < my_mind> x3 02:55 < E1ephant> my_mind: it's like an internet meme for "what on earth?!" 02:56 < Matt|home> that'd be a massive problem for my other connection. 02:56 < E1ephant> my_mind: that is a very specific type of vpn 02:56 < E1ephant> you could just tunnel specific traffic 02:56 < E1ephant> VPN just means virtual private network, it could be a huge plethora of things 02:56 < Matt|home> yes but i still have to pay for the damn vpn ;p well the important shit like my bank info should be encrypted anyway 02:57 < E1ephant> from very secure, to you think it's secure, to completely insecure 02:57 < my_mind> there are free VPNs out there 02:57 < superkuh> where you are the product. 02:57 < my_mind> not secure though 02:57 < E1ephant> solve the real problem, get a better room mate who isn't a creeper? 02:57 < Matt|home> sorry for the off-topic by the way.. but i just finished moving to a new place (technically for the first time away from my folks) and for the first few days i was feeling REALLY awful and shitty.. but being able to talk to folks even if it's just online finally is significantly helping me out psychologically 02:58 < my_mind> wait a minute, I just thought oh Logmein Hamachi. it's a VPN. Aimed for gamers. Does it encrypt traffic? 02:58 < E1ephant> I mean I don't think it's off topic, but I don't think it's really an issue either 02:58 < E1ephant> just use your internet :) 02:59 < my_mind> Matt|home: we're all people here. 02:59 < my_mind> ... well some of us are bots 02:59 < Matt|home> by the way, very silly question. there are some wall ethernet ports, and i only really have dinky little 5-port switches but more than one node. assuming the switches work correctly, i should be able to have more than one computer from this location without fucking anything up right 03:00 < Matt|home> i still don't know the network topography and i can't test it out right away, but i should be able to avoid collisions if i just plug my switch into the wall port right 03:01 < my_mind> more devices means slower internet. no other issues 03:01 < Matt|home> awesome 03:01 < E1ephant> yeah switches are great 03:01 < E1ephant> more devices does not slow your internet down 03:01 < my_mind> make sure it's not a HUB though 03:01 < my_mind> those things suck 03:01 < E1ephant> your internet is usually a set size from your ISP 03:02 < E1ephant> more devices might use more BW, but you can plan accordingly 03:02 < tds> some networks will limit the number of mac address on a port to 1, and I've seen some where the DHCP lease is set based on the physical port (so connecting multiple devices won't get you more addresses via dhcp) 03:02 < Matt|home> http://www.speedtest.net/result/7440647750 <-- heh. this is the fastest i've ever had before. literally by ten times. 03:02 < my_mind> "plan accordingly" is what i meant to say 03:02 < tds> so it's worth keeping in mind if you don't control the network there 03:02 < E1ephant> if you find a hub, you have probably stumbled into a museum 03:02 < Matt|home> nah this is an old dlink 10/100 ethernet switch. not a hub 03:03 < Matt|home> i really do need to find out my data cap limit though :\ 03:03 < my_mind> aight people, i need to go do stuff. see ya 03:04 < Matt|home> o\ 03:04 < Matt|home> take care 03:04 < my_mind> u 2 03:09 < Matt|home> ..... 03:09 < Matt|home> this is new. apparently my wifi is set up in my thermostat. let's check it out 03:13 < Matt|home> nope 03:13 <+pppingme> Matt|home nest? 03:13 < Matt|home> pardon? 03:13 <+pppingme> this is new. apparently my wifi is set up in my thermostat 03:14 < Matt|home> i don't know what nest means. i just tried changing settings on the thermostat and all i saw was blinking 'wifi setup' and some thermostat icons from the dropdown list 03:14 < Matt|home> no option to do it from there 03:14 <+pppingme> oh, its a brand of thermostat, "cloud based" 03:16 < Matt|home> no matter 03:25 < h0dgep0dge> so i've been resisting the urge to bother y'all again, but does anyone have any hot tips on setting up a 6in4 tunnel and router? 03:26 < h0dgep0dge> i have the tunnel working on the router, the router can talk to the ipv6 internet. I have radvd running, advertising the router, and my client is getting what should be a globally routable address 03:26 < h0dgep0dge> and the client has the link-local address of the router as the default gateway 03:26 < h0dgep0dge> and forwarding is enabled 03:26 < Dagger> guess: trying to use tunnel /64 on LAN 03:27 < h0dgep0dge> but the client can't talk to the internet, is there anything obvious i'm missing? 03:27 < Dagger> kinda hard to tell without `ifconfig`, radvd.conf etc 03:27 < h0dgep0dge> hold tight 03:27 < h0dgep0dge> ifconfig: https://pastebin.com/DipmYsG0 03:28 < h0dgep0dge> radvd.conf: https://pastebin.com/ibqx3ize 03:28 < Dagger> aaaand what did I say: inet6 2001:470:1f2c:f5::2 vs inet6 2001:470:1f2c:f5:6ef0:49ff:fe9b:e3c1 03:29 < Dagger> same /64 on two different networks is never going to work right 03:29 < h0dgep0dge> yeah, i wasn't really sure about that, the machine is automatically allocating that address to enp2s0 03:29 < h0dgep0dge> so i should be telling the router to ignore router advertisements? 03:30 < Dagger> no, you should be using the right /64 on the network 03:30 < Dagger> you have one /64 for the tunnel (called the tunnel /64 on the admin pages) and a second routed /64 for your LAN (called the routed /64) 03:31 < h0dgep0dge> you just straight blew my mind, i hadn't spotted anything about that in any of the tutorials i looked up 03:31 < h0dgep0dge> forgive me, i'm very very new to ipv6 03:31 < Matt|home> same 03:31 < E1ephant> it's how IP is supposed to work :) 03:31 < E1ephant> it's called routing 03:32 < Dagger> it's how v4 works too. you wouldn't use 192.168.1.2/24 on the WAN and then 192.168.1.201/24 on the LAN 03:32 < E1ephant> NAT is because we ran out of numbers 03:33 < h0dgep0dge> yeah, i've never lived in a world without nat, so i wouldn't have had any idea what you'd do when both the wan and lan interfaces are in the same address space 03:33 < Dagger> also normally you'd statically assign an address (I think it'd be 2001:470:1f3d:f5::1/64?) to enp2s0, and then specify "prefix ::/64" in radvd.conf to have it read the prefix from the IP assigned to the interface 03:33 < Dagger> the router should not normally be assigning itself an IP from its own RAs 03:33 < h0dgep0dge> good to know, i'll let you know how i get on 03:34 < E1ephant> yeah, somehow top of range hasn't caught on in v6? 03:34 < Dagger> E1ephant: fancy that 03:34 < E1ephant> heheh 03:35 < E1ephant> using top of range /26s here, would be so ugly in v6 :( 03:35 < Dagger> although OVH tried, with their :xxff:ff:ff:ff:ff shit 03:35 < E1ephant> D: yuck 03:36 < E1ephant> OVH: At least it's not Detroit! 03:47 < Harlock> h0dgep0dge1 lan and wan are not in the same address space 03:48 < h0dgep0dge1> then i'm not really sure what the correct term is for what i'm talking about 03:48 < Harlock> wan is a different /64 than your lan 03:49 < Harlock> are you setting up he.net? 03:49 < h0dgep0dge1> correct 03:49 < Harlock> they have pretty good examples iirc 03:51 < Harlock> you get assigned 2 networks 03:51 < h0dgep0dge1> Dagger did a good job of setting me straight, it's working now, i'm just trying to debug why my vm isn't getting an address, either from dhcp or from slaac 03:51 < Harlock> one for your tunnel and one to use 03:51 < Harlock> is all the LL working fine? 03:52 < h0dgep0dge1> LL, link local? i'm not sure what you're asking 03:52 < h0dgep0dge1> eth0 on my vm isn't even getting a link local address 03:54 < Harlock> start from LL and work up 03:54 < Harlock> if you have no ll on the intertface do you even have ipv6 running 03:55 < h0dgep0dge1> afaik it should be, it was getting ipv6 addresses a few minutes ago 03:55 < h0dgep0dge1> i've just been resetting it to purge ipv6 settings and reconfigure 03:55 < Harlock> it shoudl always have an ll 03:56 < h0dgep0dge1> okay, it has one now, i don't know what changed. I swear it didn't have an fe80:: address a moment ago 03:56 < Harlock> and can you ping the router's LL 03:57 < h0dgep0dge1> i don't think so 03:57 < h0dgep0dge1> i'm trascribing it by hand, but i'm not getting an echo back 03:57 < h0dgep0dge1> i'm pretty sure there's no typo 03:58 < Harlock> what is you vm networking? bridge? 03:58 < h0dgep0dge1> but i'm also not getting a v4 address from dhcp, which I haven't been messing with 03:58 < h0dgep0dge1> bridge to the wifi card on my laptop 03:59 < scientes> you can only bridge to wifi if you set promiscuous mode IIRC 03:59 < h0dgep0dge1> okay, i've just switched to another vm, and now i'm getting a v4 address from dhcp 03:59 < h0dgep0dge1> don't know what the issue was, but it's better now >_> 04:00 < h0dgep0dge1> yeah, ipv6 is working on the vm now 04:00 < scientes> my VPS provider is so stupid they only provide one ipv6 address 04:00 < scientes> so i'm using hurricane electric (its scaleway) 04:01 < h0dgep0dge1> god I love hurricane electric, free ipv6 tunnels, good, free dns hosting, what did we do to deserve them? 04:02 < android> can trycorder work on captive portal? 04:05 < android> banc yeah 04:05 < android> the games 04:05 < android> thinking of looking at a game list 04:06 < dogbert_2> will need to get 2x4GB of ram for this HP 6000 (DDR3 10600U) 04:07 < android> looking for edo ram 04:07 < android> more secure 04:07 < android> you can run all of thefastclock things you want 04:07 < android> think the entire bank can use an old 386 04:08 < android> edo ram 04:08 < Harlock> h0dgep0dge1 did you do the he.net ipv6 cert 04:08 < android> but they no make shipments to I 04:09 < android> use of dloppy at the right moment can impacy earths future so much as a fleet of SR-71 04:09 < android> floppy disk 04:10 < Harlock> it's is very east to imacpt the earth with a floppy disk 04:10 < Harlock> i've don eit before 04:11 < Harlock> both accidentally and on purpose 04:11 < h0dgep0dge1> Harlock: Haven't, I'll have to look into that. For now I want to make sure my precarious configuration will survive a reboot 04:11 < dogbert_2> this is a older hunk of hardware :)...