Back to Home / #debian / 2013 / 05 / Next Day
#debian IRC Logs for 2013-05-18

---Logopened Sat May 18 22:23:32 2013
22:23-!-mikegrb [~michael@mikegrb.netop.oftc.net] has joined #debian
22:23-!-Irssi: #debian: Total of 556 nicks [1 ops, 0 halfops, 0 voices, 555 normal]
22:23-!-colaborador [~colaborad@181-19-144-169.dyn.movilnet.com.ve] has joined #debian
22:24-!-colaborador [~colaborad@181-19-144-169.dyn.movilnet.com.ve] has left #debian []
22:25-!-Irssi: Join to #debian was synced in 145 secs
22:26-!-ckoch786 [~quassel@108-70-143-173.lightspeed.toldoh.sbcglobal.net] has quit [Read error: Operation timed out]
22:26-!-noahfx [~noahfx@190.148.110.106] has joined #debian
22:28-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has joined #debian
22:28-!-lanthan [~quassel@dslb-088-075-229-201.pools.arcor-ip.net] has joined #debian
22:28-!-kenifanying [~kenifanyi@1.85.17.133] has joined #debian
22:29-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has quit []
22:30-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has joined #debian
22:30-!-miksuh [miksuh@80-186-71-235.elisa-mobile.fi] has joined #debian
22:31-!-jimh_ [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has joined #debian
22:32-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has left #debian []
22:32-!-jimh_ [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has left #debian []
22:32-!-q66 [~q66@213.191.105.214] has quit [Remote host closed the connection]
22:32-!-servidor [~servidor@187-44-5-61.mastercabo.com.br] has joined #debian
22:33-!-alvarezp [~alvarezp@2001:470:d:872:e9f7:d78a:12f2:1b22] has joined #debian
22:33-!-alvarezp [~alvarezp@2001:470:d:872:e9f7:d78a:12f2:1b22] has quit [Remote host closed the connection]
22:33-!-alvarezp [~alvarezp@2001:470:d:872:e9f7:d78a:12f2:1b22] has joined #debian
22:34-!-nickdaly [~yaaic@66-188-142-15.dhcp.mdsn.wi.charter.com] has quit [Ping timeout: 480 seconds]
22:34-!-servidor [~servidor@187-44-5-61.mastercabo.com.br] has quit []
22:35-!-servidor [~servidor@187-44-5-61.mastercabo.com.br] has joined #debian
22:37-!-servidor [~servidor@187-44-5-61.mastercabo.com.br] has left #debian []
22:37<somiaj>youlysses: it may ignore devices in your interfaces file. By default (unless you disabled it) the daemon should load at boot. You can double check with /etc/init.d/wicd status and run it with /etc/init.d/wicd start
22:37-!-qerter [~qerter@host-219-68-239-219.dynamic.kbtelecom.net] has joined #debian
22:37<somiaj>youlysses: you could change your home network to use an alias (so put home in place of wlan0)
22:38<somiaj>youlysses: then bring up that network with ifup wlan0=home (that way it won't ignore it. Though you may want to turn off wicd before doing so as it likes to take control)
22:39<youlysses>somiaj: I forgot to mention, my in-built network card is defaulting to wlan1. Could this be part of the problem?
22:40<sney>you can change that in /etc/udev/rules.d/70-persistent-net.rules, but it shouldn't make a difference for wicd
22:42<youlysses>somiaj: wicd daemon is currently running.
22:43<somiaj>youlysses: I was just using wlan0 as an example of syntax. I belive if your interface is explicting mentioned in /etc/network/interfaces it will ignore it. Change your interfaces file (use an alias) and then restart the deamon. See if that gets wicd to see the card
22:43<somiaj>youlysses: and as sney said you can change it to be wlan0 if you desire
22:44-!-Infiltrator [~Infiltrat@000194fb.user.oftc.net] has quit [Quit: leaving]
22:44-!-byonk [~byonk@114-42-89-83.dynamic.hinet.net] has joined #debian
22:45-!-youlysses [~user@75-132-28-10.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
22:48-!-pos [~mark@180.200.183.142] has joined #debian
22:50-!-fr33k [~fvb@546B3A3F.cm-12-4a.dynamic.ziggo.nl] has joined #debian
22:52-!-dg4prez [~quassel@2607:f3f0:2::cf34:f2b0] has quit [Remote host closed the connection]
22:53-!-vishwanath [~vishwanat@202.65.155.53] has joined #debian
22:53-!-dg4prez [~quassel@2607:f3f0:2::cf34:f2b0] has joined #debian
22:54-!-vishwanath [~vishwanat@202.65.155.53] has quit []
22:54-!-chitchat [~guest@218-214-24-203.sta.commander.net.au] has joined #debian
22:55-!-vishwanath [~vishwanat@202.65.155.53] has joined #debian
22:55-!-wardhan [~wardhan@1.23.68.79] has joined #debian
22:55-!-vishwanath [~vishwanat@202.65.155.53] has quit []
22:56-!-vishwanath [~vishwanat@202.65.155.53] has joined #debian
22:57-!-vishwanath [~vishwanat@202.65.155.53] has quit []
22:58-!-kingsley [~kingsley@174-31-236-206.tukw.qwest.net] has quit [Read error: Operation timed out]
23:00-!-Freejack [~Freejack@75-143-120-77.dhcp.aubn.al.charter.com] has joined #debian
23:03-!-alphanum [~alphanum@ip68-2-51-196.ph.ph.cox.net] has joined #debian
23:03<alphanum>hi guys.
