Back to Home / #linode / 2006 / 10 / Prev Day | Next Day
#linode IRC Logs for 2006-10-13

---Logopened Fri Oct 13 00:00:54 2006
00:05|-|Newsome [~sorenson@adsl-75-0-136-70.dsl.chcgil.sbcglobal.net] has quit [Quit: Linux: Now with employee pricing!]
00:08|-|kokoko [~Vampire@147.86.90.3] has quit [Ping timeout: 480 seconds]
01:22|-|fish1209 [~fish1209@0015e9782573.click-network.com] has joined #linode
01:40|-|fish1209 [~fish1209@0015e9782573.click-network.com] has quit [Quit: Leaving]
01:52|-|SpaceHobo [~spacehobo@host-84-9-51-167.bulldogdsl.com] has quit [Ping timeout: 480 seconds]
02:46|-|spr [~spr@c-24-10-162-63.hsd1.ut.comcast.net] has quit [Quit: This computer has gone to sleep]
02:53|-|SpaceHobo [~spacehobo@217.205.109.249] has joined #linode
03:30|-|konoko [~Vampire@84-73-87-14.dclient.hispeed.ch] has joined #linode
03:32|-|Francais [~c17be416@webuser.linode.com] has joined #linode
03:38|-|Francais [~c17be416@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
03:44|-|Redgore [~Redgore@65.19.178.250] has quit [Remote host closed the connection]
03:45|-|kvandivo_ [~kvandivo@ppp-70-225-167-82.dsl.chmpil.ameritech.net] has joined #linode
03:45|-|kvandivo [~kvandivo@ppp-70-225-167-82.dsl.chmpil.ameritech.net] has quit [Read error: Connection reset by peer]
03:46|-|Xaery [~xaer@jharkema.xs4all.nl] has joined #linode
03:47|-|schultmc [~schultmc@zealot.progeny.com] has quit [Ping timeout: 480 seconds]
03:47|-|schultmc [~schultmc@zealot.progeny.com] has joined #linode
03:48|-|taupehat [me@taupehat.com] has quit [Ping timeout: 480 seconds]
03:48|-|lucca [~lucca@kuu.accela.net] has quit [Ping timeout: 480 seconds]
03:49|-|linbot` [~supybot@ns.theshore.net] has joined #linode
03:49|-|Zymurgy [zymurgy@cat.delfax.net] has quit [Remote host closed the connection]
03:51|-|Netsplit oxygen.oftc.net <-> strange.oftc.net quits: linbot
03:52|-|Blah [~52a1f5da@webuser.linode.com] has joined #linode
03:52|-|guinea-pig [orion@parsed.net] has quit [Ping timeout: 480 seconds]
03:53<Xaery>anyone else having problems with host 20 ?
03:53|-|Xaery changed nick to Marcel
03:54<Blah>21 has problems too, well, more the uplink if I'm correct
03:55<Blah>li14-246.members.linode.com isn't responding too well
03:57|-|JonR [~jon@mn-10k-dhcp2-1940.dsl.hickorytech.net] has joined #linode
03:58<JonR>I'm getting near total packet loss to host17. Anyone know what's up?
03:58<Blah>JonR: Do a traceroute ;)
03:59<Blah>Then you know what's up (and more important, what's down)
03:59<JonR>mtr shows the loss as being on the last hop to host17
03:59<JonR>well, it's near-total. not total. which is surprising.
04:00<Marcel>massive loss :(
04:00<Blah>host21 (and 20, so it seems) suffer the same problems, so I figure it's their uplink
04:02|-|london_guy [~d921cb12@webuser.linode.com] has joined #linode
04:03<london_guy>I take it henet is having a fit again?
04:03<JonR>yep
04:03<london_guy>k - usual story.
04:04|-|tronix [~dsf@mappy.catbert.org] has joined #linode
04:04<tronix>seeing about 70% packet loss to linodes on two different hosts at TP
04:04<tronix>someone DoS'ing Linode?
04:04|-|Redgore [~Redgore@65.19.178.250] has joined #linode
04:04<Blah>london_guy: this happens often? (I joined linode yesterday)
04:04<london_guy>TP?
04:04<tronix>the planet (dallas)
04:04<tronix>data centre
04:04<london_guy>Blah> happens about once a month, for about 1 hour
04:04<JonR>Blah: nah, the last time I can recall was a couple months ago.
04:05<london_guy>but I wouldnt trade linode for anything else
04:05<Blah>ah ok, annoying but fair enough
04:05|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
04:05<tronix>yeah Linode's normally smooth for me about 99.something of the time
04:05<london_guy>I really would like to see linode expand to a datacentre in a few other countries - like England, and Australia
04:05<encode>im not really seeing packet loss to TP
04:05<encode>london_guy: expanding to australia is impractical to say the elast
04:05<london_guy>nobody else offers even close to as professional and well priced service
04:06<tronix>aye
04:06<Blah>England would be fine for me ... maybe in .nl though (even closer ;-)
04:06<encode>bandwidth is several orders of magnitude more expensive than the us
04:06|-|Ciaran [~ciaran@host81-158-197-229.range81-158.btcentralplus.com] has joined #linode
04:06<Ciaran>Hello.
04:06<london_guy>well, somewhere in Europe to cut down latency for european customers
04:06|-|tsi [~1806cbd1@webuser.linode.com] has joined #linode
04:06<tronix>top o' day, Ciaran
04:06<Ciaran>Just wanting to ask, is host36 being weird for anybody else?
04:06<tsi>host 48?
04:07<Ciaran>It's dropping packets for me. :/
04:07<london_guy>yeah can't get access to my linode.
04:07<tronix>yeah i think linode is being DoS'd or something
04:07<tsi>ok it's everyone, i can go back to bed
04:07<tronix>:)
04:07<@mikegrb>Ciaran: should be fixed in just a moment
04:07<london_guy>I use my linode to run a msn text mode client.. :p
04:07|-|phlaegel [~phlaegel@atdot.ca] has quit [Remote host closed the connection]
04:07<Ciaran>mikegrb: Okay, tanks. :) Was just wondering, no rush.
04:08<tsi>yeah seriously, mike, you guys do an amazingly awesome job
04:08<Ciaran>I love Linode. It's pretty much awesome.
04:08<tsi>thanks for all the hard work
04:08|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
04:08<Ciaran>I agree completely. ^^
04:08[~]tronix thirds
04:09|-|JasonF [jay@cialis.oldos.org] has joined #linode
04:09[~]Blah walks out ...
04:09|-|Redgore [~Redgore@65.19.178.250] has quit [Remote host closed the connection]
04:10|-|Beirdo [~gjhurlbu@beirdo.usercloak.oftc.net] has quit [Remote host closed the connection]
04:10|-|tierra-cgi [~47c3f7ba@webuser.linode.com] has joined #linode
04:11<tsi>hah. i've come within a few hundred yards of my linode and didn't even know it
04:11<Ciaran>Heh.
04:11|-|denis_ [~9020800d@webuser.linode.com] has joined #linode
04:11<Ciaran>I've never been anywhere close to my Linode.
04:11<Ciaran>It's a bit hard with me living in the UK and all.
04:11<tierra-cgi>host43 seems to be having problems...
04:11|-|ximbiot [~ximbiot@s233-64-208-242.try.wideopenwest.com] has joined #linode
04:12<Ciaran>tierra-cgi: Yeah, everybody is. Or, I assume, everybody in the same datacenter.
04:12<denis_>i've lost traffic :|
04:12|-|Rob3 [~Rob@195.58.90.146] has joined #linode
04:12<tierra-cgi>yeah, I'm still getting responses, just really, really slow
04:12|-|JonR [~jon@mn-10k-dhcp2-1940.dsl.hickorytech.net] has left #linode [Leaving]
04:13<ximbiot>what's wrong? a whole datacenter is down?
04:13<tsi>better than i've got, i'm dead in the water
04:13<tierra-cgi>can't manage to login though
04:13<Ciaran>I'm assuming Linode is being DoSed. Since I came in about 7 minutes ago I've heard reports from host36 (me), host48, and now host43.
04:13<tronix>i'm seeing about 63% packet loss at moment
04:13<tronix>and host28 and i think host35
04:13<encode>im having no problems, on host49 at theplanet
04:13<ximbiot>host 54 is down.
04:13<tierra-cgi>how long ago did this start?
04:13<ximbiot>5, 10 minutes.
04:13<tsi>14 min
04:13<tronix>noticed it about 15 mins ago
04:13<tierra-cgi>thanks
04:13|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
04:14<london_guy>Ciaran before you make assumptions of DoS have you done a traceroute to your box? (I'm unable to)
04:14<tronix>i've got mtr running
04:14<Ciaran>london_guy: Yeah. It fails on the last step.
04:14<tronix>6. vl21.dsr01.dllstx2.theplanet.com 0.0% 358 35.4 40.9 35.3 235.8 27.8
04:14<tronix> vl22.dsr02.dllstx2.theplanet.com
04:14<tronix> 7. vl2.car02.dllstx2.theplanet.com 0.0% 358 35.8 36.3 35.4 96.9 4.4
04:14<tronix> 8. zappy.catbert.org 64.2% 358 91.4 81.1 73.9 98.8 8.1
04:14<Ciaran>By which I mean:
04:14<denis_>i'm on host14, seems unreachable
04:14<Ciaran>Occasionally does so, and always with large ping times.
04:14<Ciaran>Not before then.
04:14|-|JasonF [jay@cialis.oldos.org] has joined #linode
04:14|-|Blah [~52a1f5da@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
04:15<london_guy>theplanet? That means its not even getting to hurrican electric
04:15<london_guy>and usually it is hurricane electric (he.net) that has connectivity issues
04:15<Ciaran>I'm at TE.
04:15<Ciaran>Er.
04:15<Ciaran>TP.
04:15<london_guy>so a better assumption is that he have stuffed up
04:15<london_guy>yes, but linode is hosted WITHIN henet
04:15<Ciaran>I do have another Linode at HE though. *checks it*
04:15<SpaceHobo>some is
04:15<ximbiot>my host54 is at the planet and i am losing a high percentage of packets.
04:15<london_guy>oh ok
04:15<london_guy>sorry Ciaran
04:15<tierra-cgi>heh, I remember when they had quite a few problems back about a year and a half ago, hadn't heard anything big since though
04:15|-|warewolf [warewolf@warewolf.org] has quit [Remote host closed the connection]
04:16<london_guy>I didn't realise linode were hosting in ThePlanet too
04:16<SpaceHobo>linode is hosted at hurricane electric in california and theplanet in texas
04:16<tierra-cgi>(talking about HE)
04:16|-|chrisw [~540c8fd4@webuser.linode.com] has joined #linode
04:16<Ciaran>Hmm.
04:16<Ciaran>host57 is also dropping packets, and it's in HE, I *think*.
04:16<Rob3>I'm on host9 and it is unreachable.
04:16<london_guy>is it possible to request which datacentre a linode is in when you order it?
04:16<SpaceHobo>No.
04:16<tierra-cgi>I don't think I've had a single problem on my node in TP since that last major power outage
04:16<SpaceHobo>not automatically
04:16<Ciaran>Hang on, brb.
04:17|-|Ciaran [~ciaran@host81-158-197-229.range81-158.btcentralplus.com] has quit [Quit: leaving]
04:17<tsi>me neither, terra
04:17<tronix>london_guy: sort of... but have to ask linode staff before setup
04:17<@mikegrb>yes, two different doses at the moment
04:17<chrisw>is anyone aware of a problem with host58.fremont.linode.com
04:17<denis_>tierra-cgi, neither have i
04:17|-|Ciaran [~ciaran@host81-158-197-229.range81-158.btcentralplus.com] has joined #linode
04:17<konoko>anything know is there is something wrong with host37?
