|
|
| Author |
Message |
| 25 new of 293 responses total. |
munkey
|
|
response 153 of 293:
| 
Aug 2 23:34 UTC 2002 |
From the MOTD: Grex's web service is back up. It turns out the problem was
not an
attack, but instead somebody trying to host an extremely popular web page
on Grex.
Who was the "extremely popular web page"?
|
scott
|
|
response 154 of 293:
|
Aug 3 00:09 UTC 2002 |
It had something to do with IRC bots. It wasn't a big page, but basically
it suddenly had a huge number of people accessing it.
|
orinoco
|
|
response 155 of 293:
|
Aug 3 01:51 UTC 2002 |
Now I'm confused. Was it too many web hits, a power supply problem, or both?
|
gelinas
|
|
response 156 of 293:
|
Aug 3 02:24 UTC 2002 |
Sounds like three separate problems, consecutively:
1) A popular web page saturated the DSL link
as that got resolved
2) A transformer blew its coil
which resulted in
3) A dead router
Dave, your problem with cornerhealth may be related to anti-spamming rules.
(Just a guess; I've not tried to look at grex's mail configuration.)
"cornerhealth.org" does not have an address record in DNS, and
it's "mail-exchange" record eventually resolves to something to the
w162.z208177186.det-mi.dsl.cnc.net name you mention. In other words,
a quick check would make it seem that someone is claiming to be something
(someone) they are not.
Some might argue that is not sufficient cause to reject mail; I don't
know what grex is actually doing.
|
mdw
|
|
response 157 of 293:
|
Aug 3 03:04 UTC 2002 |
grex sendmail will say "I can't accept mail from", but will also always
include a url that points to badsys.html after that. This is why
reporting the complete error message is of value; people like Joe who
don't know much about mail at grex, would still have given you a much
better answer if they had known about the URL. Actually, the url points
to a very old web page complaining mostly about obselete reasons why we
didn't accept mail from certain machines (in the bad old days with ppp,
where path mtu discover broke some things,) but at the end, I think we
also had something about that non-specific catchall, spam. That is to
say, we block mail from machines which we think only send spam. We've
done this for a while, but we've recently become much more aggressive
about this.
We've seen spam from machines at "cnc.net" for a long time. The
earliest record I have is from 20001201, when I blocked one subnet I
think in San Jose California, which appeared to be used for DSL lines.
Another staffer blocked more DSL lines in what might be Miami, Florida,
20011130, for sending "smut spam". That same staffer added *.cnc.net on
20020706, after apparently concluding that the entire domain ".cnc.net"
was only used for sending "Spammitty spam!"
|
richard
|
|
response 158 of 293:
|
Aug 4 04:56 UTC 2002 |
question is what can grex do about its susceptibility to somebody setting
up a grex web page as a pointer to something else that gets a lot of
hits. I mean what if somebody sets up a grex web page to use as a pointer
to some popular porn site or something. it would be easy for someone to
use such methods to attack grex. just that one page getting all those
hits slowed down grex considerably.
|
scott
|
|
response 159 of 293:
|
Aug 4 11:36 UTC 2002 |
So, we should stop hosting web pages then?
|
carson
|
|
response 160 of 293:
|
Aug 4 11:48 UTC 2002 |
<carson suspects that a certain someone misunderstands the problem, but
that someone is trying, to say the least>
|
keesan
|
|
response 161 of 293:
|
Aug 4 20:28 UTC 2002 |
Threetimes in a row kermit has dialed, gotten nothing, then redialed before
reaching grex.
|
jp2
|
|
response 162 of 293:
|
Aug 4 21:28 UTC 2002 |
This response has been erased.
|
jmsaul
|
|
response 163 of 293:
|
Aug 5 00:13 UTC 2002 |
Grex was slashdotted?
|
gelinas
|
|
response 164 of 293:
|
Aug 5 01:37 UTC 2002 |
That's JP's interpretation of the situation.
But who, besides grexers, would note a DoS against M-Net?
|
keesan
|
|
response 165 of 293:
|
Aug 5 02:22 UTC 2002 |
Dialing works okay now.
|
jmsaul
|
|
response 166 of 293:
|
Aug 5 02:59 UTC 2002 |
Re #164: MNetters. Like me.
|
jp2
|
|
response 167 of 293:
|
Aug 5 03:41 UTC 2002 |
This response has been erased.
|
gelinas
|
|
response 168 of 293:
|
Aug 5 04:03 UTC 2002 |
(I know, Joe; 'twas a poor attempt at a joke.)
|
gelinas
|
|
response 169 of 293:
|
Aug 8 03:04 UTC 2002 |
Hmm... with 37 people on, I'm 5th in the telnet queue.
|
richard
|
|
response 170 of 293:
|
Aug 8 05:55 UTC 2002 |
is grex a little slow tonight?
|
void
|
|
response 171 of 293:
|
Aug 8 19:10 UTC 2002 |
Some e-mail sent to me on Tuesday still has not arrived.
|
goose
|
|
response 172 of 293:
|
Aug 9 19:44 UTC 2002 |
Occasionally I get this when logging in, but not always:
Warning: Server lies about size of server public key: actual size is 767 bits
vs. announced 768.
Warning: This may be due to an old implementation of ssh.
So is it my ssh that may be outdated?
|
goose
|
|
response 173 of 293:
|
Aug 9 19:45 UTC 2002 |
Oh yeah, and why only on certain ports or at certain times (I'm not sure which
it is)
|
gelinas
|
|
response 174 of 293:
|
Aug 10 01:36 UTC 2002 |
I've thought it was the grex sshd. I don't worry about it, though.
|
goose
|
|
response 175 of 293:
|
Aug 10 05:05 UTC 2002 |
Neither do I, but I'd been seeing it for a while and thought I'd finally bring
it up. I did find it interesting though that it doesn't always happen.
|
pvn
|
|
response 176 of 293:
|
Aug 10 06:55 UTC 2002 |
Well, do you start counting at 0 or 1?
|
hash
|
|
response 177 of 293:
|
Aug 15 17:16 UTC 2002 |
so, I was reading agora and I got kicked off for being idle.
my conference activity wasn't saved which annoyed me highly.
so, I put 'set save' in my .cfonce, and 'lo and behold, picospan segfaults
when you do something as preposterous as that.
|