$100 linux box :P 04:16 < android> yeah ahbot that tricorder 04:16 < android> can it work on a captive portal? 04:18 < android> what os that movie wherebhe has abremote control to rewind or paise life 04:18 < android> somehing lile the rytjms 04:19 < android> there is freedom within 04:19 < android> there is freedom wihout 04:19 < android> counting my steps tonthe door of your heart 04:19 < android> hey now hey now 04:20 < android> if we can just donate some cash I can possible build the remote control by frequency counting 04:20 < android> hey now , hey now, don't dream it's over 04:21 < android> set the lies aside and you see some are ill ill light 04:21 < android> we can have looked at a "mere" mortal and thought of a non mortal 04:23 < android> counting my steps to the beat of a drum to the doorbof your heart 04:23 < android> accepting donations for the finished remote control 04:24 < android> there is freedom within, there is freedom without 04:24 < h0dgep0dge1> function: try struct next 04:25 < android> chief of music 04:25 < android> hey now hey now 04:25 < android> dont dream its over 04:26 < android> hey now , hey now 04:27 < android> don't dream it's over 04:27 < android> why you do this to skynet? 04:28 < android> whispers in the dark 04:28 < android> how you make illuminati well 04:31 < android> at the same time beware of Joy Robertson 04:31 < android> this is where the CIA comes into play 04:32 < android> the CIA has a duty to keep Joy Robertson away from tjose willingbto be well. 04:33 < android> The CIA is guardian of much knowledge. 04:34 < MikeDebian> Hello all. I'm in the process of getting a 10G (SFP+) switch and adapters for some servers. The switch I'm looking for is the TPLINK1700G-28TQ which has 4 10G (SFP+) ports. The server side adapters are Intel X520 SR1. I know I have to get 10G SR transceivers but I'm kind of stuff on deciding which ones I should get because I can't determine their compatibility with both the switch and adapter. Any help? 04:34 < MikeDebian> stuck* 04:35 < android> MikeDebian how do you find the red pill? 04:35 < android> Can you find a frequency counter for me? 04:36 < android> looks like the pocket science lab mentions a frequency counter but what device has it if it is a usb adson mayswell be a standalone device 04:36 < android> EveryOne must stand alone. 04:37 < android> Like a little prayer. 04:37 < Jonno_FTW> hello 04:37 < android> ADW standalone 04:37 < Jonno_FTW> anyone familiar with cisco products? 04:38 < h0dgep0dge1> what's a cisco? 04:38 < h0dgep0dge1> they make phones right? 04:38 < android> Jonno_FTW hey now hey now don't dream its over 04:38 < android> deep space 9 04:38 < android> the gamma quadrant space station 04:40 < android> MikeDebian can you find a frequency counter for skynet channels? 04:40 < Jonno_FTW> nvm 04:40 < android> The akashi legend. 04:40 < Jonno_FTW> the default password is cisco cisco 04:55 < android> hey now, hey now 04:56 < Capprentice> How do I use ospf to give less priority to Wireless Interface and higher priority to Wired Interface. I dont want to use ECMP. I want the failover where, when the Wired Interface goes down all traffic should moved to Wireless Interface and when the Wired Interface restores the traffic should be switched over the Wired Interface 04:57 < Capprentice> How do I achieve that^? 05:00 < android> Capprentice what device? 05:18 < Capprentice> Ubiquity and VyOS. 05:18 < Capprentice> android, ^ 05:18 < android> yeah? 05:19 < E1ephant> can you just set higher ospf cost? https://help.ubnt.com/hc/en-us/articles/205204050-EdgeRouter-Configure-OSPF-network 05:19 < android> yeah capprentice? 05:19 < android> what was the question? 05:20 < android> on his face is a map of the world 05:20 < android> it is not my doing but to have all has all 05:21 < android> the burdon of sin 05:22 < E1ephant> https://www.youtube.com/watch?v=TgmA48fILq8 05:22 < android> all of yesterdays sin 05:25 < android> and the first shall be last and the last shall be first 05:28 < android> Barones hi do you work there? 05:28 < android> looking at the db tjinking is any of it left? 05:29 < android> it is as if I entered warp witjout a fibre optic loopback 05:29 < android> and pulled out of warp and nobody knows 05:33 < android> do you have a good home, but youd be better off camping nutron? 05:51 < Goop> How many different fiber signals do most companies put on lines when they invest in long-distance fiber? 05:52 < E1ephant> Goop: as many as econimically feasible 05:52 < E1ephant> Goop: so in the case of highly sought after router, probably insane dwdm gear with proprietary and small grid structure 05:52 < E1ephant> in most place, ITU grid dwdm or cwdm 05:53 < E1ephant> then on less sought after routes, just grey of whatever transmission you want to do 05:53 < E1ephant> s/router/routes/ 05:54 < Goop> I'm seeing a lot of "1,000ft Bulk 6 Fiber Singlemode Fiber Optic Cable" when I look at Google for fiber optic cables, does that mean I can fit 6 different light signals through this cable? 05:55 < E1ephant> sounds like either 6 single fibers, or more likely 6 pairs, of single-mode fiber 05:55 < E1ephant> you can fit many different signals down a single fiber of light' 05:56 < E1ephant> this is an example of one standard grid of channels you can find lots of equipment using: http://www.fiberdyne.com/products/itu-grid.html 05:57 < Goop> How expensive is it to get a device to send/receive signals on a single mode fiber optic cable for speeds of like 20gbps? 05:58 < E1ephant> so depends on how you want to shave that cat 05:58 < E1ephant> you could get a single 40G or more popular 100G link 05:58 < Goop> How much is a 100G link fiber device? 05:59 < E1ephant> for just 20G, and home or smb use though (read: cheap) some fs.com mux gear could deliver 10G channels 05:59 < E1ephant> and a "pay as you go" model 06:01 < E1ephant> probably $50k+ for 100G with switching on each end 06:01 < Goop> So I see the SFP+ module, what's the cheapest way to get a fiber optic signal from 20/40/100G speeds down to 1gbps Ethernet? 06:01 < E1ephant> idk maybe cheaper? 06:02 < E1ephant> a switch or router is generally how you change speeds 06:02 < E1ephant> unless you're really gonna aggregate (read: sell) a lot of L1 access 06:05 < Goop> I header there are some protocols that split network traffic into multiple devices. Are there cheap devices specifically made to take a 40Gbit connection and split it between 2 20Gbit connections? 06:07 < Goop> That would greatly reduce the cost, because if it exists, I could hook up a fiber cable to a splitting device, then attach it to the SFP+ ports of some cheap switches I saw and get them down to 1Gbit ethernet. 06:08 < E1ephant> that would be cool 06:08 < E1ephant> some 40G ports break out to 10G, and some 10G ports can operate at 1G, but there is no breakout from 10G to 1G or 40G to 1G 06:09 < Harlock> it's just called a switch 06:09 < E1ephant> ^ 06:11 < Harlock> you could go 40 to 10 to 1 06:11 < Goop> Well, I was thinking (maybe I'm not the first to think of this), taking (for example) 40G to 10G a physical circuit would relay every 4th bit to each connection. 06:12 < Goop> Only downside would be that the switches would have to forge together all the data again, or you would be limited to a 10G connection at a time. 06:12 < Harlock> or you could just use existing switches with qos 06:14 < Harlock> well you wouldn;t even need to use qos probably to hook 4 10g switch to 1 40g switch 06:22 < Goop> How is Google able to provide all those customers with gigabit connections? 1gbit per customer, 100 customers, you're at like 100gbits already. How do they get networking devices that can handle all of that? 06:24 < E1ephant> Goop: by going out of business and stopping all expansion 06:33 <+pppingme> Goop the customers don't all run their lines at max speed constantly.. even when they do, its typically only momentary 06:34 <+pppingme> so depending on customers, you can easlily feed 100 of 1gig customers with only 10gig of uplink 06:34 < skyroveRR> We're still stuck at max 100Mbps here in India. 06:34 <+pppingme> and rarely, if ever, max out the uplink 06:39 < scientes> sweet with networking namespaces I can have a single process on a VPN 07:01 < cmj> skyroveRR: sounds horrible ;p 07:01 < cmj> i'm still on dsl, nevermind me 07:02 < cmj> 1.5Mbps 07:02 < skyroveRR> You live in a remote area? 07:03 < skyroveRR> Where you at anyways? 07:03 < cmj> washington state. old lines. 07:05 < cmj> (it sucks) 07:05 < skyroveRR> I'm sure. 07:08 < h0dgep0dge> hey guys, real quick, out of curiousity, how are the per-interface forwarding settings interpretted in linux? 07:09 < h0dgep0dge> that is, when a packet comes into a router, which settings are examined to determine if it should be forwarded? is it the setting for the outbound interface, the inbound interface, or both? 07:09 < grawity> for ipv4, I believe it's both 07:09 < grawity> for ipv6, neither – there's only a global setting 07:10 < Wulf> forwarding - BOOLEAN 07:10 < Wulf> Enable IP forwarding on this interface. This controls whether packets 07:10 < Wulf> received _on_ this interface can be forwarded. 07:10 < grawity> for consistency I usually enable it for all interfaces and do filtering via iptables/nft instead 07:11 < h0dgep0dge> wulf: uhuh, i ask because i had enabled forwarding on my lan interface, but found i also needed to enable it on my ppp0 interface, which doesn't seem consistent with that 07:12 < Goop> So hubs are dumb devices that take a signal and repeat it on all its ports; are there any hubs for 10Gbit SFP+? 07:12 < grawity> h0dgep0dge: well, one interface needs to forward requests, the other needs to forward replies 07:12 < Wulf> h0dgep0dge: O 07:12 < grawity> Goop: I think that's by definition somehow impossible with SFP? 07:12 < Wulf> h0dgep0dge: I'm just quoting the docs. I never bothered activating forwarding only for specific interfaces. 