04:17<Ciaran>Back.
04:17<konoko>*anyone
04:17|-|Humanoid [~user@ppp-58.9.15.99.revip2.asianet.co.th] has joined #linode
04:17<Ciaran>konoko: Everyone's having problems all around.
04:17<london_guy>mike - is there a status webpage.. or do you know what the prob is?
04:17<tsi>no, it's not just you. yes, they're aware of it.
04:17<denis_>tierra-cgi, if it wasn't for linode's extraordinary service, i might be complaining now :)
04:17<tsi>:)
04:17<konoko>thanks Ciaran
04:17<Ciaran>And this isn't just limited to one datacenter.
04:17<Humanoid>host21.linode.com is down. So are a few others I tested.
04:18<Ciaran>It's happening at both HE and TP, which again suggests a DoS.
04:18[~]london_guy is glad he did an rsync recently..
04:18|-|Nemesis [~3d45035a@webuser.linode.com] has joined #linode
04:18<Ciaran>In fact, HE seems to be getting it worse than TP from what I can tell.
04:18<tsi>yeah seriously. my backup goes off at 00:04 edt
04:18<tierra-cgi>denis_: hehe, I've been with Linode over 2 years now, and pretty close to all outages I've ever run into is the result of something wrong at TP, which doesn't happen often
04:18<@mikegrb>yes
04:19|-|warewolf [~warewolf@warewolf.org] has joined #linode
04:19<tsi>ok i'll stop adding to the noise, hope everything goes well. take care, everyone
04:19|-|tsi [~1806cbd1@webuser.linode.com] has quit [Quit: CGI:IRC 0.5.7 (2005/06/19)]
04:19|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
04:20|-|chrisw [~540c8fd4@webuser.linode.com] has left #linode []
04:20|-|Blah [~52a1f5da@webuser.linode.com] has joined #linode
04:20<Nemesis>Has host55 stopped responding?
04:21|-|JasonF [~jay@cialis.oldos.org] has joined #linode
04:21|-|ironie [ironie@82-37-10-10.cable.ubr02.wolv.blueyonder.co.uk] has joined #linode
04:21|-|warewolf [~warewolf@warewolf.org] has quit [Remote host closed the connection]
04:21<ironie>Good morning Gentlemen
04:21<tronix>top o' day
04:22<Ciaran>Nemesis: I *think* Linode's having a DDoS attack. :/ I can't speak authoratitvely though.
04:22<Ciaran>It's happening all around.
04:22<ironie>ah
04:22<tronix>05:17 <@ mikegrb> yes, two different doses at the moment
04:22<ironie>or at least HE
04:22<tronix>doses = DoS attacks
04:22<Nemesis>Ciaran: ah okay
04:22<tronix>and i think mikegrb means that both data centres are getting attacked
04:23<Ciaran>tronix: Ah, thanks.
04:23<ironie>Isn't that nice </sarcasam>
04:23<ironie>And thanks from me as well
04:23<tronix>fine bloke, whomever launched it... is fit to be kneecapped. :)
04:23<ironie>always nice to have a answer to a question I hadn't even asked yet
04:24[~]ironie dreams of my cappin' list fondly
04:24<Ciaran>Hehe.
04:24|-|phlaegel [~phlaegel@atdot.ca] has joined #linode
04:25|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
04:25<Ciaran>Should this be put in the topic?
04:25|-|JasonF [jay@cialis.oldos.org] has joined #linode
04:25<ironie>probably, though i stopped here before looking at the forums
04:26<london_guy>forums aren't really the place for real time information..
04:26|-|warewolf [warewolf@warewolf.org] has joined #linode
04:26<tierra-cgi>I checked the status forum first :/
04:26<Ciaran>ironie: That's why I figured it should be put in the topic. (The IRC topic, that is)
04:26<ironie>checked connectivity, then the webpage to see if the machine was up, and linode itself was live
04:26<ironie>right. agreeded
04:26<tierra-cgi>that is what it's supposed to be there for, heh
04:27<ironie>nice way to get a reunion going though... ;-}
04:27<tierra-cgi>true
04:27<ironie>bet the channel fiulls up quick
04:27<ironie>*fills
04:28|-|Nemesis [~3d45035a@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
04:28<tronix>hmm interesting. packet loss for my host went away
04:28<tronix>(fwiw)
04:29<Blah>tronix: not here ... same problem persisting
04:29<ironie>9 packets transmitted, 1 packets received, 88% packet loss
04:29<tronix>which data centre you two at?
04:29<tronix>TP or HE?
04:29<ironie>he
04:29<Blah>he
04:29<tronix>ahh ha. I'm at TP
04:30<Ciaran>Still having problems here, at both HE and TP.
04:30<Ciaran>Oh, mind you.
04:30<ironie>where are all those "smart routers" I hear tell about
04:30<Ciaran>No, things are fine at TP now.
04:30<Blah>It's getting better though ;-) My packet loss went down from 93 to 72% ;)
04:30<Ciaran>HE is still giving me grief.
04:31|-|denis_ [~9020800d@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
04:31[~]ironie decides not to answer any phones for awhile
04:32|-|zibeli [~ddcbf710@webuser.linode.com] has joined #linode
04:32|-|denis_ [~9020800d@webuser.linode.com] has joined #linode
04:33<konoko> Blah > It's getting better though ;-) My packet loss went down from 93 to 72% ;) <<< stop trying to ddos your server with pings... its not very efficient ;p
04:34<Blah>correct a handful of pings will bring down a datacenter ;)
04:34<konoko>hehe
04:34<denis_>yes, what happened to all the smart router boxes
04:34<konoko>depends how big the handfull is ;)
04:35<Humanoid>Can't the ip addresses from the DDoS attacks be blocked and be done with it?
04:35<zibeli>would i be correct in assuming there are problems reaching he linodes again atm?
04:35<Humanoid>It's been over 40 minutes, and I still cannot access my server.
04:36<ironie>yeppers, sit down and join the fun
04:36<denis_>zibeli, you would
04:36<ironie>romur is DoSSers
04:36<zibeli>ok, thanks, just wanted to be sure i wasn't alone ;-)
04:36<zibeli>swine
04:37<denis_>Humanoid, with a DDoS, it is very difficult
04:37<Ciaran>Humanoid: It's not as simple as that. Blocking IPs like that only works when you know what the IP address is, and you only know that when the data comes in.
04:37<Ciaran>At least, for UDP.
04:38<tierra-cgi>*** CTCP PING reply from tierra: 78 seconds
04:38<tierra-cgi>yeah, still having problems ;)
04:38<denis_>another thing with UDP is all DDoS packets can spoof their origin, leaving no IP to block
04:38<Humanoid>Humanoid: Doesn't the data have to be coming in all the time for the DDoS to still be working? So then, just look at the logs to see where there are more than X number of packets per second, and block those.
04:38<ironie>obviously any succesfull DoS attack is launched from several hundread, or thousant zombies at once
04:38<Humanoid>Ciaran: Oops, that last line was meant for you.
04:38<denis_>Humanoid, no source IP if packets are spoofed, nothing to block
04:38<Ciaran>Humanoid: But block them *where*?
04:38<SpaceHobo>Humanoid: you may not be clear on what the first D in DDoS stands for
04:38<Ciaran>And yeah, IP addresses can be spoofed.
04:38<ironie>any any several hundread ports at once
04:39<ironie>any *at
04:39<Humanoid>denis_: If the packets have spoofed IP addresses, then just block those spoof IP's? Or do the IP's change randomly for every spoofed packet?
04:39<Ciaran>Humanoid: The latter.
04:39<denis_>look up the definition of 'spoof' :)
04:40[~]Blah laughs
04:40<Ciaran>Humanoid: And you still haven't addressed how you would actually block them anyway. ;)
04:40<Humanoid>denis_: If computer X spoofs his packets as coming from Y, then just block packets from Y. The only way that would not work is if he changes the spoof IP often.
04:40<Humanoid>Ciaran: Shouldn't it be enough to block them at the linode servers that are running the UML instances?
04:41<ironie>That is why I wondered about the "snart routers". Not that I have seen any personally...pricey hardware for a garage geek
04:41<Blah>Humanoid: nope, cause the packets _do_ come from X, so they keep coming, even if you block Y
04:41<tierra-cgi>Humanoid: most spoofed packet attacks do use random source addresses
04:41<denis_>Humanoid, computer X, being an asshole that wants to go undetected, would obviously poof at random
04:41<denis_>err, spoof
04:41<Ciaran>Humanoid: But the point here is not that the servers are overloaded, it's that the bandwidth is overloaded. Blocking them after the bandwidth has already been taken up isn't going to solve the main problem.
04:41<Ciaran>Probably.
04:41<Ciaran>I think.
04:41<Ciaran>I could be wrong.
04:42<Humanoid>Blah: No, cause if you block Y, and packets from X claim to be from Y, the packet will be blocked due to it having Y in the "src IP" field in the IP packet.
04:42|-|cconlin [~181d8d4f@webuser.linode.com] has joined #linode
04:42<Ciaran>Humanoid: Look. DDoS packets will randomise the IP *on every request*. Thus, one second it's 56.92.3.45, the next it's 124.9.82.176.
04:42<Blah>Humanoid: and X cannot send new packets? Of course ... but yeah, let's block all possible IP addresses
04:42<Ciaran>Thus, you can't block it.
04:43<Humanoid>Ciaran: Yes, in that case, blocking doesn't work. (with random IP's every second)
04:43<SpaceHobo>remember that throwing intelligence at a problem is what DDoSes exploit best
04:43<SpaceHobo>since they tax the system that analyzes the traffix
04:43<SpaceHobo>c
04:43<tierra-cgi>well, not a lot I can do, so I'm just going to go get some sleep
04:44|-|tierra-cgi [~47c3f7ba@webuser.linode.com] has left #linode []
04:44<cconlin>Anyone here have a linode on host14?
04:44<denis_>cconlin, yes, unreachable
04:44<cconlin>denis_:thanks
04:44<Blah>tierra-cgi: Noooo save us from armageddon! Don't sleep! ;-)
04:44<Ciaran>cconlin: If you need to test connectivity to host14, you could just test host14.linode.com, if you wanted.
04:44<denis_>SpaceHobo: if your analyzer isn't specc'ed to take your bandwidth, that doesn't count as intelligence
04:45<cconlin>Ciaran: Yeah, tried that. Just wanted to see if there was any news of why (scheduled maintenance, etc)
04:45<Humanoid>How long to DDoS attacks usually last?
04:45<Humanoid>s/to/do
04:45<Ciaran>Humanoid: As long as possible.
04:45<ironie>depneds who is doing it and why
04:45<denis_>they are usually shorter than wars by many orders of magnitude
04:46<Humanoid>I'm guessing it's a former customer of linode.com who got pissed off?
04:46<Ciaran>I doubt it.
04:46<ironie>maybe some have heard of gambleing servers and others being blackmaile
04:46<ironie>d
04:47<denis_>maybe a competitor that wants to hike prices :o
04:47<Humanoid>Hmm.. a competitor... I guess that's a second idea.
04:47<Blah>maybe some anti-spam site (spamhaus clone) on linode? ;)
04:47<ironie>I don't think too many of caker's customers get pissed off, he seems to try pretty well, at least so far
04:47<@mikegrb>TP dos handled
04:47<cconlin>Is host14 being DDoSed? Sorry if I'm way off. I've just had such good experience for the past year. This is the first time I've known of my linode going down.
04:47<@mikegrb>Blah: kind of close
04:47<Ciaran>Woo!
04:47<Ciaran>mikegrb: How'd you do that?
04:47<@mikegrb>magic
04:47<@mikegrb>and a really expensive cisco box
04:48<@mikegrb>was a spammer doing the dos
04:48<Ciaran>A spammer? What were they trying to do?
