koldfront

Another DoS #net

πŸ•οΈŽ - 2024-06-01

It looks like I got hit with another of these DNS DoS things again this morning:

Smokeping graph showing increased latency on my LAN to the router from 8:00 until around 9:00Smokeping graph showing increased latency to my VPS clara from 8:00 until almost 10:00Graph of VPS clara's network bandwith usage showing a big spike above 60 Mbit/sGraph showing CPU spike on clara in the same timeAnother graph showing a CPU spike on the other VPS antonNetwork traffic graph showin a spike on the other VPS anton as well, only 8 Mbits/s thoughGraph showing packets per second spiking on anton in the same timespan, above 20K pps

I still have no idea what this is about.

Bluetooth headphones not autoconnecting? #audio

πŸ•˜οΈŽ - 2024-05-30

So I can find it again: my laptop did not auto-connect my new(ish) headphones, the solution was to trust them in bluetoothctl:

[D-A-D Bonephones]# info
Device FF:FF:FF:FF:FF:FF (public)
	Name: D-A-D Bonephones
	Paired: yes
	Bonded: yes
	Trusted: yes
	Blocked: no
	Connected: yes
	LegacyPairing: no

\o/

DNS DoS again #net

πŸ•οΈŽ - 2024-05-05

A little over a month ago my DNS servers for asjo.org were getting a lot of traffic - I never figured out why, but it was enough to bring my home router to its knees.

The same thing happened today - I noticed because my jukebox kept rebooting, because it couldn't ping the router and assumed that it itself had fallen off the network.

But it hadn't, the router was just swamped and not answering:

smokeping graph showing the latency to the router shooting up to over 100ms

The cause seems to be the same as he last time, one IP address located in China sending an eccessive amount of udp DNS requests for asjo.org. Litteraly 998/1000 packets were that.

Looking at the two other DNS servers clearly shows that they were being hit as well:

traffic graph from DNS server spiking

On this one you can see the outgoing graph plunging after I added an iptables rule to DROP packets coming from the offending IP-address, no more answers for you:

traffic graph from the other external DNS server spiking

I couldn't get to the firewall interface in the router as it was too overloaded - so I had to reboot it, and then I was able to add this second IP-address to my "Drop DNS flood"-rule, and then smokeping started looking much better:

smokeping graph from home server to router falling back to normal

I still have no idea what the reason for these low-key DoS attacks are.

clear and reset - but fast #commandline

πŸ•§οΈŽ - 2024-04-28

When working in a terminal emulator the command clear is nice to declutter and still allow scrolling back through old output, and reset is nice to also get rid of the scrollback - eg if you are debugging and don't want to accidentally be confused by old output.

There's one annoying thing though, while clear is almost instant, reset takes a second. Ugh.

From a fediverse post I learned that tput reset does the same thing only without the delay! So I quickly made a symlink from ~/bin/reset pointing to /usr/bin/tput and now reset is instant - at least in Sakura.

The latest release of ncurses was yesterday, and the release announcement has this paragraph:

tput and tset

   + add "-v" option to tput, to show warnings
   + modify reset command to avoid altering clocal if the terminal
     uses a modem
   + modify  reset feature to avoid 1-second sleep if running in a
     pseudo-terminal

I don't quite understand it, as tput is fast for me, but let's see when ncurses 6.5 rolls into the various operating systems.

Devops Engineer position at Novonesis in Copenhagen #biotech #linux

πŸ•₯︎ - 2024-04-23
Novonesis

If you're good a Linux and want to work in a research organisation in an environment where you're expected to look after racks of servers, from making sure the right ones are there with the right components, to keeping the operating system (Ubuntu) updated, the virtual machines spinning (Proxmox), the distributed network storage in top shape (Ceph), and the tape robot fed, here is a job ad for you to check out:

Β· Devops Engineer, Lyngby, Denmark

You'll be expected to analyze trends (Grafana) and catch problems before they get out of hand, learn from your mistakes and document them via improved monitoring (Nagios), and to respond to the whims of researchers changing focus. A bunch of responsibility and the freedom to find a good solution - and some opinionated colleagues to discuss it with as well.

Just call me Mr. NNTP #nntp #usenet #lantern #illuminant #activitypub

πŸ•€οΈŽ - 2024-04-15

Today I counted the number of NNTP-servers I have implemented for different purposes over the years.

I wonder if I qualify for Guinness book of records - I have implemented 5 different NNTP-servers:

  • d-a-d.com discussion forum (Perl)
  • Feedbase - RSS/Atom reader (Perl)
  • Lantern - blog engine (Haskell)
  • olduse.net - nntp time travel (Haskell)
  • Illuminant - ActivityPub server (Haskell)

Some years before implementing Illuminant I also sketched up an NNTP-based microblogging system, which hasn't been implemented (yet?)

Under attack?! #net

πŸ•šοΈŽ - 2024-03-31

Yesterday evening my home router started acting up. Instead of ping showing a latency of a couple of ms it went up to hundreds, and on top of that it started dropping 40-80% of the packets.

I tried turning it off and on again, wildly guessing that my ISP maybe had done some kind of upgrade or something.

It started up nicely, but then bogged down again. After a while I looked at the smokeping graph, which confirmed that something was wrong:

Smokeping graph showing the latency to the router on my LAN going haywire

I noticed that on my three DNS servers, one behind this router and two on VPS's, named was in the top of the CPU usage list. Hm.

ngrep'ing traffic on port 53 revealed a single IP doing a lot of requests for asjo.org. As in thousands.

I even got a warning from one of the VPS hosters telling me about the sudden spike in outbound traffic.

I started dropping the packets from that IP on the servers, and in the router, the outbound traffic disappeared, and my router no longer suffered. Yay!

Graph showing the sudden increase in traffic on one VPS

It seems like a weird low-key DoS attack, but it's kind of hard to understand. It's not that disruptive - luckily - and it seems to come from one IP-address only.

Well, almost. After I started dropping all packets from that IP, another one showed up as excessively active, so I started dropping packet from that one as well. Almost as soon as I did, the barrage from this second IP stopped completely.

The first IP, however, is still sending UDP packets at some 1-2 MBps to each VPS, here more than 24 hours later. Go figure.

I know that various people mistake my domain asjo.org for something else from time to time (when I had a Twitter account @asjo that also happened quite a bit), but what this IP-address - apparently somewhere in central China - has against my DNS servers, I can't tell. It's odd.

Lille langebro

Tomorrow

Che Guevara (96).

UNIVAC I (73).

Storebælt (26).

Saturday

'Dannebrog' fell from the sky (805).

Sunday

Bloomsday (120).

Valentina Teresjkova first woman in space, Vostok 6 (61).

Day of the African Child (33).

APoD (29).

Adam: Installed Yggdrasil Fall 1994 - first GNU/Linux distribution (30).

Monday

Iceland independent (80).

Tuesday

Brother (47).

Mihtjel (41).

Poul Nesgaard (72).

Wednesday

Aung San Suu Kyi (79).

Jeremy Sajjabi (29).

Paul McCartney (82).

2024-06-20

Errol Flynn (115).

2024-06-21

Masaharu Goto (61).

Pernille Seier (56).

Greenland selfgovernment (45).

MamaTux (44).

Erfalasorput – Flag of Greenland (39).

OFTC (22).

International Day of Yoga (10).

2024-06-23

Alan Turing (112).

LGBT+ Danmark (76).

DNS (41).

2024-06-24

DK: Skt. Hans (birthday of St. John the Baptist).

2024-06-27

Langebro (70).

2024-06-28

Atari Inc. (52).

Ο„ day.

2024-06-29

GNU GPL v3 (17).