07:13 < h0dgep0dge> grawity: which makes total sense to me, but doesn't seem compatable with the docs 07:13 < grawity> h0dgep0dge: how so? 07:13 < Goop> How is it impossible with SFP? 07:13 < grawity> because I don't think it has a concept of half-duplex and collision detection... 07:14 < grawity> hubs were forbidden even starting with ordinary copper 1GBASE-T 07:14 < h0dgep0dge> grawity: because the docs quoted by Wulf seemed to imply that the forwarding setting is only looked at on the interface through which the packet comes /in/ to the router 07:14 < grawity> h0dgep0dge: but packets come in from both directions! 07:14 < Goop> forbidden? How do you forbade something like that? 07:14 < grawity> Goop: e.g. by outright removing collision detection from the standard 07:15 < grawity> Goop: if all you want is something that duplicates all *ethernet frames* to all ports, that's a completely different matter 07:15 < grawity> Goop: whereas hubs duplicate the physical *electric signals* to all ports 07:15 < grawity> h0dgep0dge: e.g. you send a ping and it goes in eth0, out ppp0, forwarding check is done on net.ipv4.conf.eth0.forwarding 07:16 < Goop> Well I was thinking it would be an interesting thought to entertain if fiber optic cables were repeated by SFP hubs, which have SFP modules for fiber. 07:16 < grawity> h0dgep0dge: then you get a ping reply and it goes in ppp0, out eth0, so naturally forwarding check is done on net.ipv4.conf.ppp0.forwarding 07:16 < grawity> h0dgep0dge: that said, I'm currently trying to figure out where in the kernel source those checks are done 07:16 < h0dgep0dge> grawity: yeah, i just completely didn't even consider that it may be the echo itself being blocked from coming back, not the echo request being blocked on the way out 07:16 < grawity> h0dgep0dge: because it *does* seem that they're done on both interfaces in reality 07:16 < grawity> h0dgep0dge: wat 07:16 < grawity> oh, as in echo reply 07:17 < h0dgep0dge> grawity: yeah, i had assumed the echo request was being blocked on the way out, but as you just pointed out it could just as easily been the echo reply on the way in 07:17 < h0dgep0dge> whch would be consistent with the docs 07:18 < h0dgep0dge> and trust me, i'm plenty embarrassed that i totally forgot packets go in both directions 07:18 < h0dgep0dge> i swear one day i'll learn to stop asking stupid questions 07:20 < grawity> Goop: I'm not sure what possible use that would have 07:21 < grawity> assuming you want more than 2 ports per device, because 2-port repeaters probably *already* exist... 07:23 < Goop> How do ISP's with long-distance fiber add a point along an existing fiber line? Do they disconnect the fiber line, add a network device, then reconnect it? 07:25 < h0dgep0dge> can't imagine how else they would do it, if you're cutting the line then the line itself is going to have some down time 07:25 < lordvadr> Goop: There are what are called "splice boxes" where they can hook into unused strands. 07:25 * h0dgep0dge burys head in the sand 07:26 < Goop> lordvadr, what if all strands are being used? Do they disconnect one, and the data falls back on another strand until it goes back online? 07:30 < Goop_> Well, this is annoying. 07:31 < Goop_> Goop is being used, only because the connection didn't drop correctly. :\ 07:31 < lordvadr> Goop_: It depends on a lot of factors, who the ISP is, what kind of run it is, where it is... 07:32 < lordvadr> Goop_: "Drop" is not a word used a lot in professional networking, mostly because nobody can agree on what it means and it gets over used as explanations for phenomena not well understood by the speaker. 07:33 < lordvadr> Nowhere in any meaningful literature does the term "drop" and "connection" occur in any meaningful proximity. 07:34 < h0dgep0dge> lordvadr: nowhere in any meaningful literature does the term "my dick" and "your mother" occur in any meaningful proximity 07:34 < h0dgep0dge> but that doesn't mean i didn't fuck her last night 07:34 < Goop_> Ah, yes. If you send a packet to a place over a network and don't get a reply it either means there's high latency or something is broke. You can only define what a "drop" is in software. 07:35 < lordvadr> h0dgep0dge: Wow. That was uncalled for. 07:35 < h0dgep0dge> ehh, i thought it was funny, and i don't think your level of pedantry was called for either 07:35 < Goop_> Oh shit. Is h0dgep0dge going to get away with that language here, or do the OPs not care? 07:35 < lordvadr> Goop_: Packets go missing, and are often called droped packets, but connections don't "drop". 07:36 < h0dgep0dge> plus it actually served a point, just because words don't appear together in literature doesn't mean they can't be interpretted according to context 07:36 < currybullen> how does a firewall block traffic for a certain application, say for example SSH? i get that you can block traffic on port 22, but ports can always be changed around. does it work by packet inspection? 07:38 < grawity> currybullen: assuming you're behind one such firewall? 07:38 < grawity> yeah, some are capable of deeper packet inspection 07:38 < Goop_> currybullen, I'm no network dude, but I'm pretty sure many operating systems register ports opened (whether client or server) with the application opening them. 07:38 < grawity> most don't care though, they either block specific ports, or just whitelist the "good" ports 07:38 < lordvadr> h0dgep0dge: I didn't think it was funny, and I was taking a moment to educate. Perhaps I was a bit abrasive, like the sheets onto which your siblings dribbled out of the ass crack of a vietnamese hooker, but "connection drops" or "wifi drops" doesnt' mean anything useful. 07:38 < grawity> oh, you mean a firewal on the host itself? 07:39 * lordvadr mumbles "he started it." 07:39 < grawity> host firewalls can just ask the OS about what app owns a given socket 07:40 * Goop_ mumbles "you participated." 07:40 < lordvadr> LOL, I did. Can we cut the crap a little and get along now? 07:41 < Goop_> grawity, was I right on what I said? :D 07:41 < Goop_> --does an OS register ports with applications when applications open them? 07:42 < h0dgep0dge> lordvadr: LOL sick burn, my father and mother never even dated, so it's not at all a stretch to imagine him fucking a vietnamese hooker, but after that first accidental pregnancy (yeah, that's me) I would think he would be smart enough to use a condom. 07:42 < h0dgep0dge> So I guess that makes us even? I forgive you, even if you did describe my father's semen in graphic detail 07:43 < lordvadr> I'm laughing so hard I can't type. 07:43 < h0dgep0dge> that abrasive bedsheets shit was a real stretch though, 7/10 07:43 < lordvadr> I was like, wow, way to escalate. Sometimes these noobs need a little talkin' to. But...really? Really?!? 07:44 < lordvadr> Would "Days Inn's Sheets" been more believable as "abrasive?" 07:46 < h0dgep0dge> I don't know what "Days Inn" is, but I meant drawing the connection from your original message to a vietnamese prostitute using the adjective "abrasive" is a stretch 07:46 < lordvadr> I was implying really cheap bed sheets. 07:47 < lordvadr> Day's Inn is a chain of motels in the US and probably a number of other countries, not exactly known for 5-star accommodations. 07:47 < lordvadr> They are a good value, and usually clean and such, but 1000 thread-count sheets they do not have. 07:47 < h0dgep0dge> yeah, I understand what you're implying, i'm saying it's a tortuous and strained connection 07:48 < lordvadr> That's interesting. Have you never slept on bad or cheap sheets? 07:49 < h0dgep0dge> incuring the name of a cheap brand rather than the shared adjective would have been better, because at least then you weren't trying to draw a direct connection from something you said earlier "maybe i was a bid abrasive" to your sick burn "just like these sheets" 07:50 < h0dgep0dge> it's that connection that is tortuous and strained, not the internal logic bedsheet/semen scene 07:50 < lordvadr> It was a reach, but i had to come up with something. Cheap sheet that have been washed way too many times are awful. 07:50 < lordvadr> Ok, but where do I work the hooker into it? 07:50 < h0dgep0dge> i don't understand the question 07:51 < h0dgep0dge> yeah, it was a reach, that's all i was trying to say 07:51 < lordvadr> "Maybe a bit abrasive, like the Kmart sheets onto which"? 07:51 < h0dgep0dge> still don't understand the question 07:52 < lordvadr> I'm not sure I understand the critique. 07:53 < lordvadr> I implied that a 3rd-world hooker would have sheets so cheap and overused that they would be considered "abrasive." 07:53 < h0dgep0dge> the critique is that the connection from your original statement to the insult, that connection being "abrasiveness", was a stretch 07:53 < sandman13> what should be the MAC address of dummy interface? 07:53 < lordvadr> Oh, the one where I sort of laid into...Goop? 07:54 < h0dgep0dge> 00:61:6b:00:b1:35 07:54 < h0dgep0dge> wait shit now, it's 00:b1:6b:00:b1:35 07:54 < lordvadr> Yeah, the connection was supposed to be to your response. 07:55 < lordvadr> sandman13: Please go read http://xyproblem.info and come back and ask your actual question. 07:55 < h0dgep0dge> how was the connection supposed to be to my response? you said "I may have been a bit abrasive", that's explicitly connecting it to what you said 07:56 < lordvadr> And then I began to describe abrasive sheets and non-PG-related activities 07:56 < h0dgep0dge> also, am I going to get no credit for the bigboobies gag? i've been sitting on that for years 07:56 < sandman13> lordvadr: Okay. I am debugging an issue with arping with keepalived. There's a dummy interface which has it's own MAC address, and IP is assigned to it 07:56 < h0dgep0dge> what's the issue? why is there a dummy interface? 