04:48<@mikegrb>but not against an anti-spam site, against a compromised linode that was running ssh bruteforce attacks
04:49<Ciaran>Why both datacenters, though?
04:49<ironie>9 packets transmitted, 3 packets received, 66% packet loss
04:49<@mikegrb>the HE dos is unrelated
04:49[~]Blah hates spammers ...
04:49<Ciaran>mikegrb: Ah, okay.
04:49<ironie>hope you haven't "handled it" by killing off .uk traffic
04:49<ironie>ah
04:50<Ciaran>ironie: Nope, he hasn't.
04:50[~]Ciaran is in the UK.
04:50<@mikegrb>just a bad coincidence that they occured at the same time
04:50<ironie>bummer
04:50<Ciaran>Although I'm not actually .uk, I'm .btcentralplus.com.
04:50<denis_>cconlin, it's a network problem, they usually sort themselves out after a short while as many people rely on the network
04:50<Humanoid>How can both TP and HE linode servers be attacked at the same time, yet be unrelated?
04:50<Ciaran>Humanoid: It happens.
04:51<denis_>sounds like the smart router boxes worked out then :)
04:51<cconlin>denis_: ahh, alright. No worries.
04:51<tronix>hmm....
04:52<cconlin>Anyone know if it's possible to request (say you have two linode accounts) being split between two datacenters?
04:52<tronix>i'm seeing packet loss climbing now (TP)
04:52<tronix>0->10% and rising
04:52<Humanoid>Finally, my server's now working.
04:53[~]ironie just got connectivity as well
04:53<Blah>host21 (HE) seems to be working again
04:53<ironie>the junk mail is flowing
04:54[~]Blah disappears in a mysterious fog *Po0F*
04:54|-|Blah [~52a1f5da@webuser.linode.com] has quit [Quit: CGI:IRC 0.5.7 (2005/06/19)]
04:54<london_guy>yes I'm on HE again.
04:54<Ciaran>Hmm.
04:55<@mikegrb>just to give you an idea what it is like to be me, I have received 180 pages in the last hour ;)
04:55<Ciaran>TP is having problems again.
04:55<tronix>yup
04:55<tronix>packet loss around 67% for me
04:55|-|guinea-pig [orion@parsed.net] has joined #linode
04:55<tronix>started about two minutes ago
04:55<tronix>whoo
04:55<london_guy>mikegrb I can tell you I appreciate all your good work
04:55<Ciaran>I do too.
04:55[~]tronix automatically thirds
04:56|-|denis_ [~9020800d@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
04:56<ironie>the job of network admin is underpaid and very seldomly appreciated
04:57<Ciaran>*nods*
04:57<london_guy>I have to say I'm so impressed the way this IRC site is not hosted in HE/TP :)
04:57<london_guy>otherwise we'd never be able to communicate during downtime
04:57<Ciaran>london_guy: Well, this network isn't specific to Linode.
04:57<Ciaran>It's handled by OFTC.
04:57<SpaceHobo>also, irc networks tend to span several hosting centers
04:57<SpaceHobo>and relay
04:57<SpaceHobo>so it's possible that one of the oftc servers may be down
04:58<SpaceHobo>but you just keep trying to connect until you find one that's up
04:58|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
04:58<Ciaran>But, of course, the one that's down might be connecting two other servers, in which case you have a netsplit.
04:58<SpaceHobo>any server going down is a split
04:59<Humanoid>So how does a really expensive cisco box stop the DDoS? And what model is it? So that I may buy one in the future.
04:59<SpaceHobo>that's why you don't use a ring architecture
04:59<SpaceHobo>or a star
04:59|-|JasonF [~jay@cialis.oldos.org] has joined #linode
04:59|-|SupaZubo1 [~crack@frotz.zork.net] has quit [Remote host closed the connection]
05:00<tronix>Humanoid: you'd have to be fairly flush with cash, considering a really expensive cisco is six to seven figures. :)
05:00<Humanoid>tronix: I plan to be rich 10 years from now :D
05:00<tronix>good plan. :-)
05:00|-|phlaegel [~phlaegel@atdot.ca] has quit [Read error: Operation timed out]
05:01<tronix>I'm not sure which options was used for DoS handling but Cisco IOS has a fair number of options. all sorts of rate limiting, some DoS handling options,
05:01<tronix>tcp intercept options, etc...
05:01<tronix>lots of tools a network admin can work with.
05:01<Ciaran>It depends on where it's placed, though, really.
05:02<tronix>that and process switching vs fast switching, amongst other things
05:02|-|warewolf [warewolf@warewolf.org] has quit [Remote host closed the connection]
05:02<Ciaran>Even a really expensive router won't do anything if it's an attack aimed at the bandwidth.
05:02<Ciaran>Unless you place it upstream somewhere.
05:02<tronix>indeed
05:03<Humanoid>I see
05:03<Ciaran>So in this case that means it was probably aimed at the resources of the servers themselves.
05:03<@mikegrb>Ciaran: yes, it is upstream
05:04|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:04<@mikegrb>a cisco pix
05:04<london_guy>HE net down again
05:04|-|SupaZubon [~crack@frotz.zork.net] has joined #linode
05:05<Ciaran>mikegrb: Ah, right. My mistake.
05:06<Ciaran>Humanoid: If you want to learn more about DDoSes, this is a good explanation of one that happened to grc.com once: http://www.grc.com/dos/grcdos.htm
05:06|-|zibeli [~ddcbf710@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
05:06<Ciaran>It was one where the IPs weren't spoofed, however.
05:07<Ciaran>Which is probably the same in this case, since it was blockable.
05:08|-|tierra [~tierra@ibaku.net] has quit [Read error: Operation timed out]
05:09|-|tierra [~tierra@ibaku.net] has joined #linode
05:09<Humanoid>Ciaran: Good link. Thanks!
05:09<Ciaran>Humanoid: No problem. :)
05:09|-|JasonF [jay@cialis.oldos.org] has joined #linode
05:09|-|SupaZubon [~crack@frotz.zork.net] has quit [Remote host closed the connection]
05:09<Humanoid>Well I'm off. See ya!
05:10|-|Humanoid [~user@ppp-58.9.15.99.revip2.asianet.co.th] has quit [Quit: Leaving]
05:12|-|kathy [~5409887e@webuser.linode.com] has joined #linode
05:13<SpaceHobo>oh dear
05:13<SpaceHobo>Someone on my host must be thrashing
05:13<SpaceHobo>bi and bo are hovering at 0
05:13<SpaceHobo>si and so too
05:13<SpaceHobo>but 99% wait state
05:13<SpaceHobo>hmm, calming down to 65%
05:13<SpaceHobo>I wonder if that's the token limiter
05:14|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:15|-|encode [~encode@blah.i.hate.w1ndo.ws] has quit [Remote host closed the connection]
05:15|-|JasonF [jay@cialis.oldos.org] has joined #linode
05:15|-|encode [~encode@blah.i.hate.w1ndo.ws] has joined #linode
05:17|-|warewolf [warewolf@warewolf.org] has joined #linode
05:17<london_guy>he is ok now
05:17<SpaceHobo>who?
05:17<SpaceHobo>oh
05:17<SpaceHobo>H.E.
05:17<london_guy>sorry HE
05:18<kathy>is something happening? I know linodes in h.e and theplanet are respoding most odd
05:18<SpaceHobo>kathy: DDOS
05:19|-|lightern [~zordon@210-9-142-80.netspeed.com.au] has joined #linode
05:19<lightern>hello
05:19<lightern>any probs on host18?
05:19<SpaceHobo>lightern: DDOS in HE and TP
05:19<lightern>thanks mate
05:19|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:20|-|encode [~encode@blah.i.hate.w1ndo.ws] has quit [Remote host closed the connection]
05:22|-|warewolf [warewolf@warewolf.org] has quit [Remote host closed the connection]
05:23|-|warewolf [warewolf@warewolf.org] has joined #linode
05:25|-|JasonF [jay@cialis.oldos.org] has joined #linode
05:25|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:26|-|andrew_j_w [~andrew@82-69-30-171.dsl.in-addr.zen.co.uk] has joined #linode
05:26|-|jlinos [~51b55d25@webuser.linode.com] has joined #linode
05:26<andrew_j_w>hi, is linode having problems?
05:27<Ciaran>HE is okay, TP still slow.
05:27<Ciaran>andrew_j_w: Yeah.
05:27<andrew_j_w>I cannot access my linode, either by web, ssh or lish
05:27<andrew_j_w>nor can I access www.ratemylinode.com
05:27<SpaceHobo>andrew_j_w: DDOS
05:27<Ciaran>Right now there's a DDoS attack on TP.
05:27<jlinos>me neither
05:27<jlinos>ouuu
05:27<SpaceHobo>oddly enough, I can get to my linode
05:27<SpaceHobo>but not rml
05:27<andrew_j_w>oh, ok
05:27<Ciaran>SpaceHobo: Are you in HE? It's okay now.
05:27<SpaceHobo>Ciaran: I don't think so
05:28<Ciaran>SpaceHobo: What host are you on?
05:28<JDM>what host are you on?
05:28|-|JasonF [jay@cialis.oldos.org] has joined #linode
05:28<SpaceHobo>host40.linode.com
05:28|-|warewolf [warewolf@warewolf.org] has quit [Remote host closed the connection]
05:28<SpaceHobo>someone seems to be thrashing on it, though
05:28<Ciaran>Yeah, host40's on TP.
05:28<SpaceHobo> 0 7 146844 7404 30044 53248 0 0 0 0 114 74 1 1 0 99
05:29<SpaceHobo>0 I/O at all, yet 99% wait state
05:29<SpaceHobo>and only 74 context switches
05:31|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:31|-|JasonF [~jay@cialis.oldos.org] has joined #linode
05:35<jlinos>i am on host28, can anybody inform us on the problems that exist now? what is it and what shall I expect untill all is back to normal, thank you
05:35|-|agraman [~50053ee3@webuser.linode.com] has joined #linode
05:36|-|miquel [~miquel@21.Red-80-34-27.staticIP.rima-tde.net] has joined #linode
05:36<JDM>jilnos: there's a ddos attack going on against The Planet, which is the datacenter where host28 is located
05:36|-|Russ [~5005a007@webuser.linode.com] has joined #linode
05:36|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:36<agraman>Can anybosy tell me how long I should expect the reboot command to take. It's currently in the queue.
05:37<miquel>agraman: mine has been in the cue more than 20 minutes, and is still there
05:37<Russ>I just logged in to ask if there is a problem with host38
05:37<agraman>hell! thanks miguel
05:37<miquel>host31 is also affected
05:37<miquel>any op here?
05:38<JDM>there's a ddos attack going on against ThePlanet, where hosts 28 and 31 are located
05:38<jlinos>k, that is bad, any estimates on how much more this ddos attack will last ?
05:38|-|agraman [~50053ee3@webuser.linode.com] has quit []
05:38<jlinos>or there are no solutions to such thing
05:38|-|JasonF [jay@cialis.oldos.org] has joined #linode
05:40<JDM>jilnos: not really, because we have no clue who the attacker is. routing rules can be added to filter the traffic out but that takes time
05:40<Ciaran>jlinos: It's impossible to estimate something like that. :/
05:40<SpaceHobo>hey, who here is on host40?
05:40|-|mcculley [~mcculley@31.110.119.70.cfl.res.rr.com] has joined #linode
05:41|-|Rob3 [~Rob@195.58.90.146] has quit [Quit: Rob3]
05:42|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:43|-|tierra [~tierra@ibaku.net] has quit [Remote host closed the connection]
05:43|-|darkbeholder [darkbehold@nmathe02.res.csu.edu.au] has quit [Ping timeout: 480 seconds]
05:43|-|JasonF [~jay@cialis.oldos.org] has joined #linode
05:47<miquel>I cannot see the relation with the ddos attack and the time that a server needs to boot.
