News Profile Code Photography Looking Glass Projects System Statistics Uncategorized
Present Location: News >> Blog

Blog
> Lame
Posted by prox, from Charlotte, on August 06, 2005 at 17:51 local (server) time

A couple of things today were lame-worthy.

My colo box (nonce) at SagoNet got indirectly DDoS'ed.  I say indirectly, because the random UDP packets weren't even destined for my box, they were for oasis.binarix.net.  Here's a little snapshot of the action that cause me around 98% packet loss for an hour and a half:

12:45:23.838680 IP 61.154.14.105.2558 > 207.150.167.55.13195: UDP, length: 991
12:45:23.839533 IP 218.6.83.45.4660 > 207.150.167.55.2719: UDP, length: 999
12:45:23.840384 IP 218.186.177.169.2427 > 207.150.167.55.6667: UDP, length: 997
12:45:23.841234 IP 61.240.161.218.42077 > 207.150.167.55.6667: UDP, length: 997

I tripped a circuit in my condo twice.  The first time it was understandable, dryer running, laser printer online, and I was vacuuming.  Second time I only had the vacuum on, which was weird.  I'm guessing the breaker for the circuit was still warm from before.  Oh well.  At least all my UPSes work nicely.  I only lost my Mac Mini ...

Best Buy has gone overboard trying to market their Geek Squad nonsense.  After looking at a couple overpriced DVD sets, I attempted to wander over to the computing department to browse around.  Unfortunately, most of the department was blocked off except for the entrance, where there was some Geek Squad station.  I think they were making you sign up for something, but it was thoroughly rediculous.  I was tempted to ask them how many bits in a byte, or something, but I resisted.

Oh, and strangely enough, I washed my car, and 5 minutes afterward the clouds departed and it turned into a sunny day.  Weird.

Comments: 0
> Stupid networking
Posted by prox, from Charlotte, on August 05, 2005 at 20:17 local (server) time

I saw Stealth the other day.  Interesting movie ... see-through plot and not much character development, but entertaining nontheless.  The techno talk and "stuff" displayed on the computer monitors was quite funny.  I liked all those random formulas and LAN party cases, too..  I think I even laughed out loud when they showed a triple helix breaking down as EDE (which I think they basically copied from HAL 9000) got struck by lightning.  But yeah, good movie.

In other news, I moved my NetScreen 5GT to directly on the public internet, and setup some policy routing on laplace that would make a baby cry.  Check it out.  And, I also updated my main network map.  So, now I'm running into a problem with ICMP redirects, of course.  I suppose I should turn them off, because ALL traffic wants to hit 10.3.5.2 (einstein) and only HTTP and SSH should go through.  The main router (laplace) should pass everything else out eth1.  Below is an example:

204.235.121.191 via 10.3.5.2 dev eth0  src 10.3.5.100 
    cache <redirected>  mtu 1500 advmss 1460 metric10 64

... should look like:

204.235.121.191 via 10.3.5.254 dev eth0  src 10.3.5.100 
    cache  mtu 1500 advmss 1460 metric10 64

... and doesn't because of:

20:04:17.555057 IP 10.3.5.254 > 10.3.5.100: icmp 556: redirect 204.235.121.191 to host 10.3.5.2

Anyway, enough of that.  I think I should eat dinner.

Comments: 0
> Circumlocutionium
Posted by prox, from Charlotte, on August 01, 2005 at 20:58 local (server) time

Should I buy it when prolixium.com expires?  It's kinda related ...

Anyway, long weekend.  Spent a good portion of it at work, lots of servers moving and network changes.  Long hours, but good company.  I did find time to try out my new wireless card.  More wardriving maps here.

Oh, yeah.  I finally discovered the Mac OS X magnifier.  Now I can watch fake 16:9 videos the right way, as well as see my HDTV monitor from the couch, without squinting.

What else ...  Oh, yeah.  If you're into what they now call vocal electronica, I highly suggest Balligomingo - Beneath the Surface.  I picked it up the other day, kind of like Enya with a beat, I guess.  Quite good.

Comments: 0
> Space
Posted by prox, from Charlotte, on August 01, 2005 at 12:51 local (server) time

I just bought some new hard drives for atlantis:

Filesystem            Size  Used Avail Use% Mounted on
/dev/hda3             1.9G   94M  1.7G   6% /
tmpfs                 248M  4.0K  248M   1% /dev/shm
/dev/hda5             7.4G  162M  6.9G   3% /var
/dev/hda6              27G  1.3G   24G   5% /usr
/dev/hdb1              74G   28G   42G  40% /home
atlantis:/mnt/plv    65536Y     0 65536Y   0% /mnt/plv

I suspect nobody is amused

Comments: 0
> Cisco Sucks!
Posted by prox, from Charlotte, on July 30, 2005 at 02:21 local (server) time

The title says it all!

Comments: 0
> ip rule add ...
Posted by prox, from Charlotte, on July 29, 2005 at 00:08 local (server) time

I was bored tonight, so, after requesting an additional IP address from RR, I put my NetScreen 5GT in parallel with my Linux box, right on the internet.  I'll eventually get a IPSec extention of my network going with one of my friends from home, but until then, I figured I'd have the NetScreen share some of the load with my Linux box.

I got the 5GT into the OSPF backbone area, so it could see everything and added a couple policies.  Also added an additional routing table on the Linux box with a default to the NetScreen.  Added a couple firewall rules to mark HTTP and SSH connections and send 'em over to the NetScreen.

Seems to work nicely, and now I can do some easy-ish QoS on the NetScreen to prevent my RTT from climbing when I use the 384kb of upstream RR gives me.  I've messed with tc on Linux awhile back, but I thought it was complete overkill, and a little too complex.

When playing with iptables, I found some options in the iptables(8) manpage that I hadn't seen before:

   ROUTE
       This  is  used  to explicitly override the core network stack's routing
       decision.  mangle table.

       --oif ifname
              Route the packet through `ifname' network interface

       --iif ifname
              Change the packet's incoming interface to `ifname'

       --gw IP_address
              Route the packet via this gateway

       --continue
              Behave like a non-terminating target and continue traversing the
              rules.  Not valid in combination with `--iif'

That just saddens me.  There's already a mechanism for that, the mangle table!  It just seems like this option is there purely for messing up and complicating configurations.  Looks like it provides a messy way out for incorrect firewalling/routing configurations.

Ah well, time to hit the sack.

Comments: 0
> Annoying
Posted by prox, from Charlotte, on July 27, 2005 at 22:11 local (server) time

Alright, my cable modem keeps rebooting.  This is messing up my graphs.

Uptime: 0d 1h 22m 31s
Last Status - prior reboot:Upstream Parameters Acquired

Maybe the coax burned up, due to the hot weather.  Yeah, that's it.

Comments: 0
> Cooked
Posted by prox, from Charlotte, on July 24, 2005 at 23:37 local (server) time

I'm convinved that my subconscious is against me.  The last few times I've gone out in the sun, I've forgotten suntan lotion.  Today was no exception, I got cooked pretty badly.  Of course ... I suppose I realized this when I was already baking, and did nothing.  The MPLS literature I was reading was quite compelling, heh.

Let's see, what else is going on...

Alright, two posts in one weekend.  That's all folks!

Comments: 0

Previous PageDisplaying page 76 of 121 of 965 results Next Page

XHTML 1.0 ValidCSS ValidRSS 2.0Powered by FreeBSDIPv4 This HTML for this page was generated in 0.006 seconds.