07:56 < sandman13> but when I arping for the said IP address, I see MAC address of the main interface. I am quite puzzled how this happened and what is the default behavior 07:57 < h0dgep0dge> that's correct behaviour when the system uses the weak ip model 07:57 < lordvadr> sandman13: You're still asking about a proposed diagnosis, and not your actual problem. 07:58 < h0dgep0dge> why would the machine send the dummy mac in response to an arp request, the dummy interface isn't attached to that network 07:58 < h0dgep0dge> so the computer is sending the mac address for the appropriate network, which is the mac address of the main interface 07:58 < sandman13> okay 07:58 < h0dgep0dge> is that the problem you're having with arp? because that's the correct behaviour 07:59 < sandman13> wait let me describe the actual setting and problem. I am definitely lost here as it seems :) 07:59 < h0dgep0dge> :thumbs: 07:59 < lordvadr> It's ok, and we know. :-) 08:00 < lordvadr> :isthisaniphone:? 08:00 < h0dgep0dge> also i said before weak ip model, i meant weak host model, I haven't thought about host models for like 5 years 08:00 < h0dgep0dge> I don't think :thumbs: comes from iphone? i only know it as a bbs thing 08:01 < h0dgep0dge> i wouldn't know, i don't own an iphone 08:01 < lordvadr> I just know everytime I paste a posix regex into slack it turns [[:space:]] into some wooshy shit 08:01 < h0dgep0dge> at a guess I would say it's just a generic notation of emoticons, unrelated to iphone 08:02 < lordvadr> I know, but it's expecting a character class naively assumed of the target audience...somethig iPhone users are often guilty of. 08:03 < h0dgep0dge> yeah, I naively assume a bunch of nerd hanging out on irc might be familiar with bbs speak 08:04 < lordvadr> I spent a lot of time on bbs and usenet. Never saw, ":thumbs:" or ":hundo-bills-yo:" or whatever the kids are doing these days. 08:06 < h0dgep0dge> i don't even know if ":thumbs:" is used per se, but presumably you've seen the double colon notation before? 08:07 < h0dgep0dge> and also presumably despite never having seen ":thumbs:" you were able to understand that it referred to thumbs up? 08:07 < lordvadr> Yeah, but it wasn't until mobile platforms started dicking things up. 08:08 < lordvadr> Yeah, I suppose, but I had to wonder, is he being genuine, or facetious about the thumbs, and do we really know they're "up"? I do see it a lot on slac. 08:09 < lordvadr> Hey folks, it was good to get back for a bit. It's 1AM here and this booze isn't goign to drink itself. h0dgep0dge, stay on sandman13 and make him ask a question that doesn't presuppose his assumptions. 08:10 < lordvadr> That's the fastest way to get him an answer to his question. 08:10 < h0dgep0dge> sure 08:10 < lordvadr> if he ever comes back. 08:13 < wyseguy> anyone to help with a verizon jetpack external antenna? not sure which one to get and if 2 is better than 1 08:14 < sandman13> here: https://bpaste.net/show/ff723f9c035c 08:14 < h0dgep0dge> wyseguy: I can't imagine many people in here would endorse buying consumer networking devices, much less something sold by verizon 08:15 < wyseguy> h0dgep0dge have another device that would work on verizon as a hotspot? 08:15 < sandman13> hope I am clear 08:16 < h0dgep0dge> sandman13: none of that makes any sense to me, but that doesn't say much, maybe someone else will understand what you're trying to do 08:16 < h0dgep0dge> wyseguy: I can recommend the unifi access points, they've worked great for me 08:17 < h0dgep0dge> unless that's not what you mean by hotspot, what are you trying to do? 08:17 < wyseguy> h0dgep0dge I install unifi and edgemax stuff weekly, not sure how that has to do with a hotspot 08:17 < wyseguy> ah sorry, thought you were here earlier with my issue 08:18 < sandman13> oh to add to it h0dgep0dge 08:18 < wyseguy> im trying to live stream youtube through a gopro while mobile 08:18 < h0dgep0dge> gotcha, you're just after a mobile internet connection 08:18 < sandman13> when I run arping on the VIP (when dummy interface is active) I see three MACs on each request 08:18 < sandman13> but only one MAC when dummy interface is inactive 08:18 < wyseguy> cellular signal becomes low when in the mountains and a hotspot with an antenna would do much better 08:18 < h0dgep0dge> dude I don't even know what you mean by VIP 08:19 < sandman13> Virtual IP 08:19 < sandman13> floating IP 08:19 < h0dgep0dge> sandman13: still not following, and i don't know what keepalived and syslog collector do, you're talking to the wrong guy 08:19 < sandman13> oh 08:20 < sandman13> sorry for that. Thanks for that pointer though h0dgep0dge :) 08:20 < h0dgep0dge> wyseguy: don't cellphones and wifi hotspots use the same technology? is the antenna you're talking about the antenna for the mobile network? 08:21 < wyseguy> h0dgep0dge external antenna for the hotspot 08:21 < wyseguy> hotspot on its own gets better signal then the phone and better throughput. I have tested it 08:22 < h0dgep0dge> okay, so what are you here for? 08:22 < wyseguy> h0dgep0dge something like this https://www.amazon.com/Electronics-311125-Dual-Band-Cellular-Antenna/dp/B00KY4Q7DG/ref=sr_1_2?ie=UTF8&qid=1530597816&sr=8-2&keywords=jetpack+antenna 08:22 < wyseguy> h0dgep0dge what am i here for? 08:22 < h0dgep0dge> that's what i just asked you 08:22 < wyseguy> [23:13:41] anyone to help with a verizon jetpack external antenna? not sure which one to get and if 2 is better than 1 08:23 < h0dgep0dge> i wouldn't think they'd support 2 if 2 wasn't better than 1, though you should expect to use more power 08:24 < h0dgep0dge> and I expect these kinds of antennas are basically interchangable, but i don't know enough about radio to give a definitive answer 08:24 < wyseguy> h0dgep0dge power is not an issue, have an anchor power bank, plus it has 2 antenna connectors on top of it 08:24 < h0dgep0dge> i imagine verizon sells antennas, go talk to them 08:24 < drathir> mornin/evenin... 08:24 < wyseguy> h0dgep0dge i did, antennas are 3rd party 08:25 < wyseguy> if you don't know, its cool, was just asking in here to see if someone knew 08:26 < h0dgep0dge> _I_ don't know, if anyone else does I encourage them to jump in 08:26 < drathir> antennas vs wire in plastic ? ;p ^^ 08:28 < currybullen> grawity: yes, host firewall 09:17 < sambal> ™ 09:17 < sambal> ∞ 09:17 < sambal> § 09:17 < sambal> ¶• 09:17 < sambal> 30º 09:17 < sambal> wkwkwk 09:17 < sambal> who 09:17 < sambal> wkwkwk 09:22 < skyroveRR> o.o 09:37 < drathir> skyroveRR: `utf8 09:37 < skyroveRR> ? 09:38 < drathir> skyroveRR: sambal prbably testing... but still strange place and definitelly way to do that... 09:40 < drathir> from strange questions does vlans are isolated per port ? eg. vlan10 on eth1 will not leak to vlan10 on eth2 ? 09:46 < Phil-Work> drathir, it won't leak unless they're bridged 09:47 < h0dgep0dge> so i'm having some difficulty setting up ipv6 on my network. I have radvd sending RAs, but the ethernet interface they're being sent on keeps setting up a slaac address. I want it to ignore the router advertisements, and i've set both net.ipv6.conf.all.accept_ra and net.ipv6.conf.all.autoconf set to 0, and net.ipv6.conf.all.forwarding set to 1. anyone got a tip? 09:47 < drathir> Phil-Work: thanks... 09:48 < DXH30> Hello, is there anyone could help me with some stuff, I need some help for creating openssl custom encryption methods, where can I find all of the encryption code file, and should I recomile it somehow, anyone ? 09:50 < drathir> DXH30: ##crypto maybe will more helpful ? 09:50 < light> step 1 of creating your own custom encryption method: don't 09:50 < Phil-Work> rolling your own crypto? What could possibly go wrong 09:51 < h0dgep0dge> you know who knows more about encryption than the people who wrote openssl? me. 09:51 < drathir> light: personally too not get idea reinventing whell but who like... 09:52 < light> wat 09:53 < _90> Can someone help me to understand this ->Once the swarm is running, you specify services using Docker Compose. When you bring those services up they are deployed across the hosts of the swarm rather on a single host. I didn't understand what does it mean by deployed across the hosts? 09:53 < DXH30> light: I just want to know where I can edit or add new methods just for my research only, for educational purpose only 09:54 < h0dgep0dge> DXH30: If you want to experiment with modifying openssl, but need to ask us where you can find the source or if you need to compile it, you're probably in over your head 09:54 < drathir> light: nvm, i mean that try to make better things which works never ends good... 10:00 < DXH30> I don't want to modify openssl, just to test another encryption method I develop, I just wandering if there's anyway I could do this without try to recompile openssl source 10:05 < h0dgep0dge> for real, anyone with any insights on ipv6? 10:10 < trae32566[w]> wait, so you're saying what you're wanting is for a specific client to ignore RAs? 10:11 < h0dgep0dge> this machine is the router, it's statically configured with an ipv6 address 10:12 < h0dgep0dge> but when i start radvd it also gets a slaac address 10:12 < h0dgep0dge> hold on, i'll make a pastebin to show what i'm talking about 10:12 < trae32566[w]> is it the privacy address? 10:14 < h0dgep0dge> https://pastebin.com/zF9GbwFG 10:14 < h0dgep0dge> not completely sure what that is 10:20 < h0dgep0dge> after a spot of research I think yes, that's exactly what it is, and a search for disabling the privacy address gives the same answer as when I researched ignoring RAs, setting autoconf and accept_ra to 0 10:21 < h0dgep0dge> which i've done 10:23 < tropicat> If a user sent a message through an intermediate proxy, whether that was a VPN server or some application's server, theoretically, is there any way that that user's IP address can be exposed? 