05:48<JDM>booting shouldn't be a problem, but there might be problems instructing the server to do the job (because of the network)
05:48|-|tehdan [~dan@omicronpersi8.plus.com] has joined #linode
05:48|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
05:49<tehdan>is host52 borked?
05:49<JDM>is a host start date listed in your boot or shutdown job?
05:49<miquel>10/13/2006 06:07:16 AM
05:49<miquel>job id 285115
05:50<JDM>hmm. that's odd, but i don't work for linode so i wouldn't know.
05:50<JDM>tehdan: nothing's wrong with host52 but the network that it's in is under a ddos attack
05:50<tehdan>that would explain it...
05:50<tehdan>thx
05:51<JDM>just curious, has anyone here opened a support ticket for the ddos? that might awaken the staff
05:51<miquel>nope
05:51<tehdan>i haven't yet - how did you find out it was a DDOS?
05:51<miquel>is anyone here from staff ?
05:52<miquel>normally there is someone...
05:52<JDM>caker and mikegrb
05:52<andrew_j_w>I opened a support ticket asking if the host was down
05:52<andrew_j_w>that was before I came on here and discovered about the DDOS
05:52<tehdan>where does the DDOS info come from?
05:53<andrew_j_w>!seen caker
05:53<linbot`>andrew_j_w: caker was last seen in #linode 9 hours, 8 minutes, and 26 seconds ago: <caker> http://www.kottke.org/06/10/google-code-search
05:53<andrew_j_w>!seen mikegrb
05:53<linbot`>andrew_j_w: mikegrb was last seen in #linode 49 minutes and 55 seconds ago: <mikegrb> a cisco pix
05:55|-|jdbakker [~c26dc66f@webuser.linode.com] has joined #linode
05:55<JDM>tehdan: mikegrb was here about two hours ago telling us, he works for linode
05:56|-|jdbakker [~c26dc66f@webuser.linode.com] has left #linode []
05:56<tehdan>thanks - just wondered if it was "official"
05:57|-|NeonNero [~nn@213.184.199.8] has joined #linode
05:58|-|agraman [~50053ee3@webuser.linode.com] has joined #linode
05:58|-|Russ [~5005a007@webuser.linode.com] has left #linode []
05:58<NeonNero>are there any known problems on host37 right now?
05:58<NeonNero>i'm unable to connect to ssh, or even lish
05:58<agraman>anybody experiencing problems on host44?
05:59<SpaceHobo>DDOS
05:59<jlinos>DDOS
05:59<miquel>we're pretty fucked up...
05:59<Ciaran>If only this were in the topic.
05:59<Ciaran>;p
05:59<SpaceHobo>Ciaran: op me, then!
05:59<jlinos>there should be a post on the ddos issue somewhere on the forums
05:59<tehdan>any hints if its targeted at linode specifically?
06:00<jlinos>i hear the whole "The Planet" is targeted
06:00<agraman>would anyone like to hazzard a guess as to how long it might take Linode to resolve the DDOS problem
06:00<Ciaran>SpaceHobo: If I had the ability to do that I'd have put it in the topic myself. :P
06:00<JDM>[05:55:53] <mikegrb> but not against an anti-spam site, against a compromised linode that was running ssh bruteforce attacks
06:00<JDM>tehdan: looks that way
06:00<NeonNero>aiaiai!
06:00<tehdan>oh dear...
06:01<jlinos>[13:33] <JDM> jilnos: not really, because we have no clue who the attacker is. routing rules can be added to filter the traffic out but that takes time
06:04<JDM>jilnos: you asked if it could be stopped, not who it was directed at
06:05|-|Ernie [~c636cac3@webuser.linode.com] has joined #linode
06:05<agraman>Today's lesson: If you are planning an official launch of a website with lots of people invited, don't arrange it for 'Friday 13th'. There goes the phone again!
06:06<Ernie>anyone from Linode support here?
06:06<SpaceHobo>Ernie: DDOS
06:09|-|Ernie2 [~c419ffc3@webuser.linode.com] has joined #linode
06:09<Ernie2>Anyone from Linode support here?
06:09<Ciaran>Ernie2: DDOS
06:09<Ciaran>;p
06:10|-|darkbeholder [darkbehold@nmathe02.res.csu.edu.au] has joined #linode
06:10<Ciaran>caker and mikegrb are the Linode guys. But there's a DDoS right now on TP and they're trying to handle that.
06:10<Ernie2>my disk is full on my Linode and now I cannot access or reboot
06:10<Ciaran>Ernie2: What host are you on? You might be getting stymied by the DDoS.
06:12|-|cmantito [~gphreak@spc2-port1-0-0-cust259.cosh.broadband.ntl.com] has joined #linode
06:13<cmantito>..problems with host52?
06:13<JDM>cmantito: DDOS
06:13<Ciaran>cmantito: Yes, DDoS on TP.
06:13<cmantito>grrrr...
06:14[~]cmantito sighs
06:14<cmantito>useless fucking scriptkiddies
06:15<Ciaran>Spammers in this case. Or it was before, anyway.
06:15<Ciaran>Of course, these spammers are probably also script kiddies.
06:16<cmantito>either way
06:16<cmantito>I can't get my fucking mail ^.^
06:18<Ernie2>li2-119.members.linode.com and li13-83.members.linode.com
06:19|-|agraman [~50053ee3@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:19<Ernie2>will these be affected?
06:19|-|ptomblin [~4a410e7b@webuser.linode.com] has joined #linode
06:20<ptomblin>hello everybody
06:20<ptomblin>is one of the hosts down?
06:20<jlinos>ddos
06:20<ptomblin>My linode went down at 5:15, and when I try to reboot it just says "Waiting on host"
06:20<jlinos>ddos on The Planet
06:21<ptomblin>lovely
06:21<miquel>Is not suposed to be solved quickly?
06:21|-|adb [~adb@209-6-217-125.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com] has joined #linode
06:21<ptomblin>well, if it's been happenign for 2+ hours, I wouldn't call that "quickly"
06:22<jlinos>it can span between now and infinite
06:22<SpaceHobo>miquel: /nick ThereIsADDoSAtThePlanet
06:22<cmantito>DDoSs can't exactly be "solved"
06:22|-|SpaceHobo changed nick to ThereIsADDoSAtThePlanet
06:23<ThereIsADDoSAtThePlanet>Much better
06:23<ThereIsADDoSAtThePlanet>Hi everybody!
06:23<jlinos>yes, you spare us of giving the bad news to the new comers here
06:23<ptomblin>i thought you could handle that with a decent firewall
06:23<ThereIsADDoSAtThePlanet>jlinos: they'll still ask
06:24|-|Blaler [~ddba494a@webuser.linode.com] has joined #linode
06:25<darkbeholder>its times like this that some sort of newsbot is handy... the type where they notice or pm to keep most of it out of the channel so ppl dont have to repeat it over and over to each new person who joins the channel
06:25<ptomblin>maybe an op can change the top?
06:25<ptomblin>topic*
06:25<darkbeholder>do people read the topic though?
06:25<NeonNero>Ernie2: i just looked up your IP addresses (ARIN), and since they're both on TP's subnet, then yes, those are affected
06:26|-|FuZzY [~d4ae1a0c@webuser.linode.com] has joined #linode
06:26[~]ThereIsADDoSAtThePlanet *
06:26|-|FuZzY changed nick to kuzgun
06:26<Ernie2>NeonNero: thanks
06:26|-|JasonF [~jay@cialis.oldos.org] has joined #linode
06:26|-|JasonF [~jay@cialis.oldos.org] has quit [Remote host closed the connection]
06:26<ptomblin>Before I came here, I looked on the forum.
06:26<cmantito>well, if it was posted in the forums it'd be easier
06:26<Ernie2>are they working on this?
06:26<cmantito>I checked the news forum first
06:26<cmantito>especially as I'm not supposed to be awake right now
06:27|-|npc [~80ad58de@webuser.linode.com] has joined #linode
06:27|-|JasonF [jay@cialis.oldos.org] has joined #linode
06:27|-|ptomblin changed nick to There_Is_A_DDoS_At_The_Planet
06:27[~]There_Is_A_DDoS_At_The_Planet *
06:28[~]ThereIsADDoSAtThePlanet *
06:28|-|ldexter_ [~khromy@adsl-065-006-163-043.sip.mia.bellsouth.net] has joined #linode
06:28<ThereIsADDoSAtThePlanet>it helps to ^B your *
06:28<There_Is_A_DDoS_At_The_Planet>what does that do?
06:29[~]There_Is_A_DDoS_At_The_Planet *^B
06:29<adb>Anybody know why I might be able to ping and ssh my linode, but not the host it is on?
06:29|-|Jascain [aquarion@linuxops.net] has joined #linode
06:29<ThereIsADDoSAtThePlanet>makes it bold
06:29<ThereIsADDoSAtThePlanet>just like the front on
06:29<ThereIsADDoSAtThePlanet>e
06:29<ThereIsADDoSAtThePlanet>^B*
06:29[~]There_Is_A_DDoS_At_The_Planet *
06:29<sonorous>oh dear
06:29<ThereIsADDoSAtThePlanet>*
06:29[~]ThereIsADDoSAtThePlanet *
06:29|-|Blaler [~ddba494a@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:29[~]There_Is_A_DDoS_At_The_Planet *
06:29<sonorous>ThereIsADDoSAtThePlanet: give it a rest
06:29<ThereIsADDoSAtThePlanet>adb: There_Is_A_DDoS_At_The_Planet
06:29|-|Cpl_Rogue [~184a5f15@webuser.linode.com] has joined #linode
06:29<brc>My server is 100% lagged
06:30<ThereIsADDoSAtThePlanet>brc: I wonder why.
06:30<There_Is_A_DDoS_At_The_Planet>me too
06:30[~]darkbeholder joins in even though his name doesnt tell everyone that there is a DDoS at The Planet
06:30<adb>OK. I can accept that as why my life is hard. I'm still a little curious about thing A working while thing B A depends on is not.
06:31<brc>if it iis a ddos why linode.com is acessible and rest of IPs not ?
06:31<ldexter_>ThereIsADDoSAtThePlanet: Is there a DDoS at the planet?
06:31<ThereIsADDoSAtThePlanet>ldexter_: Could be...
06:31<darkbeholder>only The Planet is effected, hosts at HE arnt
06:31<There_Is_A_DDoS_At_The_Planet>I'm not sure
06:31<ThereIsADDoSAtThePlanet>there is also some joker thrashing on host40
06:31<london_guy>..anymore
06:31|-|JasonF [jay@cialis.oldos.org] has quit [Remote host closed the connection]
06:31<Cpl_Rogue>Nice to know it is not just me
06:32<ThereIsADDoSAtThePlanet>Cpl_Rogue: we share your pain
06:32<Ernie2>we have servers at theplanet that are not affected
06:32<ThereIsADDoSAtThePlanet>Ernie2: yeah, it's not all of theplanet
06:32|-|Ciaran changed nick to There_Is_A_DDoS_At_ThePlanet
06:32<There_Is_A_DDoS_At_ThePlanet>:D
06:32<ThereIsADDoSAtThePlanet>Ernie2: host40 seems to be fine for network, mostly, but some dude is thrashing on it
06:32<brc>www.linode.com is at theplanet and is node lagged
06:32<brc>Mine is host18
06:32<brc>anyone at host18 ?
06:32<darkbeholder>ok
06:33<There_Is_A_DDoS_At_ThePlanet>I'm on host36 myself.
06:33<ldexter_>I think I'm on host18
06:33<There_Is_A_DDoS_At_The_Planet>I don't remember what my host is
06:33|-|tehdan changed nick to The_planet_is_being_ddosed_as_
06:33<brc>Maybe it is just a host18 issue ?