23:05-!-daemonkeeper [~Arno@smart.knallkopp.de] has quit [Ping timeout: 480 seconds]
23:05-!-SparTaKo [~Reptoriz@189.222.236.79.dsl.dyn.telnor.net] has joined #debian
23:05-!-SparTaKo [~Reptoriz@189.222.236.79.dsl.dyn.telnor.net] has left #debian []
23:05-!-daemonkeeper [~Arno@smart.knallkopp.de] has joined #debian
23:06-!-martin_ [~martin@190.18.215.93] has joined #debian
23:06-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has joined #debian
23:06-!-martin_ [~martin@190.18.215.93] has quit []
23:06-!-alphanum [~alphanum@ip68-2-51-196.ph.ph.cox.net] has quit []
23:07-!-lanthan [~quassel@dslb-088-075-229-201.pools.arcor-ip.net] has quit [Remote host closed the connection]
23:07-!-lanthan [~quassel@dslb-088-075-229-201.pools.arcor-ip.net] has joined #debian
23:07-!-msantana [msantana@msantana.user.oftc.net] has quit [Ping timeout: 480 seconds]
23:07-!-TheBonsai [~thebonsai@p54B5831B.dip0.t-ipconnect.de] has quit [Ping timeout: 480 seconds]
23:08-!-jimh [~jimh@pool-74-106-53-133.plspca.dsl-w.verizon.net] has left #debian []
23:08-!-ngranek [~bigjocker@186.94.158.1] has joined #debian
23:09-!-Jekyll [~whodare@114.248.124.135] has quit [Quit: Konversation terminated!]
23:13-!-bullgard4 [~chaatzill@dslb-088-075-146-006.pools.arcor-ip.net] has joined #debian
23:13-!-kingsley [~kingsley@174-31-236-206.tukw.qwest.net] has joined #debian
23:14<Elv13>Does anyone of you have an idea how to stop ARP attack?
23:14<Elv13>they are eating up my bandwidth
23:16-!-endived [~stef@1-36-214-095.static.netvigator.com] has joined #debian
23:16-!-Konrad127123 [~konrad@ewt130.neoplus.adsl.tpnet.pl] has quit [Ping timeout: 480 seconds]
23:17<kerneld>Elv13: more VLANS
23:17<kerneld>smaller subnets
23:17<Elv13>the attack is comming from thw WAN
23:17<Elv13>I got a debian box just to stop ot
23:17<Elv13>s/ot/it
23:19<kerneld>Odd
23:20-!-dvs [~colin@00012127.user.oftc.net] has joined #debian
23:20<kerneld>does your ISP have a lot of customers on the same L2 segement as you?
23:20-!-TheBonsai [~thebonsai@p54B5B6AC.dip0.t-ipconnect.de] has joined #debian
23:21<Elv13>yea, the whole sector is on a cooperative-ish ISP and there seem to be no afirewall blocking 192.168.* from being routed and nothing block ARP packets
23:22<kerneld>You could figure out the MAC of your upstream gateway and any other servers you care to talk to and drop inbound packets from other MACs
23:23<kerneld>careful as they prob have VRRP and have a clustered gateway
23:23<Elv13>I already block inbound trafic, but that keep adding to my bandwidth
23:23<Elv13>(I got a cap)
23:23<kerneld>Are you linked to them with 802.1q port, or an access port?