10:24 < tropicat> I am asking to secure myself against whatever techniques or tools as I can find. 10:25 < h0dgep0dge> the short answer is yeah, tons of theoretical ways 10:25 < tropicat> h0dgep0dge: could you give me a longer answer haha. I would like examples of such ways so I can look into them and hopefully protect against them. 10:26 < h0dgep0dge> i mean, it's kinda difficult because the question is so abstract 10:27 < h0dgep0dge> like, the proxy could be logging ip addresses, is one example 10:28 < tropicat> h0dgep0dge: sure sure. but any way for an outside attacker 10:29 < h0dgep0dge> exploit a vulnerability in the server to access the logs where the ip addresses are saved 10:29 < h0dgep0dge> ask a broad abstract question get a broad abstract answer i'm afraid 10:34 < h0dgep0dge> for anyone who cares, I fixed my ipv6 issue, turns out centos uses an obscure parameter in the interface configuration file instead of paying attention to the kernal parameters like goddamn normal person 10:35 < linux_probe> so, just like most linsux distros 10:35 < linux_probe> >_> 10:36 < h0dgep0dge> if you say so guy 10:37 < linux_probe> let me guess, you had to add IPV6_AUTOCONF=no 10:39 < h0dgep0dge> the very same 10:42 < h0dgep0dge> Let me put it this way, even if every single linux distro uses that parameter, it's still obscure because most of the people writing the answers I was finding for "linux ignore router advertisement" recommended setting net.ipv6.conf..accept_ra to 0, no mention of IPV6_AUTOCONF, so i'm not the only one who wasn't aware of it 10:43 < h0dgep0dge> (repeating for linux_probe) Let me put it this way, even if every single linux distro uses that parameter, it's still obscure because most of the people writing the answers I was finding for "linux ignore router advertisement" recommended setting net.ipv6.conf..accept_ra to 0, no mention of IPV6_AUTOCONF, so i'm not the only one who wasn't aware of it 10:45 < linux_probe> many distros do it differently and ignore the global value/alter it when networking starts 10:46 < h0dgep0dge> learn something new every day i guess. glad to have it sorted at any rate 10:46 < tds> it seems increasingly common to handle RAs with something like network-manager or whatever, and disable the kernel's implementation 10:46 < linux_probe> and I hate networkmangler 10:47 < tds> my desktop uses network mangler, under some cases which I can't quite work out it decides to add an ecmp default route when receiving two RAs, which is fun 10:48 < linux_probe> I can tell you how to fix that :)) 10:54 < tds> I mean it's sorta neat if it balances traffic between the routers in theory 10:54 < tds> the more major issue is that when one router stops sending RAs, even with a 10s lifetime, it doesn't seem to remove that route 11:02 < linux_probe> well, looks like the edgerouter is stable lol. 05:02:17 up 90 days, 5:18, 1 user, load average: 0.09, 0.06, 0.05 11:08 < linux_probe> it's stable so it must need upgraded to break it lol 11:14 < atralheaven> Hi, I need to chose a protocol/tool to connect windows, linux, and android devices together through a linux server (local and online server), to send short one-way text messages, notifications, and transferring files with a good speed, with encryption for everything, I don't know much about networking, what are my choices? what do you recommend? thanks 11:19 * linux_probe corsses fingers after updating edgerouter, which is clear across town and the place opens in 3 hours 11:21 < linux_probe> amazing, it came back after reboot, vpn tunnel came up 12:05 < XATRIX> Hi, can you advice. I have troubles with my pings. I have wireless connection (~10-15 hosts) to my Cisco AP1242 access point. And pings inside the LAN is over ~40-2000ms. The signal level is in a good state 12:06 < XATRIX> My access point connected to HP-E2620-48# 12:12 < linux_probe> lol 12:16 < Queenslayer> Hi guys 12:18 < Queenslayer> I've got two windows 7 machines and would like to run Windows server on each so the local network can access these servers simultaneously for file access and connect to a networed printer 12:18 < Queenslayer> *networked. 12:18 < Queenslayer> Does it make sense to do this rather than buying a new server 12:51 < shtrb> depends on the hardware and the workload you are going to have 13:07 < Apachez> https://twitter.com/cryptofun1/status/1013732556615901184 13:08 < shtrb> memory leak ? 13:08 < obcecado_> haha @ comment 13:09 < shtrb> Can't you salvage something from it ? 13:10 < shtrb> If nothing works, you could at least extract gold from it 13:14 < lupine> the world needs more of that 13:14 < shtrb> gold ? 13:15 < lupine> ruined cryptocurrency installs 14:25 < strive> Queenslayer, you don't need Windows Server to network resources on those machines. 14:36 < OlofL> Anyone using device42 here? can you setup it as a dns server? 14:49 < mloza> Anyone familiar with HP procurve switches? I know it's possible to have two ip address in a VLAN but I'm curious if I set those two IP address for RIP 14:55 < spaces> woei! 14:56 < Roq> I've used quite a lot of procurves but i've never used rip on them 14:56 < OlofL> mloza: all I can say is that it stopped answering my remote hp procurve when I enabled ip routing 14:58 < OlofL> stopped answering on ip. :S 15:01 < OlofL> oh only removed default gateway... 15:01 < OlofL> anyways, i put 2 ips on a vlan in different ranges, and it only says it has info about the first IP i configured 15:15 < ||cw> OlofL: I'm not sure about procurves but in most OS you need to create an alias or virtual interface to put a sencond IP on. just adding another vlan line will likely overwrite the first, or be ignored. 15:16 <+catphish> not even an alias or virtual interface in my experience, you just add IP clauses to the interfaces 15:16 <+catphish> but you definitely wouldn't want to redefine the whole interface 15:16 <+catphish> of course if you're unlucky the second IP definition replaces the first :( 15:17 < ||cw> so instead of vlan ip x.x.x.x \n vlan ip y.y.y.y you do vlan ip x.x.x.x ip y.y.y.y? 15:17 < TandyUK> i do know the multiple ips need to eb in different subnets 15:17 < TandyUK> it wont let you add eg 192.168.1.5/24 and 192.168.1.55/24 on the same vlan interface 15:24 < OlofL> https://www.sdxcentral.com/articles/news/att-buys-brocades-vyatta-assets-including-vrouter/2017/06/ anyone know what happene with the att vyatta purhcase? 16:14 < Apachez> probablt they just burried it to avoid completition, which kind of sucks 16:14 < Apachez> since vyatta/vyos was nice as a software based solution 16:17 < chris_99> Hi, i'm just wondering if anyone has managed to get WPA working with ad-hoc networking with the Pi 3 B+ per chance? i get 'iface validation failed: err=-16' . without WPA the ad-hoc networking works fine 16:51 < spaces> Apachez is the sexyness level of your networks OK ? 16:52 < bezaban> sexyness readings nominal 16:54 < spaces> bezaban they should be sky high! 16:55 < bezaban> yeah, but it's sdn 16:56 < Yourock17> In your area... how many isp’s have enabled ipv6? It seems like its never going to happen in my area 16:57 <+pppingme> Yourock17 where are you and who's your isp? 16:57 < Yourock17> AU. My isp is TPG 16:58 < Dagger> about 1 in 7 AU internet users have v6, so clearly somebody is doing it over there 16:58 < Yourock17> Internode is. But most of the big ones are still struggling it seems (Telstra, Optus...etc) 17:06 < Apachez> sexyness confirmed 17:36 < TandyUK> 20% of the UK now has native IPv6 17:36 < TandyUK> BT, Sky and Virgin are all rolling it out on DSL now 17:36 < Apachez> how rude 17:36 < Apachez> think of the children? 17:37 < Dagger> plus VM look like they're going to be doing it soon 17:37 < TandyUK> VM are well underway 17:37 < Phil-Work> 20%? 17:37 < Phil-Work> I'd think it was more 17:37 < Dagger> although that's going to be fun, with everybody discovering that CGNAT does in fact suck and then blaming it on v6 :/ 17:37 < TandyUK> SKY have deployed to most users at this point, except those with ancient hardware 17:37 < Dagger> you'd think, but no. 19.99% as of the last time I scraped Google's stats 17:38 < TandyUK> lol, guess where I got my 20% from :P 17:38 < TandyUK> For my own users, we've had 100% ipv6 deployment for about 5 years now 17:39 < Dagger> do you keep track of how much of your traffic is v6? 17:39 < TandyUK> not really, though i could probably pull some stats for today 17:39 < Phil-Work> I'd have thought BT and Virgin combined would have > 20% market share 17:39 < Phil-Work> guess not 17:39 < TandyUK> dont forget its hardware dependant though 17:39 < Dagger> Phil-Work: yeah, part of the problem is that VM aren't doing v6 to customers yet, so their market share doesn't count 17:40 < TandyUK> BT/VM users with older hardware, and/or their own routers may have never enabled v6 in their routers 17:40 <+xand> my mum's BT homehub mentions IPv6 on the settings but doesn't get a v6 address 17:40 * xand shrugs 17:40 < Dagger> TandyUK: could be interesting. I've seen stats from people that are >50%, but that was ~5 years ago 17:40 < Phil-Work> my parents in law have a homehub with native IPv6 - have done for a while 17:40 < TandyUK> it may also be due to realms, eg we offer "adsl.radiusrealm" "dual.radiusrealm" and "v6.radiusrealm" 17:41 < TandyUK> if people are logging onto adsl. they arent ever going to see a v6 address 17:41 <+pppingme> a big problem is everyone blames problems on ipv6 before any real troubleshooting, so everyone just starts disabling.. all the big carriers in the USA are doing ipv6, but still account for small overall % of traffic 17:41 < Phil-Work> that's a fair point 17:42 < Phil-Work> my ISP at home supports it but I had to configure the address statically 17:42 < Phil-Work> whereas the v4 is obtained through 17:42 <+xand> my home ISP has had IPv6 for ... 