06:33|-|The_planet_is_being_ddosed_as_ changed nick to The_planet_is_being_ddosed
06:33<npc>host41 is effed...
06:33<Cpl_Rogue>host45
06:33<Jascain>As is host50
06:33<darkbeholder>well 47 is dead
06:33<ldexter_>actually, i'm on host38
06:34<brc>Is caker aware of this problem ?
06:34|-|tomass [~540c6f13@webuser.linode.com] has joined #linode
06:34<There_Is_A_DDoS_At_ThePlanet>Oh, of course.
06:34<NeonNero>how long has the attack been going on, btw?
06:34<There_Is_A_DDoS_At_The_Planet>So, anybody know *why* somebody is doing this?
06:34<Jascain>I'd imagine he's having roughly the same login problems as the rest of the multiverse, though
06:34<The_planet_is_being_ddosed>yeah, he keeps a close eye on peoples nicks to work out if there's a network problem.
06:35<There_Is_A_DDoS_At_The_Planet>neon: my one went down at 5:15
06:35<There_Is_A_DDoS_At_ThePlanet>NeonNero: This particular one started about 30-40 minutes ago, I think.
06:35<There_Is_A_DDoS_At_ThePlanet>I could be wrong.
06:35<There_Is_A_DDoS_At_ThePlanet>Maybe I should change my nick to be less confusing.
06:35<miquel>Does anyone know if this has happened before ?
06:35<tomass>any ideas what's being done/what can be done to deal with it
06:35|-|There_Is_A_DDoS_At_ThePlanet changed nick to TP_Is_Being_DDoSed
06:35<tomass>and how long before it could be resolved?
06:35<TP_Is_Being_DDoSed>There, that works.
06:35<ThereIsADDoSAtThePlanet>I love this BFD
06:35<ldexter_>mine went down at 5:04
06:35<There_Is_A_DDoS_At_The_Planet>My home computer does a wget on my linode every 15 minutes, and it failed 2 hours ago at 5:15EDT
06:35<The_planet_is_being_ddosed>miquel: packets are sent to linodes nearly all the time, yes
06:36<ThereIsADDoSAtThePlanet>There_Is_A_DDoS_At_The_Planet: maybe it's because there is a DDOS at The Planet
06:36<The_planet_is_being_ddosed>its just that there's a lot of them at the moment
06:36<ldexter_>I think there is a DDoS at the planet
06:36<TP_Is_Being_DDoSed>Me too.
06:36<Jascain>It's possible, I suppose.
06:36<ThereIsADDoSAtThePlanet>ldexter_: unsubstantiated poppycock!
06:36<There_Is_A_DDoS_At_The_Planet>I've heard that
06:36<brc>it is not a ddos. if you traceroute linode.com and your server, they are on the same place but www.linode.com is not lagged..
06:36<There_Is_A_DDoS_At_The_Planet>just a rumour, you know.
06:37|-|Shrap [~4546c24c@webuser.linode.com] has joined #linode
06:37<ldexter_>yeah, but rumors help solve problems so lets help spread them
06:37<The_planet_is_being_ddosed>linode.com is on a different subnet to my host
06:37<brc>Do a traceroute and you will find out the routes are the same
06:37<brc>Hmm. almost the same. hehe
06:37|-|JasonF_ [jay@cialis.oldos.org] has joined #linode
06:37|-|donnchaocaoimh [~donncha@212.2.170.64] has joined #linode
06:37<Shrap>so theres a ddos going on?
06:37<brc>maybe you are right, routes are not the asme..
06:37<TP_Is_Being_DDoSed>Shrap: Yep.
06:37<ldexter_>yeah, there is a DDoS at the planet
06:38<brc>but traceroute shouws the problem at the last HOP
06:38[~]There_Is_A_DDoS_At_The_Planet *
06:38<brc>Do a traceroute onm yout server and ping the hop befoer your server. it will be ok
06:38<brc>Maybe internal routing
06:38|-|NeonNero [~nn@213.184.199.8] has quit [Quit: Everybody who believes in telekinesis, raise my hand!]
06:39<ldexter_>my host keeps flapping
06:39<TP_Is_Being_DDoSed>brc: If it's an attack aimed at the resources of the server rather than the bandwidth, then it's consistent that only the last hop would be affected.
06:39<ldexter_>22 packets transmitted, 1 received, 95% packet loss, time 21000ms
06:40[~]There_Is_A_DDoS_At_The_Planet *
06:40<TP_Is_Being_DDoSed>There_Is_A_DDoS_At_The_Planet: I think everyone knows that now just because of all the nicks anyway. ;p
06:40<brc>true
06:40<The_planet_is_being_ddosed>its interesting to see that even when my primary MX is down, only spammers use the secondary MX.....
06:40<ldexter_>i learned something new today at least.. 1 out of 22 is about 5%
06:40|-|The_planet_is_being_ddosed changed nick to TehDan
06:40<cmantito>haha
06:40<ldexter_>yeah, a lot of spam is sent directly to the secondary MX
06:41<linbot`>New news from forums: Linodes Down: DDoS @ TP in General Discussion <http://www.linode.com/forums/viewtopic.php?t=2476>
06:41<TP_Is_Being_DDoSed>Woo!
06:41<TP_Is_Being_DDoSed>I can go back to my normal nick now.
06:41|-|TP_Is_Being_DDoSed changed nick to Ciaran
06:41<TehDan>I know that, but it seems that not much HAM is send to 2ndary MXs
06:41<cmantito>...ham?
06:41<cmantito>as in notspam?
06:41<ldexter_>who receives much ham these days anyway? ;)
06:41<TehDan>yes
06:41<ldexter_>cmantito correcto
06:41<TehDan>I get the occasional HAM from my mum
06:41<cmantito>ahh
06:41<cmantito>fair enough
06:42<brc>since there is not much to do, i am going to sleep again..
06:42<ldexter_>brc: sleep tight
06:42[~]tronix pines over christmas ham. apparently I'm hungry and should scare up some food wihle waiting
06:42[~]cmantito wishes he could go back to sleep, but it's 12:42pm and once he's up, he's up
06:42|-|There_Is_A_DDoS_At_The_Planet [~4a410e7b@webuser.linode.com] has quit [Quit: I heard the planet is getting ddosed]
06:42[~]ldexter_ just got into work :(
06:42<ldexter_>luckily
06:42|-|JasonF_ [jay@cialis.oldos.org] has quit [Remote host closed the connection]
06:42<cmantito>doh!
06:42<darkbeholder>bed sounds nice
06:42<ldexter_>my email is down so i can stall / eat crap on IRC
06:42<cmantito>I was just about to finish my coding from last night
06:43<cmantito>but it's my linode :`(
06:43|-|Shrap [~4546c24c@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:43[~]cmantito cries
06:43<darkbeholder>and 9:45pm isnt too early for bed really
06:43<TehDan>anyone want to hazard a guess as to a time to fix?
06:43|-|pete [~d4f8f102@webuser.linode.com] has joined #linode
06:43<ldexter_>TehDan: 8:32AM EDT
06:43<darkbeholder>1 minute after the minute before its fixed
06:43[~]cmantito grumbles and opens GoLive. CSS it is.
06:43<jlinos>in 45 minutes
06:43<cmantito>bah! fresh OS install. no golive!
06:43<ldexter_>$100 its before 10AM
06:44<darkbeholder>in what timezone?
06:44|-|ThereIsADDoSAtThePlanet changed nick to SpaceHobo
06:44<ldexter_>EDT
06:44<cmantito>ldexter_: deal! hah! I win! 12:44pm!
06:44<cmantito>damn you.
06:44<darkbeholder>yeah
06:44<ldexter_>heh
06:44<cmantito>meh, $100 is worthless anyway
06:44<cmantito>only £50
06:44<Ciaran>I'm still dropping packets.
06:44<Jascain>cmantito: Better than nothing, though
06:44<darkbeholder>hmmm US$100 would be about AU$120ish
06:45<tronix>mtr -t -4 <host> is a nice way to see packet loss continuously updated
06:45<darkbeholder>i could use that and im further past the 10am deadline so i win :)
06:45<cmantito>Jascain: I'd rather have Dinars which are far worth less than USD... -.-
06:45<ldexter_>$100 is enough to sign you up to a basketball league
06:45<cmantito>dy8-9fm
06:45<cmantito>ow
06:45<ldexter_>tronix: so you're the one responsible for the DDoS? ;)
06:45<jlinos>i was supposed to get some importnat mails today, do you think the mail servers are retrying the mails to me untill this ddos is finnished ?
06:45<darkbeholder>$100 is alot for a poor uni student
06:45<cmantito>stupid USD which cause me so much trouble.
06:46|-|ywliu [LinodeJava@61-228-87-21.dynamic.hinet.net] has joined #linode
06:46<tronix>ldexter_: nahhh. bored enough to stare at a pretty mtr display ;)
06:46<tronix>currently at 67.8% packet loss over 4526 packets
06:46<cmantito><-- unemployed codeperson trying to start a company with a friend in a country he's not technically entitled to work in yet
06:46|-|adb [~adb@209-6-217-125.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com] has quit [Quit: adb]
06:46<ldexter_>cmantito: sounds like an uphill battle but good luck :-)
06:46<cmantito>well, I'm entitled to work here for the next month, but then we have to apply for a work visa.
06:46<cmantito>ldexter_: thanks. I need it.
06:46|-|The_Surfer [~surfer@84-105-114-48.cable.quicknet.nl] has joined #linode
06:46<Jascain>Hmm.
06:46<cmantito>:)
06:47<Jascain>Host 50 just came back
06:47<tronix>whoa... 0% packet loss
06:47<darkbeholder>woot 47 is back also
06:47<ldexter_>whoot! I got back in
06:47<cmantito>when the DDoS stops, no one will EVER know because all the linodes will be hammered with people getting their mail
06:47<TehDan>52 back too
06:47<Ciaran>36 is back.
06:47<tronix>nagios is having a blast. ;) 100+ emails
06:47<ywliu>Is this as it is said in the forum, a DDoS attack ?
06:47<ldexter_>just saw the routing stabilize
06:47<cmantito>yay 52!
06:47<ldexter_>tronix: fuck nagios
06:47<ldexter_>it kept me up all night
06:47<tronix>:)
06:48<Jascain>It's at this point that I really wish I hadn't put in the reboot request
06:48<TehDan>cmantito: hiya neighbour!
06:48|-|pete [~d4f8f102@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:48<cmantito>TehDan: hostmate!
06:48<ldexter_>Jascain: I put one in and it was successful
06:48<ywliu>I opened a ticket before I realized it was a DDoS attack.
06:48|-|JasonF [jay@cialis.oldos.org] has joined #linode
06:48<Jascain>ldexter_: Yes, but if it was a routing problem I don't actually need it
06:48<TehDan>cmantito: have you noticed things being a little slower on 52 these past few days?
06:49<cmantito>TehDan: yes, actually
06:49<tomass>me too (reboot request)
06:49<cmantito>well, I haven't, but my housemate has.
06:49<tomass>wish there was a way to cancel pending requests...
06:49<Jascain>*nod*
06:49<ldexter_>Jascain: i know.. i put my reboot in before i came on here and found out it was a DDoS
06:49<cmantito><dan> "kevinnn, redbaron's being slow *again*"
06:49<ldexter_>ugh
06:50<Jascain>Mine's been "in progress" for a while
06:50<ldexter_>this means I actually get to read my email/work now
06:50<jlinos>when those IPs which caused the ddos attack will be identified, will they be blocked from accesing linode again? I would do that if I were sysadmin on linode
06:50[~]donnchaocaoimh thinks there'll be quite a few reboots later
06:50|-|Russ [~5005a007@webuser.linode.com] has joined #linode
06:50<TehDan>cmantito: reckon someone is hogging the IO
06:50<cmantito>yeah
06:50<SpaceHobo>cmantito: what host?