23:23<Elv13>it is over 1gB per hours
23:23-!-egwk [~evil@ppp-94-65-83-208.home.otenet.gr] has quit [Remote host closed the connection]
23:24<Elv13>classic RJ45 jack cable to the wall
23:24<kerneld>Seems like your upstream has problems with their network design if you are all on a party line
23:25<Elv13>This ISP is not _that_ bad, as they let me have multiple public IPs (well, they failed to block that too)
23:25-!-theos911 [~theos911@d118-75-103-119.clv.wideopenwest.com] has quit [Ping timeout: 480 seconds]
23:26-!-orangensaft8 [~orangensa@2a02:908:f441:ed80:213:a9ff:fe48:6647] has joined #debian
23:26<Elv13>it is so bad that the mb/second cap is on the IP, not the MAC, so I can multiplex over 10 IPs and get 200mbps for the price of 20
23:27<kerneld>on your router, do an arp -a
23:28-!-Konrad127123 [~konrad@dba62.neoplus.adsl.tpnet.pl] has joined #debian
23:28<kerneld>do you have arptables setup?
23:29-!-claw__ [~claw@026-128-165-046.ip-addr.inexio.net] has joined #debian
23:30-!-mode/#debian [+l 580] by debhelper
23:31<Elv13>kerneld: the table is free of the IPs that the attack try to push into it, at least I got this right
23:33<kerneld>well if you are dropping the bad MACs thats all you can do. If ISP is charging for theier uncrontrolled ARP traffic that you are not responding to, not much you can do there. Best you can do is ignore the bad traffic
23:34<kerneld>you can whitelist the good MACs, or blacklist the bad MACs
23:34<Elv13>or try to DOS the author
23:34-!-AzaToth [~azatoth@h87-96-232-177.dynamic.se.alltele.net] has quit [Remote host closed the connection]
23:34<kerneld>I would recommend blacklisting the BAD MACs at that insulates you from losing connectivity in future when ISP makes hardware changes on the router
23:34<Elv13>03:17:58.860179 ARP, Request who-has 192.168.1.1 tell 192.168.1.1, length 46
23:34-!-youlysses [~user@75-132-28-10.dhcp.stls.mo.charter.com] has joined #debian
23:34<Elv13>fail
23:34-!-coldfire [~charlie@cpe-66-75-10-109.san.res.rr.com] has joined #debian
23:34-!-youlysses [~user@75-132-28-10.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
23:35-!-coldfire [~charlie@cpe-66-75-10-109.san.res.rr.com] has left #debian []
23:35<Elv13>kerneld: what is the preferred method to block the MAC?
23:35-!-youlysses [~user@75-132-28-10.dhcp.stls.mo.charter.com] has joined #debian
23:36<kerneld>arptables, but be careful
23:36-!-claw_ [~claw@079-158-165-046.ip-addr.inexio.net] has quit [Ping timeout: 480 seconds]
23:37<kerneld>it is was a set more intended for ether bridge security
23:37<Elv13>I don't know if it is a reall attack or just too many peoples that plugged the wrong router wire into the WAN
23:37-!-brdxufan [~brdxufan@117.79.232.10] has joined #debian
23:37-!-brdxufan [~brdxufan@117.79.232.10] has quit []
23:39-!-Auroch [~Auroch@237.65-201-80.adsl-dyn.isp.belgacom.be] has joined #debian
23:41<kerneld>iptables has a MAC module to
23:42<kerneld>but arptables would be the right tool
23:44-!-overflow [~overflow@190.87.13.14] has joined #debian
23:44-!-bluewater [~nautics-a@000127d1.user.oftc.net] has joined #debian
23:47-!-orangensaft8 [~orangensa@2a02:908:f441:ed80:213:a9ff:fe48:6647] has quit [Quit: Leaving.]
23:47-!-orangensaft8 [~orangensa@2a02:908:f441:ed80:213:a9ff:fe48:6647] has joined #debian
23:48-!-orangensaft8 [~orangensa@2a02:908:f441:ed80:213:a9ff:fe48:6647] has quit []
23:51-!-overflow [~overflow@190.87.13.14] has quit [Quit: Saliendo]
23:52-!-youlysses [~user@75-132-28-10.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
23:53<bullgard4>[Wheezy] What grub2 file includes a kernel command line?
23:53-!-qerter [~qerter@host-219-68-239-219.dynamic.kbtelecom.net] has quit [Ping timeout: 481 seconds]
23:54<Elv13>in the end, grub.cfg, but dont edit that file
23:56-!-ryerke [~bert-mage@ma70536d0.tmodns.net] has quit [Remote host closed the connection]
---Logclosed Sun May 19 00:00:20 2013