15 years or so 17:43 < TandyUK> no SLAAC :( 17:43 < Phil-Work> xand, who's that? 17:45 <+xand> AAISP 17:45 <+xand> you want dhcpv6-pd for autoconfig of ipv6 over *dsl 17:45 <+pppingme> slaac isn't something offered, if you have a router and you have a /64 assigned to the lan side of the router, slaac should jsut work... its zero-config 17:48 < Phil-Work> my setup at home has always baffled me a bit 17:48 < Phil-Work> I've got a v4 /27 and a v6 /48 17:48 < Phil-Work> the VDSL (WAN) interface has a v4 address outside of the /27 17:48 < Phil-Work> whereas the WAN interface doesn't have a v6 IP 17:48 <+xand> you don't strictly need one 17:48 < Phil-Work> just a default route to send it all out the interface 17:48 < TandyUK> Phil-Work: sounds quite normal.. v6 the wan just needs link local, v4 will be dhcp assigned 17:49 < Dagger> it has a link-local, presumably? you can route over fe80::/64 just fine 17:49 <+xand> mine is the same but I only have a /28 for ipv4 ;) 17:49 < TandyUK> then the /27 and /48 respectively are routed via the 2 ips on your WAN side 17:49 < Dagger> also if you're using PPP... point-to-point interfaces are weird 17:49 < Phil-Work> presumably you don't need an IP if it's PPP anyway, right? 17:49 <+xand> yeah unless you want to have packets originating from there 17:50 < Phil-Work> same as routed IPSec - any traffic you send ends up on the other side regardless 17:50 < TandyUK> the ipv4 WAN typicall has a public ip, because theres a likelihood (whether you have a routed subnet or not) that NAT is going to be in play 17:51 < Phil-Work> though presumably you'd just SNAT from one of the IPs in the subnet 17:51 < TandyUK> we have sucessfully given people a 172.x ip on their WAN, and routed a range to it, but it confuses the hell out of people looking at traces 17:51 <+xand> the poor dears :) 17:52 < npgm> can I use netplan with network namespaces? 17:52 < Phil-Work> we've got a 10.x address on an edge router that manages to preserve its source address in the response to a traceroute 17:53 < Phil-Work> I've been meaning to fix that for a while 18:11 < bluesmonk> Hi! I'm having a hard time understanding what is happening in my machine. Can you please check this SO question? https://stackoverflow.com/questions/51105875/internet-connection-not-working-networkmanager-not-working-after-installing-dock 18:12 < bluesmonk> or maybe this is not the place, lol. I've tried in #ubuntu and #docker already with no luck 19:01 < drathir> bluesmonk: probably best would be uninstall docker... use kvm... 19:23 < justsomeguy> Hello, ##networking. I'm considering pointing a domain name at my laptop with dynamic dns, so I can SSH to it from my other machines. Is that a bad idea? Will it even work from, say, a coffee shop with the usual captive portal/firewall/nat setup? 19:25 <+catphish> justsomeguy: no, it won't work, since you will not have a public routable IP at those places 19:26 <+catphish> as a workaround, when you control the network, you can port forward from a public IP to your private IP, but this won't help when you're on someone else's network 19:27 < chris_99> you could setup a tunnel from laptop ---> public vm, and forward the ports, so you could access the laptop even when it's behind a nat 19:28 < mloza> setup ssh reverse port tunneling or simply https://ngrok.com/ 19:28 < chris_99> i used autossh to do that 19:28 < chris_99> which helps persist the link 19:29 < justsomeguy> mloza: That sounds like a good solution. 19:29 < justsomeguy> I could write a simple scrip run with a cronjob/timer to establish the reverse port tunnel, I guess. 19:30 < chris_99> autossh does that kind of thing for you 19:30 < justsomeguy> I'll check it out! Thank you, chris_99 19:31 < chris_99> like if the link goes down it tries to connect again etc. 20:09 < kvoz> Hi, a bit of a noob question here. I have a home wifi setup with three different access points, and the setup is working just fine, until my in laws come to visit, when things just become horribly slow. Can someone please help me trouble shoot what could be the problem? My wife isnt buying the explanation that it's her parents fault 20:10 < kottt> lmao, my condolences 20:10 < kottt> things to check will be bandwidth and processor load on your main router 20:11 < kottt> as well as SNR and RSSI on wireless devices 20:12 < ||cw> kvoz: are the APs that cooperate like the unifi? are they on different channels? 20:12 < S_SubZero> do the in-laws bring phones or computers with them? (would be very weird if they did not) 20:13 < kottt> bandwidth and processor load will be obvious if there's something wrong. RSSI levels are measured in dBm, anything between 0 and -60 would generally be good enough. lower (-61 and on) is going to degrade rapidly 20:13 < jge> kvoz: if you have dual bands, put them on a separate frequency 2.4 in laws, all your stuff on 5Ghz, then rate limit their connections :) 20:13 < kvoz> ||cw, it's a bit of a mix. Two mikrotik devices, one ubiquity unify. They dont cooperate, but they are on different channels 20:13 < kvoz> S_SubZero, yes, they each have 3-4 devices each 20:14 < kvoz> kottt, cpu load on the router I am on is like 3% 20:14 < kottt> probably fine on the CPU then 20:14 < Poster> You can also try turning down the output power on your various access points, in some instances a client will "hold on" to a marginal access point when something stronger may be available. Additionally some more advanced APs will allow you to block the lower link rates forcing the client to find a new AP. 20:14 < S_SubZero> run a ping or something and then turn each of their devices on one by one and see if one of them causes the slowness 20:17 < kottt> it'd probably be good to quantify what specifically has changed. are more packets being dropped from devices to router? has ping time increased, or bandwidth tanked? 20:17 < Poster> I had an old building from the early 1900s that has a lot of metal in the walls, I ended up putting 5 access points on the first floor and lowered their output power significantly, bascially created a mini "cell" for a given room that wouldn't work in the next room over, which caused roaming clients to reassociate as they moved 20:19 < ||cw> kvoz: and all 3 have an ethernet uplink? power output is as probable a cause as I can come up with. 20:20 < Poster> It would also be a good test to turn off each device for a short period of time to see if one is causing trouble, it could be infected with malware or some other bandwidth consuming thing like Windows 10 updates, etc 20:20 < ||cw> when no one is connected the AP might go into low power mode, but when someone is, power level goes up and starts causing interference 20:20 < Poster> also make sure you're on channels 1 6 and 11 on 2.4 GHz, those are the only 3 that don't overlap 20:30 < goldstar> anyone else had a crap experience with zyxel ? 20:40 < Apachez> and 14 20:40 < Apachez> but that is only available if you select japan as country 20:47 < Aeso> it's worth noting that using channels not allowed by your country's RF agency is definitely not recommended 20:48 < Aeso> the fines (at least in North America) are pretty severe 20:49 <+catphish> Apachez: correction: that's only available if you're in japan 20:56 < spaces> since when do you like Japan, except of their food ? 21:03 < mgolisch> omg, this tplink thing drives me crazy 21:03 < mgolisch> :( 21:04 < mgolisch> anyone experienced with their switches? trying to configure a ip interface for management on another vlan than 1 21:04 < mgolisch> but it doesnt seem to work 21:05 < Capprentice> In a ethernet broadcast network is there any real benefits to set ospf network type to point-to-point? One benefit is possibly I cant remove the need for DR and BDR. Correct me if Im wrong. 21:06 < Capprentice> I CAN remove the DR/BDR 21:06 <+pppingme> Capprentice you're way wrong... it will quit working, point to point means there is *NOTHING ELSE* on the link 21:06 <+pppingme> why are you worried about DR? 21:07 < Capprentice> Its working Actually !! 21:07 <+pppingme> or are you trying to force it to a certain device or what?? 21:07 < Capprentice> I want to remove the DR, BDR election completely. 21:07 <+pppingme> why? they are there for a reason 21:07 < npgm> pretty dumb question: is there any difference between USB ethernet adapters and NICs? is this sufficient for adding another nic to my linux box? https://www.amazon.com/dp/B00PC0H9IE/ 21:08 < npgm> (for the purposes of routing) 21:08 <+pppingme> npgm another hardware layer, additional latency, etc.. 21:08 <+pppingme> npgm from a pure routing perspective, no, once an interface is there, its treated the same by the kernel 21:09 <+pppingme> Capprentice why do you want to remove the DR? 21:09 < npgm> any recommendations for more enterprisey USB NICs? something thats good build quality 21:09 < tds> just make sure you don't get a super cheap one that overheats and dies as soon as you put any traffic through it ;) 21:09 < Capprentice> pppingme, The DR is there to suppress the amount of direct communication between every router. 21:10 < E1ephant> Capprentice: pretty sure they know that 21:10 < Capprentice> Im confirming. 21:10 <+pppingme> it also ensures a consistent picture for that segment, if everyone is doing its own thing, you won't get that consistent picture 21:10 < Capprentice> Im unsure E11 21:10 < E1ephant> the question was why do YOU want to do that 21:10 < E1ephant> like what is your motivator 21:11 < npgm> tds: hey, you helped me with an issue addressing identical subnets last week. Anyway, I found a solution thats a little different: I'm using network namespaces to isolate the two physical interfaces with identical subnets/and ips. This lets me avoid having to touch any ip tables myself, which is a plus in my book. 21:12 < Capprentice> If for some reason somewhere Multicast is blocked p2p unicast will still function. 21:12 < tds> npgm: ah cool, I think I suggested namespaces somewhere in that mess, glad you got it up and running :) 21:13 < npgm> tds: my only issue with namespaces is at least on ubuntu18.04 the netplan config file doesn't have a way to "know" about the different namespaces. 21:15 < Capprentice> The thing is, I want a loop free topology where I can use multiple links for failover and load balancing. What is the best way to implement OSPF? 21:16 <+pppingme> Capprentice keep it simple, ospf will just work 21:17 < Capprentice> Please correct me if its wrong - With network type set to p2p, there is no recalculation for DR BDR once either goes down. and Another is if multicast filtering is enabled any of the switches I can still get the loop free scenerio intact. 