06:50<tronix>could be from the reboots or sudden burst of emails or something
06:50<ldexter_>jlinos: uh, if very specific IPs were causing the issue, yes.. if it was some sort of botnet UDP DDoS attack.. no...
06:50<donnchaocaoimh>jlinos: doubtful, they're probably slave machines
06:50<TehDan>not a good idea - much of the time DDOS participants are zombied hosts, often on dynamic IPs
06:50<Russ>Does anyone know if the DOS attack is over? My server seems more responsive
06:51<SpaceHobo>oh wow
06:51<SpaceHobo>mine just finally got some idle CPU
06:51<miquel>my lish on host 31 work
06:51<SpaceHobo> 0 0 146632 29092 18724 47532 0 0 0 0 102 68 0 0 99 0
06:51<SpaceHobo>much better than before
06:51|-|tomass [~540c6f13@webuser.linode.com] has left #linode []
06:51[~]SpaceHobo keeps vmstat 5 running in a screen window at all times
06:51<SpaceHobo>very handy
06:52<ldexter_>SpaceHobo: so you're the one that's wasting all our CPU?
06:52|-|Jascain [aquarion@linuxops.net] has quit [Quit: "It is better to have loved an island than never to have loved atoll"]
06:52[~]cmantito larts SpaceHobo
06:52<donnchaocaoimh>I'm back in.. 47
06:53<SpaceHobo>um what
06:53<donnchaocaoimh>reboot hasn't gone through yet though so I exited screen
06:53<SpaceHobo>vmstat 5 doesn't use up resources
06:53<ldexter_>SpaceHobo: rethink that statement ;)
06:53<SpaceHobo>um
06:53<SpaceHobo>what
06:53<Ciaran>SpaceHobo: It does, just not as much that ldexter_ thinks. Hardly any, in fact.
06:53|-|kathy [~5409887e@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:53<ldexter_>granted it doesn't use much, but it does use some resources
06:53<SpaceHobo>yeah
06:54<ldexter_>Ciaran: it was a joke..
06:54<SpaceHobo>it spends most of its time in wait state
06:54|-|Cpl_Rogue [~184a5f15@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:54<Ciaran>ldexter_: I know. ;p
06:54<SpaceHobo>anyway, we're none of us starved for CPU
06:54<Ciaran>So was I. ;)
06:54<ldexter_>i could picture somebody thinking vmstat was a CPU hog though
06:55<SpaceHobo>maybe if you could do like vmstat .0000000001
06:55<SpaceHobo>then it'd probably bottleneck on terminal I/O
06:56|-|Russ [~5005a007@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:56<TehDan>I don't trust vmstat, I just grep my swap partition for NULS ever 5 seconds - is that a problem? :)
06:57<brc>grat server is back
06:57|-|agraman [~50053ee3@webuser.linode.com] has joined #linode
06:57<agraman>host44 is up
07:01<tronix>rock on. in the wise words of Rufus, party on dudes. :)
07:01[~]tronix &
07:02<miquel>the lish seems to work... but the cue is still there
07:02<jlinos>i don't want to bring up the subject, but should we expect this to happen again? i mean, somebody did something for this ddos to be stopped, or the bad guys stopped it themselves and are waiting for another shot a little later ?
07:03<miquel>by all
07:03|-|miquel [~miquel@21.Red-80-34-27.staticIP.rima-tde.net] has quit [Quit: miquel]
07:06|-|london_guy [~d921cb12@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
07:06<ywliu>host49 is still unreachable
07:06<tronix>jlinos: good question. yeah, could recur if the a$$wipe finds new hosts or uses a different toolkit or who knows what
07:06|-|cmantito [~gphreak@spc2-port1-0-0-cust259.cosh.broadband.ntl.com] has quit [Quit: brb.]
07:06|-|agraman [~50053ee3@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
07:06|-|mcculley [~mcculley@31.110.119.70.cfl.res.rr.com] has quit [Quit: mcculley]
07:07|-|cmantito [~gphreak@spc2-port1-0-0-cust259.cosh.broadband.ntl.com] has joined #linode
07:08<ywliu>It is said those DDoS attacks are launched by Int'l gangsters or terrorists... hard to fight them ...:<
07:10<cmantito>...
07:11<jlinos>'cause you know, i feel better if i hear that caker or someone at linode actually did something and stopped it, i would feel more assured, that they are in control over the situation somehow, otherwise I would be very stressed and good for nothing
07:12<ldexter_>jlinos: honestly, on the internet you're always at the mercy of those with access to a large number of hosts/bandwidth
07:12<ldexter_>almost as much as NOC operators that trip over cables
07:13<Ernie2>my server seems to be back
07:13<Ernie2>t have not rebooted
07:13|-|TehDan [~dan@omicronpersi8.plus.com] has quit [Quit: BitchX: coming soon to a theatre near you!]
07:14<ironie>the only true security is pulling the plog. everything else is just due dilligence
07:14<ironie>20 years ago the internet was safe as houses
07:15<ironie>a little dull though
07:16|-|linville [~linville@nat-pool-rdu.redhat.com] has joined #linode
07:17|-|ywliu [LinodeJava@61-228-87-21.dynamic.hinet.net] has quit [Quit: ywliu]
07:18|-|jlinos [~51b55d25@webuser.linode.com] has left #linode []
07:18|-|Redgore [~Redgore@65.19.178.250] has joined #linode
07:18|-|The_Surfer [~surfer@84-105-114-48.cable.quicknet.nl] has quit [Quit: « Ë×Çü®§îöñ » Info~[v9.5]~ Released~[October 27, 2003]~]
07:20|-|flathom [~80681351@webuser.linode.com] has joined #linode
07:25|-|NeonNero [~nn@office.intrahouse.no] has joined #linode
07:31<NeonNero>so is the ddos over now?
07:35|-|JavaWoman [~Marjolein@a80-127-23-92.adsl.xs4all.nl] has quit [Quit: rebooting...]
07:36<ldexter_>sweet
07:36<ldexter_>somebody powered down my linode
07:37<andrew_j_w>something doesn't seem right
07:37<andrew_j_w>I can access my linode through lish, but web traffic isn't getting through
07:37<Redgore>andrew_j_w: check your webserver is actually started
07:38<andrew_j_w>already restarted it
07:38<ldexter_>genius at work just said that the simpsons wouldn't be the same without homer
07:38<andrew_j_w>seems to be back now
07:43<ldexter_>http://arstechnica.com/news.ars/post/20061011-7956.html
07:43<ldexter_>ouch
07:46|-|NeonNero [~nn@office.intrahouse.no] has quit [Quit: Everybody who believes in telekinesis, raise my hand!]
07:55|-|london_guy [~d921cb12@webuser.linode.com] has joined #linode
07:55<london_guy>bing
07:56|-|JavaWoman [~Marjolein@a80-127-23-92.adsl.xs4all.nl] has joined #linode
07:56|-|kuzgun [~d4ae1a0c@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
07:57|-|Cpl_Rogue [~184a5f15@webuser.linode.com] has joined #linode
07:58|-|darko [~cbce15eb@webuser.linode.com] has joined #linode
08:02|-|fuzzie [~d99bb5a2@webuser.linode.com] has joined #linode
08:02|-|Cpl_Rogue [~184a5f15@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
08:02|-|london_guy [~d921cb12@webuser.linode.com] has quit [Quit: CGI:IRC 0.5.7 (2005/06/19)]
08:03<fuzzie>hi scaries, did someone break host49 or is my inability to get to it just still leftovers from those zany DoS rumours?
08:05<Ciaran>fuzzie: Yep, I'm here, but that's probably not much use to you now. ;p
08:05<Ciaran>Sorry. :(
08:05[~]fuzzie grins.
08:06<darko>im also trying to get to host49, but it seems to be not responding
08:06<Ciaran>As for host49, I can't get to it either.
08:06<Ciaran>Yeah, seems to be down.
08:06<darko>ive got 2 shutdowns in the queue, so obviously there's a problem there
08:06<fuzzie>Okay. I shall just sit here and make motions at random, then.
08:12|-|spr [~spr@c-24-10-162-63.hsd1.ut.comcast.net] has joined #linode
08:14|-|Dreamr_3 [~Dreamer3@0-2pool92-112.nas33.chicago3.il.us.da.qwest.net] has joined #linode
08:18|-|agraman [~50053ee3@webuser.linode.com] has joined #linode
08:20|-|Dreamr3 [~Dreamer3@0-1pool106-63.nas33.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
08:22|-|barth [~barth@schools.dce.k12.wi.us] has joined #linode
08:27|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
08:31|-|ageo [~frank@168.226.195.86] has joined #linode
08:31|-|scarcher2 [~472823b9@webuser.linode.com] has joined #linode
08:32<scarcher2>howdy
08:32<scarcher2>is anything going on right now? I can't get to host49.linode.com
08:33<fuzzie>yeah, neither can anyone else
08:34<fuzzie>don't know what's going on..
08:34[~]fuzzie makes random flailing motions
08:34<scarcher2>h ok
08:34<scarcher2>well i guess i just opened a pointless ticket then haha
08:34<scarcher2>i was going to check here first
08:35<fuzzie>might be a good idea, don't know if anyone else has opened a ticket
08:35<SpaceHobo>npmr: hey, have you found any other good rules for rejecting mail at smtp time lately?
08:35|-|flathom [~80681351@webuser.linode.com] has quit [Quit: CGI:IRC]
08:35|-|flathom [~80681351@webuser.linode.com] has joined #linode
08:35<cmantito>fucking hell
08:36<ageo>i can't reboot my linode on host49 :(
08:36<cmantito>I'm trying to write something that uses sessions here people, stop making my connection time out.
08:36<cmantito>Damn network problems.
08:36<scarcher2>i'm on host49 as well
08:36<scarcher2>and i can't access my box, or host49
08:36<flathom>host49 here too
08:37<scarcher2>it had been up for over 200 days before this :)
08:37<barth>same here no access to host49 at all
08:40<npmr>SpaceHobo, nothing since rejecting senders using an RFC1918 IP address as HELO
08:41<SpaceHobo>npmr: hmmm, when did you add that?
08:43|-|schultmc_ [~schultmc@zealot.progeny.com] has joined #linode
08:43<npmr>maybe a month ago
08:44|-|agraman [~50053ee3@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
08:45<SpaceHobo>oooh
08:46|-|Newsome [~sorenson@adsl-68-22-220-206.dsl.chcgil.ameritech.net] has joined #linode
08:46<SpaceHobo>what's all this about apnic lacnic ripe afrinic stuff?
08:46<SpaceHobo>hmmm, you've been working on this...
08:46<npmr>that was sort of an experiment
08:47<npmr>i started into it with the goal of applying extra junk to lacnic and apnic address space
08:47<npmr>like, no sendy *@ebay.com
08:47<SpaceHobo>so you reject HELO hostnames that resolve to rfc1918?
08:47<SpaceHobo>is that it?
08:47<npmr>no, HELO hostnames that *are* rfc1918 addresses
08:47<npmr>HELO 192.168.1.10
08:47<SpaceHobo>surely that already gets solved by reject_non_fqdn_sender?
08:47<npmr>557 Bye!
08:48<SpaceHobo>er
08:48<SpaceHobo>reject_non_fqdn_hostname
08:48<npmr>nope
08:48<SpaceHobo>!!
08:48<npmr>ip addresses get the white flag
08:48<SpaceHobo>hmmm, why
08:48<npmr>any ip address
08:48|-|Mohtalf [~80681351@webuser.linode.com] has joined #linode
08:48|-|scarcher2 [~472823b9@webuser.linode.com] has left #linode []
08:49<npmr>well, it's not a hostname at all, therefore neither fully-, partially-, nor un- qualified
08:49<SpaceHobo>yeah
08:49<SpaceHobo>I know that, but I'm trying to think of what legitimate mailers use IP addresses instead of FQDNs
08:50[~]npmr shrugs
08:50<npmr>it's not worth the time trying to imagine the scenario in which it's legit
08:50|-|flathom [~80681351@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
08:50<npmr>i just presume that that scenario exists and ban cases
08:50<npmr>really just two cases
08:51<npmr>my own ip as HELO, and rfc1918
08:51<SpaceHobo>any good changes you did before that?
08:51<SpaceHobo>I don't think I've looked in about a year
08:52<npmr>i started going nuts on postfix about two months ago when i realized clamscan and bogofilter were my biggest i/o hogs
08:52<SpaceHobo>yeah
08:52<npmr>basically i have the failed nic-space experiment
08:52<SpaceHobo>I'm hoping to cut down my rml ranking
08:52<npmr>and i've reinstated a few of the pickier standard restrictions
08:55<npmr>so reason i consider the nic-space classification a failed experiment is that partway through implementing it i finally understood that it was really just a poor-man's spf, and had a bit of mental tug of war for about a week over whether or not i should just use spf
08:55<SpaceHobo>yeah
08:55<SpaceHobo>I want to use spf
08:55<npmr>in the end i just decided that lacnic and apnic clients need to have rdns
08:56|-|flathom [~flathom@dyn-4-199.doit.wisc.edu] has joined #linode
08:56<npmr>or maybe it was everyone
08:56<npmr>i can't remember
08:57|-|Mohtalf [~80681351@webuser.linode.com] has quit [Quit: CGI:IRC]
09:01|-|TehDan [~dan@omicronpersi8.plus.com] has joined #linode
09:02<npmr>also, lots of reject codes for different rejections make munin all purdy
09:04<npmr>ooh, hey
09:05<npmr>SpaceHobo, there's one that'll be great on your box since you do so much backup mx
09:05<SpaceHobo>oh yeah?
09:06<npmr>SpaceHobo, take a look at my rcpt_access table
09:06|-|FireSlash [~FireSlash@166.217.215.226] has joined #linode
09:06<SpaceHobo>reject_unverified_recipient eh?
09:06<SpaceHobo>nice.
09:06<SpaceHobo>if they support VRFY
09:06<npmr>it's not VRFY
09:06<SpaceHobo>no?
09:07<npmr>i think it's an abortive smtp session
09:07|-|taupehat [me@taupehat.com] has joined #linode
09:07<npmr>like, do the dance up until DATA, then QUIT instead
09:07<taupehat>hrm
09:07<taupehat>did some disaster take place while I was asleep?
09:08<SpaceHobo>http://www.postfix.org/verify.8.html
09:08<SpaceHobo>ohhhhh
09:08<SpaceHobo>it's not VRFY
09:08<npmr>taupehat, an asteroid destroyed north korea
09:08<SpaceHobo>but it's a cache of successful deliveries
09:08<npmr>yeah, positives are cached for 30 days by default
09:08<npmr>negatives are caches for like 3
09:09<npmr>so that should withstand most primary mx outages reasonably well
09:09<SpaceHobo>not bad
09:09<npmr>also, those verifications need to be routed
09:09|-|Miquel [~Miquel@86.Red-80-37-88.staticIP.rima-tde.net] has joined #linode
09:09<npmr>it can't be done over uucp
09:10<Miquel>has the ddos gone?
09:10<npmr>those are in verification.transport
09:10<SpaceHobo>yeah
09:10<SpaceHobo>I may want to give up on uucp
09:10|-|ywliu [~3de45715@webuser.linode.com] has joined #linode
09:10<SpaceHobo>it's cute, but it's bursty with the I/O
09:12<ywliu>host49 is still unaccessible...
09:14|-|kvandivo_ changed nick to kvandivo
09:14<barth>host49 is linode's way of saying, you must ride on the short bus
09:22|-|Kurt [1000@evvlinlwt-nas-07-s204.cinergycom.net] has joined #linode
09:24|-|npc [~80ad58de@webuser.linode.com] has left #linode []
09:29|-|k0nn3ct3d [~k0nn3cted@132.248.128.159] has joined #linode
09:32|-|DeV0id [~Sodapop_R@dcha-aa061.taconic.net] has joined #linode
09:32|-|k0nn3ct3d [~k0nn3cted@132.248.128.159] has quit []
09:40|-|DeV0id [~Sodapop_R@dcha-aa061.taconic.net] has quit [Ping timeout: 480 seconds]
09:44|-|DeV0id [~Sodapop_R@dcha-aa061.taconic.net] has joined #linode
09:45<DeV0id>Hello, Does anyone know if the DDoS attack ended or is it still happening?
09:45<TehDan>my node had been back for a while
09:46<Miquel>DeV0id: mine hosted on 31 is working perfect now
09:47<barth>host 49 is still down
09:47<DeV0id>Im on host 49 which explains my problem.
09:47<DeV0id>Is it down because of the DDoS or for some other reason?
09:47[~]barth wonders how long it will take Linode to at least respond to ticket
09:49<fuzzie>Forever and ever and ever.
09:49<fuzzie>It was up during the DDoS and seemed to disappear about the time everyone said it'd stopped and everything was working again.
09:50<fuzzie>It's a bit odd.
09:50<TehDan>there was talk of a hacked node - could it have been on host49?
09:51<DeV0id>barth: How long ago did you open your ticket?
09:52|-|cconlin [~181d8d4f@webuser.linode.com] has quit [Quit: CGI:IRC (Session timeout)]
09:53<barth>Almost 4 hours ago
09:54<DeV0id>Hopefully we will know something or better yet they will fix the problem before another 4 hours pass.
09:55<DeV0id>My customers are not exactly happy that their websites and email are down :P
09:55<darko>same for me :(
09:56<flathom>Ditto... apparently I need to take the Linode approach and not provide my customers with a phone number from now on.
09:56<barth>It had hoped for at least something like, "A drive failed and we're working on it." or even "We're looking into it right now and will give you an update."
09:56<barth>Yeah, flathom that's it.. no more customer complaints if they can't reach us!
09:57<barth>A customer of mine had a problem with her site this week and was happy I got it fixed last night. She's probably going to be pissed it's down again the next morning when I can only tell her, "Something is wrong and nobody will tell me what or how long until it's fixed."
09:57[~]DeV0id takes his phone off the hook....
09:59|-|Kurt [1000@evvlinlwt-nas-07-s204.cinergycom.net] has quit [Ping timeout: 480 seconds]
09:59<DeV0id>Its times like this I wish I could switch back to colocating.
10:00<DeV0id>Atleast back then I had a person I could call and complain to.
10:01|-|ScArcher2 [~ScArcher2@rrcs-71-40-35-185.sw.biz.rr.com] has joined #linode
10:01[~]barth agrees with DeVoid.
10:01<ScArcher2>hey so any word on what's up with host49?
10:01<barth>We just moved from a co-location service with spotty Internet connectivity to here. But at least I could get a response from them.
10:02[~]barth wishes we could find out.
10:03<DeV0id>My previous colo had a stable connection, its just that if you had a problem with your box and you weren't running redhat, about the only thing they could do for you is press the reset button and make sure the power switch was on. :P
10:04<ScArcher2>so has anyone heard back?
10:04<ScArcher2>I opened a ticket, but nothing so far
10:04<kvandivo>when you open a ticket they get paged
10:04<ScArcher2>ah
10:04<flathom>Sweet, I'm going to open a ticket every 5 minutes
10:05<kvandivo>although, i suspect that if people abuse that, the behavior of the system will be modified
10:06<barth>kvandivo: and beatings will continue until morale improves
10:06<ywliu>looks like host49 is back.
10:06<fuzzie>h'ray
10:06<ywliu>yeah. it's alive and kicking now.
10:07<fuzzie>guess it's just waiting until the linodes boot :) bye all
10:07|-|fuzzie [~d99bb5a2@webuser.linode.com] has quit [Quit: CGI:IRC]
10:08<ScArcher2>yay
10:09<ywliu>host49 is back on line , but I believe they are rebooting every VM.
10:14|-|ywliu [~3de45715@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
10:15|-|DeV0id [~Sodapop_R@dcha-aa061.taconic.net] has quit [Ping timeout: 480 seconds]
10:16|-|tseng [~tseng@brandonhale.us] has joined #linode
10:21|-|Miquel [~Miquel@86.Red-80-37-88.staticIP.rima-tde.net] has quit [Quit: Miquel]
10:23|-|ScArcher2 [~ScArcher2@rrcs-71-40-35-185.sw.biz.rr.com] has quit [Quit: ScArcher2]
10:36|-|andrew_j_w [~andrew@82-69-30-171.dsl.in-addr.zen.co.uk] has quit [Read error: Connection reset by peer]
10:38<barth>Host Start Date 10/13/2006 11:36:22 AM Host Finish Date
10:38[~]barth rejoices that his linode is finally booting!
10:46|-|iggy [~iggy@12.45.184.235] has quit [Read error: Connection reset by peer]
10:48|-|iggy [~iggy@12.45.184.235] has joined #linode
10:52|-|FireSlash [~FireSlash@166.217.215.226] has quit [Quit: Leaving]
10:53|-|flathom [~flathom@dyn-4-199.doit.wisc.edu] has quit [Quit: Leaving]
10:53|-|barth [~barth@schools.dce.k12.wi.us] has quit [Quit: I am bored and my linode is booted]
11:01|-|Kurt [1000@evvlinlwt-nas-07-s299.cinergycom.net] has joined #linode
11:06|-|Ernie [~c636cac3@webuser.linode.com] has quit [Quit: CGI:IRC (Session timeout)]
11:14|-|Kurt [1000@evvlinlwt-nas-07-s299.cinergycom.net] has quit [Ping timeout: 480 seconds]
11:25|-|Drew [~admin@adsl-227-29-222.jan.bellsouth.net] has quit [Read error: Connection reset by peer]
11:40|-|vitrum [~glamb@66-194-13-41.static.twtelecom.net] has joined #linode
11:49|-|TehDan [~dan@omicronpersi8.plus.com] has quit [Quit: BitchX-1.1-final -- just do it.]
11:49|-|SpaceHobo [~spacehobo@217.205.109.249] has quit [Ping timeout: 480 seconds]
12:11|-|Kurt [1000@evvlinlwt-nas-08-s185.cinergycom.net] has joined #linode
12:13|-|Ernie2 [~c419ffc3@webuser.linode.com] has quit [Quit: CGI:IRC (Session timeout)]
12:14|-|Marcel [~xaer@jharkema.xs4all.nl] has quit [Quit: living in another world]
12:17[~]Kurt bought "Lego Star Wars II" today...can't wait to play it
12:33|-|SpaceHobo [~spacehobo@host-84-9-51-167.bulldogdsl.com] has joined #linode
12:37|-|Kurt [1000@evvlinlwt-nas-08-s185.cinergycom.net] has quit [Quit: Welfare recipients are the new feudal lords--they are the unproductive forcibly taking from the productive]
12:38|-|linbot` changed nick to linbot
12:46|-|ironie [ironie@82-37-10-10.cable.ubr02.wolv.blueyonder.co.uk] has quit []
12:48|-|cpl_rogue [~184a5f15@webuser.linode.com] has joined #linode
12:53|-|cpl_rogue [~184a5f15@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
12:53|-|fo0bar_ [fo0bar@feh.colobox.com] has joined #linode
12:54|-|fo0bar [fo0bar@feh.colobox.com] has quit [Read error: Connection reset by peer]
12:55|-|cpl_rogue [~184a5f15@webuser.linode.com] has joined #linode
13:00|-|cpl_rogue [~184a5f15@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
13:02|-|phlaegel [~phlaegel@atdot.ca] has joined #linode
13:13|-|ageo [~frank@168.226.195.86] has left #linode []
13:22|-|Bubba [~cdc24a0a@webuser.linode.com] has joined #linode
13:32|-|Bubba [~cdc24a0a@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
13:45|-|Drew [~admin@adsl-147-231-43.jan.bellsouth.net] has joined #linode
14:48|-|vitrum [~glamb@66-194-13-41.static.twtelecom.net] has quit [Quit: Leaving.]