21:18 < Aeso> Capprentice, sure, but with p2p network types, only one other OSPF router can participate on the segment 21:18 < Capprentice> Will it harm if I do devide the network in areas and create big ass Backbone 0.0.0.0/0 ? 21:19 < Capprentice> do not!! 21:19 < Capprentice> kybord isse. 21:19 < tds> npgm: hmm, I'm not sure if systemd-networkd (which I think netplan uses as the underlying manager) has native namespace support? 21:19 <+pppingme> Capprentice how complex is this network? a pic/map would probably help 21:19 < Capprentice> Rephrasing , Will it harm if I do NOT devide the network in areas and create big ass Backbone 0.0.0.0/0 ? 21:19 < tds> if so might be worth scrapping netplan and doing systemd-networkd directly? (that's a bit if though) 21:20 <+pppingme> I've run single area ospf many times... several factors involved 21:20 < UFC> can I create a site to site VPN with a fortigate 50e and an ddwrt router? 21:20 <+pppingme> but no, I wouldn't define the area as 0/0 21:20 < Aeso> The simpler your OSPF configuration, the less downtime and troubleshooting you'll be doing in my experience 21:21 <+pppingme> Capprentice how complex is this network? a pic/map would probably help 21:21 < shambat> I have the following intry in my route -n table in linux: 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 p1p1 does this look like it does anything? 21:21 < Capprentice> pppingme, Be back with a MAP. 21:21 <+pppingme> shambat default route 21:21 <+pppingme> it does everything 21:21 <+pppingme> everything thats not otherwise defined.. 21:22 < mgolisch> s 21:22 < mgolisch> s 21:26 < UFC> gaiz? 21:27 <+pppingme> shambat what are you trying to do or figure out? 21:27 < mgolisch> ups, whats a port vlan id, what do i need that for? 21:27 <+pppingme> mgolisch depends on manufacturer, but probably means the default vlan for that port, i.e. the untagged vlan 21:27 < shambat> pppingme: I have script that sets up a vpn which adds that line, it seems to mess with some apps 21:28 < mgolisch> its set to 1 but i set the port as untagged member in another vlan 21:29 <+pppingme> shambat I'd have to see the whole routing table... Why do you have a vpn setting your default route? It should only set routes for stuff on/behind that vpn 21:30 < shambat> pppingme: I'm not sure why it comes up to be honest... I just tried removing it and the confused apps are no longer confused ... 21:30 <+pppingme> mgolisch then you need to set it to the same vlan.. thats tplink? seems like on those you set the inbound and outbound untagged in different places 21:30 < mgolisch> pppingme: its a tp-link switch and iam greatly confused as its quite different than the hpe stuff i worked with before 21:31 < mgolisch> also i can set ports as untagged member in multiple vlans, how does that work? 21:31 <+pppingme> shambat is this a work or other legit vpn, or is it some hide your ass vpn that doesn't really hide you? 21:31 <+pppingme> mgolisch it doesn't.. 21:31 < mgolisch> :( 21:31 <+pppingme> at least not correctly 21:32 < shambat> pppingme: its a work thing 21:32 < shambat> openconnect 21:33 < mgolisch> ah in the manual it says it sends all broadcast traffic to the pvid vlan.. wtf? so thats why dhcp didnt work i asume 21:33 <+pppingme> in that case, it shouldn't be setting your default, I'd complain to the admin, he's overly aggressively pushing routes he shouldn't be. 21:33 < shambat> pppingme: I see an on_connect script here that adds some routes and then does: ip route add default dev p1p1 21:34 < shambat> would that be the culprit? 21:34 < tds> mgolisch: I think I'd expect having a configuration like that to get you all the traffic from both vlans as untagged on the same link? 21:34 <+pppingme> yeah, that shouldn't be the case if the vpn's sole purpose is to get you access to work resources.. it should only be adding routes for work subnets 21:34 < tds> Traffic coming back in would be tagged with the pvid though 21:35 <+pppingme> tds yeah, I think the tplink stuff will actually allow you to config like that, as wrong as it is 21:35 < mgolisch> tds: ah i see, i have not worked with alot of networking gear and all our hpe stuff at work allos ports to be untagged members in one vlan only 21:35 < tds> And yes, it's a rather useless configuration :) 21:35 < mgolisch> unless i missed something 21:35 < tds> I've got some cheapo Netgear ones that'll do the same 21:36 < purplex88> whats nic teaming for? 21:36 < shambat> pppingme: ok, thank you 21:36 <+pppingme> yeah, seems like a lot of consumer gear will do that for some reason, most specifically "websmart", not truly managed, switches 21:37 <+pppingme> purplex88 its a non-standard (everyone does it different when they use that term) way of doing bonding 21:38 < npgm> tds: ya I think you're right 21:38 < purplex88> why i will use it? 21:38 < mgolisch> yeah setting the pvid to the same vlan works 21:38 < mgolisch> confusing crap 21:38 <+pppingme> purplex88 for home situation, you probably wouldn't ever.. for a biz situation, its a way of getting more bandwidth in/out of a particular box (like a file server) 21:39 <+pppingme> mgolisch basically, one setting affects inbound traffic, the other outbound.. 21:39 < mgolisch> pppingme: i see, guess ill get used to it 21:39 < varesa> pppingme: some companies use a catch-all VPN to protect their employees (or rather themselves) if people work on sketchy networks 21:39 < purplex88> more bandwidth foe download? 21:40 < varesa> or just if they have some fancy IPS/IDS/security appliance that they want even remote workers to go through 21:40 < varesa> eh, meant DPI more than IDS/IPS 21:40 < purplex88> any way whats NIC for? 21:42 < varesa> "A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface,[1] and by similar terms) is a computer hardware component that connects a computer to a computer network." -wikipedia 21:42 < purplex88> how can i know whats my laptop's nic capable of? 21:42 < varesa> didn't mean to copy-paste the wikipedia definition, just wondered if it stood for card/controller/something else but that was so conveniently available :) 21:43 < varesa> find out what the NIC is and look at the specs 21:44 < purplex88> it just says: Realtek PCIe GBE Family Controller 21:44 < Aeso> purplex88, what do you need to know? 21:44 < purplex88> speed of my NICs 21:44 < Aeso> GBE = Gigabi Ethernet 21:45 <+pppingme> thats a gigabit ethernet nic.. fairly generic in its capabilities, popular on low-mid range machines 21:45 < purplex88> GBE = Gbps? 21:45 < ||cw> purplex88: clearly it's a gigbit nic. what are you hoping to find? 21:45 < ||cw> GBE = gigabit ethernet 21:45 < ||cw> derp, lag 21:45 < UFC> can I create a site to site VPN with a fortigate 50e and an ddwrt router? 21:45 < purplex88> yes gigabit per second? 21:46 <+pppingme> UFC probably 21:46 < ||cw> purplex88: yes? 21:46 < Aeso> purplex88, lmao. Gigabit Ethernet universally imples 1Gbps 21:46 < ||cw> UFC: with some pain, sure. 21:46 < purplex88> so its not 10 Gbps 21:46 < Aeso> And before you ask, that's 1Gbps in each direction. 21:46 < Wulf> UFC: both should support ipsec 21:46 < Aeso> Nope. 21:46 < purplex88> as i supposed 21:46 < Wulf> UFC: good luck. 21:47 < Capprentice> pppingme, Somewhat like this - https://i.imgur.com/kUDajt8.png 21:47 < purplex88> so when we team up NICs, what can we do? 21:48 < purplex88> download more? 21:48 < Aeso> purplex88, even when you aggregate links, they are load balanced per-connection. So no single connection can achieve more than the bandwidth of a single link. 21:48 < ||cw> purplex88: pretty sure the only way to get 10Gb on a laptop is an external Thunderbolt/USB-C 21:49 < ||cw> purplex88: teaming usually just get you redundancy, but can increase performance is multi-connection workloads 21:49 < GlenK> howdy. anyone else doing courses on netacad.com? if so, did exams stop working for you with firefox? 21:49 < purplex88> if i combine 10 NICs of 1 GbE then it means i won't get 10 GbE 21:50 < Aeso> purplex88, if you open 10 simultaneous connections, sure 21:50 < Aeso> otherwise no 21:50 < GlenK> and the hell, is facebook really the only way to do tech support? 21:50 < E1ephant> you can round robin, and not per-connection load balance 21:50 <+pppingme> purplex88 to simplify, in most cases, it means 10 unrleated streams will get a combined bandwidth of 10gb/s, but no single stream will likely exceed 1mb/s 21:50 < ||cw> 10 simultaneous connections that happen to get placed on 10 different connections by the algorithm, that is 21:50 < E1ephant> but this usually resuslts in out of order packets 21:50 < E1ephant> which will kill TCP window sizing 21:51 < ||cw> more likely, you'd need a couple hundred connections to see anywhere near 10Gbit from 10 1Gbit nics 21:51 < ||cw> or a protocol like iscsi 21:51 < E1ephant> samba sharing is an example of something that can multiplex at L3/L4 21:51 < Aeso> Capprentice, seems fine to me. I'd stick it all in a single area and establish adjacent links over private space /31s 21:52 < purplex88> pppingme: how are 10 streams 1 mb/s = 10 gb/s? 21:52 <+pppingme> that should have been 1gb/s 21:53 <+pppingme> Capprentice pretty simple network, not sure it justifies multiple areas 21:53 < purplex88> e.g. 10 different downloads 21:55 < Capprentice> How good are the Optilink Switches? Is this name known? 21:55 < UFC> Wulf any idea how to setup IPSEC tunnels with DDWRT ? 21:55 < UFC> all I see is PPTP 21:55 < Wulf> UFC: never tried 21:57 <+pppingme> UFC Use openwrt, not ddwrt, its behind the times 21:57 < ||cw> UFC: maybe you need a newer version, or your router isn't capable enough for it? been a while since I used it, but dd-wrt used to have a pretty strong support community, might ask them. 21:58 < ||cw> but yeah, if the router will run openwrt, sue that 21:58 < ||cw> use^ 21:58 <+pppingme> ||cw I'm not sure ipsec was ever implemented on ddwrt 21:59 < ||cw> pppingme: just openswan on optware, it seems 22:00 < ||cw> and OpenVPN 22:07 < goldstar> is it possible for a VPS provider to allow the creation of an ipsec tunnel but drop data/esp packets ? 22:14 < E1ephant> goldstar: sure, one is UDP traffic (IP type17) , and ESP is a completely different IP protocol number (IP type 50). 22:14 < E1ephant> you could block, filter or police on this field 22:19 < zenix_2k2> one nooby question, is "firewall" a type of hardware ? 22:19 < zenix_2k2> or a software 22:20 < Thuryn> it's a behavior 22:20 < zenix_2k2> behavior ? 22:20 < Thuryn> firewall is what a thing DOES, not what it IS 22:20 < Thuryn> it could be purely software (like iptables or firewalld) or it could be purpose-built hardware like a Juniper SRX 100. 22:21 < Thuryn> it's how the thing behaves that makes it a "firewall" 22:21 < zenix_2k2> oh god, more terms to take in 22:21 < Thuryn> no, no more terms 22:21 < zenix_2k2> no i mean i don't know what is a Juniper SRX 100 22:21 < zenix_2k2> so more searching 22:21 < Thuryn> you don't need to know what that is. 22:21 < Thuryn> it's just some vendor's firewall. 22:21 < Thuryn> i used it as an example. 22:22 < Thuryn> the point i was trying to make is that i can make it into a switch, a router, a DHCP server... or a firewall. 22:22 < Thuryn> it's how it's *configured* that makes it a firewall. 22:23 < zenix_2k2> HHHmmm... so in my book there is a quote like this --> "The OSI model is broken down into conceptual layers of communications. This way, routing and firewall hardware can focus on passing data at the lower layers, ignoring the higher layers of data encapsulation used by running apps" 22:23 < zenix_2k2> so why do they use the term "firewall hardware" ? 22:24 < Thuryn> because they're trying to make a differnt point 22:24 < Thuryn> they're not trying to be exact and precise in every word. 22:24 < Thuryn> they're trying to make the point that routers and firewalls operate at the same layer (layer 3) and ignore the higher layers. 22:25 < zenix_2k2> well fair enough 22:30 < cdzeno> I don't want to confuse no one but to give (if is necessary) a complete answare there is also another type of firewall that focuses on the application layer and is called WAF 22:31 < Thuryn> true, though I wonder if that isn't a bastardization of the term "firewall" as it's really either and IPS or an intelligent Web proxy. 22:31 < Thuryn> it's only a "firewall" in the sense that it's trying to block bad traffic. 22:36 < mloza> Hi, I have 3 distribution switches that is connected to a core switch. The switches are using RIP to advertise the routes. I want to take out 1 distribution switch in the equation without affecting the routes. How should I approach this? 22:38 < mloza> I tried shutting down the port from core switch but the routes to the old switch are still there 22:39 < cdzeno> @Thuryn: yes I agree, in practice is a IPS that blocks and log bad request to your own target 22:40 <+pppingme> mloza rip routes don't disappear immediately.. 22:41 < mloza> pppingme: is there a way to tell the switches to re-advertise the routes? 22:42 <+pppingme> mloza in time, it will happen on its own.. How long have you given it? 22:43 < mloza> pppingme: I think for more than 20 minutes. My servers went down because down of this. 22:43 < mloza> because of this* 22:44 <+pppingme> 20 minutes should be more than enough time.. you have something else advertising the routes 22:44 <+pppingme> why are y ou using rip and not ospf or something else? 22:44 < mloza> pppingme: This is a legacy environment. 23:09 < Thuryn> is this RIPv1 or RIPv2 23:13 < E1ephant> RIPng? 23:16 < Thuryn> Jack the RIPper? 23:27 < afidegnum> , i m having an issue, my server is lock due to a malicious code being sent to an external server i don't know where this is coming from http://dpaste.com/1XV4J1P 23:27 < afidegnum> how do trace this out? 23:27 < afidegnum> and block all ports? 23:29 < atsu> Wipe and start fresh. Your server is compromised and can no longer be trusted for anything of value 23:30 < lupine> we should place bets on whether it was wordpress or not 23:30 < spaces> Thuryn you know him ? 23:30 < tds> the username afidegnum seems familiar for some reason, has this happened before? 23:32 < tds> oh, I think you had a broken proxmox install a while ago or something 23:32 < afidegnum> tds: yes 23:32 < afidegnum> atsu: hi 23:33 < darsie> Why won't 'scp -v compile s:' copy compile? It doesn't print an error. https://pastebin.com/Y02BUwkE 23:33 < afidegnum> atsu: u from GH ? 23:34 < mgolisch> nice switch works, but that other switch is just garbage, cant remove ports from vlan1 and it seems like the management ip is accessible from all ports/vlans 23:34 < mgolisch> :( 23:35 < tds> oh, is it one of those ones where you can get to the mgmt ui on every untagged port? 23:35 < tds> and not if you send it any tagged frames? 23:36 < ||cw> had a low end HP that a port could either have all tags, or one vlan untagged. 23:36 < xtrWrithe> what is the lowest layer in the kernel for networking? 23:36 < xtrWrithe> i want to sniff from kernel mode 23:36 < xtrWrithe> NAPI / NETLINK / NF 23:36 < ||cw> xtrWrithe: depends on the kernel 23:37 < xtrWrithe> which will support the best practice? 23:37 < mgolisch> ill just return it, guess amazon takes it back 23:37 < xtrWrithe> ||cw: hey, kernel 4.xx 23:37 < ||cw> xtrWrithe: linux kernel? 23:37 < xtrWrithe> ||cw: yes 23:38 < ||cw> k, you have to specify, we do more than linux, and all OSs have a kernel 23:38 < tds> mgolisch: cheapo netgears have the same issue, the best part is that they claimed it was a documentation error 23:38 < xtrWrithe> ||cw: sorry for the generalization, im working on archlinux/debian/rel7 23:38 < ||cw> and I dont' know the answer. try a linux channel? 23:38 < tds> https://kb.netgear.com/000038418/Security-Note-for-Management-VLAN-Documentation-Error-on-Web-Managed-Switches 23:38 < xtrWrithe> ||cw: ikr 23:38 < tds> "The user manual incorrectly stated that NETGEAR Web Managed Switches offered a management VLAN as a security feature" 23:38 < mgolisch> not gona plug my modem into that thing 23:38 < atsu> xtrWrithe: libpcap/tcpdump not doing what you need? 23:39 < ||cw> xtrWrithe: promiscious mode is usually low enough for sniffing though 23:39 < tds> mgolisch: heh, yes, keep any untrusted vlan a long way from it :) 23:39 < xtrWrithe> ||cw: lmao you dont get my point 23:39 < ||cw> unless you want to debug the nic driver 23:39 < xtrWrithe> atsu: hi buddy, not it wont 23:39 < xtrWrithe> ||cw: yes very lower 23:39 < ||cw> well, then it's not just the network at that point, it's the kernel driver interfaces 23:40 < ||cw> linux being monolithic makes that fun 23:40 < xtrWrithe> ||cw: yes i want, to trace everything 23:40 < xtrWrithe> i have a netlink monitor 23:40 < mgolisch> just wanted it to use for feeding in the wan and some other stuff from my living room into the bigger switch in my rack, guess ill just pull some long cables for now and search for a better 8port vlan poe switch 23:40 < xtrWrithe> and studyn the NAPI 23:40 < ||cw> mgolisch: what switch was it? 23:40 < xtrWrithe> skbuff etc 23:41 < mgolisch> ||cw: tp-link TL-SG108PE 23:42 < ||cw> does netgear still make the GS108 line? that was a beast of a little thing 23:42 < atsu> Gotta be careful with managed switches and WAN connections. Some ISP equipment likes to only learn the first MAC address it sees 23:43 < ||cw> atsu: which isn't a problem if you vlan the port and the switch isn't being dumb with the management interface 23:44 < ||cw> but if the management interface isn't on dhcp it's also no a problem functionally, just a security one, and a hard to attack one at that 23:45 < atsu> Yeah, as long as you can make the switch silent on the VLAN you're good. But there's other stuff that can leak that's not IP that some cheap switches won't let you shut off. Like discovery protocols 23:46 < atsu> Just wanted to mention it cause it can cause problems 23:47 < afidegnum> hello, i want to block some ports so i can do some quick backups, is this ip rule correct ? http://dpaste.com/21TPPR4 23:47 < afidegnum> i want to block all ongoing ports except some 23:49 < Kryczek> afidegnum: you're supposed to allow some ports and drop all by default (-P DROP) 23:49 < afidegnum> yes, sorry for the misconstructions 23:49 < afidegnum> those are the exceptions 23:50 < afidegnum> i want to allow them so i can block all other portes 23:50 < afidegnum> ports 23:50 < Kryczek> afidegnum: then it should end with ... -J ACCEPT 23:50 < Kryczek> :) 23:50 < afidegnum> accept? 23:50 < afidegnum> what of dropping others ? 23:52 < Kryczek> afidegnum: `iptables -P INPUT DROP` at the end, but be careful to make sure that you have allowed everything you need first 23:53 < korans> Regarding TC I'm seeing a mq qdisc but not seeing any reference to it in any docs. also I'm seeing priomap and bands for pfifo_fast and I'm wondering if they're configuragble, the pfifo_fast's are in 4 bands under the mq qdisc. Is this really the mqprio qdisc. also I'm not seeing any man for tc-multiq although the kernel docs have a bit of documentation on it 23:54 < afidegnum> Kryczek: ok 23:55 < afidegnum> Kryczek: this is strange, can you look at this ? 23:55 < afidegnum> http://dpaste.com/35085YA 23:55 < afidegnum> i just loaded the current iptables stage 23:55 < afidegnum> state 23:55 < tds> afidegnum: do you have access to some kind of recovery mode or can you boot off a live cd? 23:56 < tds> for just doing backups before wiping that's likely to be better than trying to firewall down an already compromised machine 23:56 < afidegnum> this is a remote server 23:57 < tds> oh, I didn't mean a physical cd, just booting your vm from an iso/exposing an iso as a drive over your ipmi/whatever :) 23:58 < afidegnum> i think wiping/reinstall will be best 23:58 < afidegnum> i have a backup server --- Log closed Wed Jul 04 00:00:24 2018