14:48|-|vitrum [~glamb@66-194-13-41.static.twtelecom.net] has joined #linode
14:55|-|darko [~cbce15eb@webuser.linode.com] has quit [Quit: CGI:IRC (Session timeout)]
14:57|-|vitrum [~glamb@66-194-13-41.static.twtelecom.net] has left #linode []
14:57|-|linville [~linville@nat-pool-rdu.redhat.com] has quit [Quit: Leaving]
15:02|-|vitrum [~vitrum@66-194-13-41.static.twtelecom.net] has joined #linode
15:20|-|tronix [~dsf@mappy.catbert.org] has quit [Quit: ta-ta for now]
15:22|-|Newsome [~sorenson@adsl-68-22-220-206.dsl.chcgil.ameritech.net] has quit [Quit: Linux: Now with employee pricing!]
15:43|-|donnchao1aoimh [~donncha@194.125.39.50] has joined #linode
15:44|-|donnchaocaoimh [~donncha@212.2.170.64] has quit [Read error: Operation timed out]
15:45|-|ximbiot [~ximbiot@s233-64-208-242.try.wideopenwest.com] has left #linode []
15:50|-|fish1209 [~fish1209@0015e9782573.click-network.com] has joined #linode
15:55|-|serich159 [~80c0b040@webuser.linode.com] has joined #linode
16:00|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
16:06|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
16:12|-|serich159 [~80c0b040@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
16:13|-|schultmc_ [~schultmc@zealot.progeny.com] has quit [Quit: Client exiting]
16:21|-|Kurt [1000@evvlinlwt-nas-03-s431.cinergycom.net] has joined #linode
16:53|-|AnMaster [~AnMaster@83.177.105.173] has joined #linode
17:05|-|Ciaran [~ciaran@host81-158-197-229.range81-158.btcentralplus.com] has quit [Read error: Connection reset by peer]
17:11|-|Shaun [~ndci@ip68-5-62-187.oc.oc.cox.net] has joined #linode
17:20|-|cpl_rogue [~184a5f15@webuser.linode.com] has joined #linode
17:21|-|cpl_rogue [~184a5f15@webuser.linode.com] has quit []
17:22|-|CPL_Rogue [~184a5f15@webuser.linode.com] has joined #linode
17:26|-|CPL_Rogue [~184a5f15@webuser.linode.com] has quit []
17:29|-|notwarewolf [warewolf@warewolf.org] has joined #linode
17:29|-|notwarewolf changed nick to warewolf
17:29<warewolf>wow
17:29<warewolf>06:29 -!- Irssi: Unable to connect server irc.oftc.net port 6667 [Name or service not known]
17:30<warewolf>did oftc die for a time or something? or did part of linode suddenly lose all network connectivity around 6:30 easter?
17:30<warewolf>w
17:30<warewolf>eastern.
17:30<Kurt>stop masturbating so much
17:30<Kurt>that should help some
17:30<warewolf>once you stop, you can't stop.
17:31<warewolf>er once you start.
17:31<Kurt>liar!
17:31<warewolf>sorry, my brain is fried.
17:31<Kurt>I stopped just yesterday
17:31<@mikegrb>lolz
17:31<fish1209>lol
17:31<Kurt>no one said anything about restarting, though
17:31<Kurt>yeah
17:31<Kurt>BECAUSE YOU MASTURBATE TOO MUCH
17:31<Kurt>you cosmo-kike
17:31<Kurt>I haven't masturbated since I was 23
17:31<Kurt>!
17:32<warewolf>Kurt: and you're 22?
17:32<Kurt>turned 24 two minutes and 19 seconds ago
17:32<warewolf>haha
17:54<JasonF>caker: mikegrb: does an account cancellation take effect instantly or it is a "delayed" effect, i.e. it's cancelled last day of billing period
18:03|-|encode [~encode@blah.i.hate.w1ndo.ws] has joined #linode
18:04<encode>did host49 get rebooted as well?
18:41<cmantito>there was a DDOS going on early this morning
18:41<encode>yeah i know
18:41<encode>but my linode has been rebooted
18:41<cmantito>I was also letting warewolf know ;)
18:41<encode>ahh ok
18:48<AnMaster>hm you should update that gentoo image you use for letting customers deploy distros, updating that old version isn't fun
18:48<AnMaster>as I had to do some workarounds when portage simply didn't understand new portage meta data format
18:49<AnMaster>a less experienced users could probably not have handled it
18:49|-|Drew [~admin@adsl-147-231-43.jan.bellsouth.net] has quit []
18:50|-|Drew [~admin@adsl-147-231-43.jan.bellsouth.net] has joined #linode
19:15|-|lol [~go@dyn216-8-173-31.ADSL.mnsi.net] has joined #linode
19:15|-|Eman [~go@dyn216-8-173-31.ADSL.mnsi.net] has quit [Killed (NickServ (GHOST command used by lol))]
19:16|-|lol changed nick to Eman
19:28|-|lightern [~zordon@210-9-142-80.netspeed.com.au] has left #linode [Leaving]
19:34[~]taupehat thinks anyone using gentoo is silly. Double that for those using gentoo on a linode.
19:36<Drew>why's that?
19:38<encode>because clearly BeOS is superior
19:42<AnMaster>hah
19:42<AnMaster>well I perfer gentoo
19:43<JDM>i used to :P, debian now
19:44|-|cmantito [~gphreak@spc2-port1-0-0-cust259.cosh.broadband.ntl.com] has quit [Quit: Outta here, yo.]
19:47<Drew>I like Debian; What's wrong with Gentoo though. Never used it.
19:48<JDM>gentoo doesn't provide any binary packages
19:54<Kurt>FEAR THE PENIS!
19:54<@mikegrb>watch your language please, this is a family channel
19:56<Kurt>fine
19:56<Kurt>FEAR THE GLANS!
20:05<taupehat>you have to compile every bloody thing in gentoo, and there really isn't a percievable performance boost that results from it, which ends up making all that bloody compiling a net loss and waste of clockcycles
20:06[~]Kurt read that as "waste of cockcycles"
20:06<taupehat>every now and then I try to compile stuff on my Via C3-based server, and realize what a fool's errand it is. And it pwns the linode for available resources.
20:06[~]taupehat compiles on his athlon 3200+
20:07<encode>i have a mysql question - i just downgraded from mysql5 to mysql4.1 on my ubuntu 6.06 disk image, and now mysql reports the following when shutting down / starting up:
20:07<encode>error: 'Access denied for user: 'debian-sys-maint@localhost' (Using
20:07<encode>> password: YES)
20:07<encode>any idea where i can set that password, so the error no longer occurrs
20:07<taupehat>yeah
20:07<taupehat>it's in the mysql docs
20:07<encode>ok
20:08<encode>cos i tried settint the password to be the same as the one in /etc/mysql/debian.cnf
20:08<encode>but that didnt work
20:08<taupehat>no, you have to reset it the hard way
20:08<encode>ok
20:08<encode>thanks taupehat
20:09|-|vitrum [~vitrum@66-194-13-41.static.twtelecom.net] has left #linode []
20:11<encode>does it matter ifdebian-sys-maint cant access the table?
20:12<encode>err database
20:13<taupehat>I think it runs cron jobs for you
20:13<taupehat>the basic process is to start the db in single-user mode and edit the users table
20:13<taupehat>iirc
20:13<taupehat>although if you can log into mysql as root, you should be able to fix it
20:13<encode>use mysql;
20:13<encode>INSERT INTO `user` VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y' ,'Y','Y','Y','Y','Y','Y','Y');
20:13<encode>can i do something like that, except modified?
20:14<taupehat>yes
20:14<taupehat>and flush privileges afterwards =]
20:14<encode>yup
20:14[~]taupehat reckons encode googled it
20:14<encode>so i do that, and match the password to the one in /etc/myql/debian.cnf
20:14<taupehat>rgr
20:15<encode>cheers
20:15|-|Dreamr3 [~Dreamer3@0-2pool92-95.nas33.chicago3.il.us.da.qwest.net] has joined #linode
20:20<encode>ERROR 1136 (21S01): Column count doesn't match value count at row 1
20:20<encode>argh
20:21<taupehat>joy
20:21<taupehat>you'll probably want to ask in #ubuntu
20:21|-|Dreamr_3 [~Dreamer3@0-2pool92-112.nas33.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
20:21<taupehat>don't ask in #debian unless you want to get lynched
20:22<@mikegrb>lolz
20:22<encode>lol
20:22<encode>i'll try fudging it first
20:23<encode>presumably the debian-sys-maint account needs the same privilges as root
20:24<@caker>1 334962 59.90% Netscape
20:24<@caker>2 134170 23.99% MSIE
20:24<@caker>3 17120 3.06% Opera
20:24<@caker>go netscape/Firefox
20:25<JDM>encode: my debian-sys-maint doesn't have the same priviledges as root
20:26|-|Kurt [1000@evvlinlwt-nas-03-s431.cinergycom.net] has quit [Ping timeout: 480 seconds]
20:31<encode>JDM: oh
20:31<encode>taupehat: dammit, after all that playing around i still couldn't get it to work, so i just did the grant user command again and it worked
20:32<taupehat>love that stuff
20:33<encode>JDM: what privileges differ between your debian-sys-maint and root?
20:33<encode>i just checked my other linode and they appear identical to me
20:35<JDM>http://pastebin.ca/201935
20:35<encode>thanks
20:36<JDM>although since i'm using debian and not ubuntu, it could be differences in the packages
20:36<encode>yeah, maybe
20:36<encode>both my linodes are ubuntu
20:45|-|Kurt [1000@evvlinlwt-nas-08-s158.cinergycom.net] has joined #linode
21:26|-|Newsome [~sorenson@adsl-75-0-136-70.dsl.chcgil.sbcglobal.net] has joined #linode
21:39|-|Kurt [1000@evvlinlwt-nas-08-s158.cinergycom.net] has left #linode [I wish the left would stop referring to itself as "progressive". There's nothing "progressive" about slavery and feudalism.]
21:58|-|tronix [~dsf@mappy.catbert.org] has joined #linode
21:59<tronix>22:58 and all is well! </town crier>
21:59<tronix>:-)
22:24<JasonF>caker: mikegrb: does an account cancellation take effect instantly or it is a "delayed" effect, i.e. it's cancelled last day of billing period
22:30<tronix>iirc, if done via the website, cancelled on the spot.
22:30<tronix>not sure about billing angle though
22:30<tronix>(I'd assume a prorated refund for unused days of month...?)
22:49<warewolf>hee
22:49<warewolf>lets try that again
22:49<warewolf>whee
22:50<warewolf>I have a macbook pro
22:59|-|VS_ChanLog [~stats@ns.theshore.net] has left #linode [Rotating Logs]
22:59|-|VS_ChanLog [~stats@ns.theshore.net] has joined #linode
23:02<encode>warewolf: hurrah
23:46|-|SpaceHobo [~spacehobo@host-84-9-51-167.bulldogdsl.com] has quit [Ping timeout: 480 seconds]
23:55|-|Newsome [~sorenson@adsl-75-0-136-70.dsl.chcgil.sbcglobal.net] has quit [Quit: Linux: Now with employee pricing!]
---Logclosed Sat Oct 14 00:00:56 2006