--- Log opened Tue Nov 17 00:00:32 2009
00:01 -!- B3AST1 is now known as B3AST
00:12 < ware> sweet
00:12 < ware> my laptop is running it slow
00:12 < ware> had to turn off the 'frame buffer effects'
00:12 < ware> but it should fly on my desktop
00:13 < coil> k
00:39 -!- Dolemite [n=scott@99-2-141-173.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
01:20 <@Evilpig> shouldn't be a problem to just rename this to .iso right?
01:20 <@Evilpig> root@vmware:/isos# file eng_windows_server_2008_r2_st_ent_dc_web_retail_x64_X15-50365.img
01:20 <@Evilpig> eng_windows_server_2008_r2_st_ent_dc_web_retail_x64_X15-50365.img: ISO 9660 CD-ROM filesystem data 'GRMSXFRER_EN_DVD               ' (bootable)
01:23 <@Dagmar> Should be fine
01:23 <@Dagmar> ISO is a bit of a misnomer, but the common definition is clearly what that is
01:24 <@Dagmar> You should actually be able to just mount it under Linux (or with Daemon TOols if that still works in Win32) to be sure
01:25 <@Evilpig> using it as a drive under VMware
--- Log closed Tue Nov 17 02:01:01 2009
--- Log opened Tue Nov 17 05:28:35 2009
05:28 -!- Evilpig [n=wilpig@wilpig.org] has joined #se2600
05:28 -!- Irssi: #se2600: Total of 57 nicks [30 ops, 0 halfops, 0 voices, 27 normal]
05:28 -!- mode/#se2600 [+o Evilpig] by ChanServ
05:28 -!- Irssi: Join to #se2600 was synced in 9 secs
07:42 -!- digitalirony [n=digitali@my.ass.looks.just.like.your-face.info] has left #se2600 []
07:42 -!- digitalirony [n=digitali@my.ass.looks.just.like.your-face.info] has joined #se2600
07:42 -!- mode/#se2600 [+o digitalirony] by ChanServ
09:33 -!- m0j0-j0j0 [n=m0j0-j0j@vnet503-hosoc.mcclatchyinteractive.com] has joined #se2600
09:33 -!- mode/#se2600 [+o m0j0-j0j0] by ChanServ
09:34 <@nachoguy> mr0nin
09:34 <@aestetix> sweet there's a wootoff today
09:34 <@m0j0-j0j0> nod
09:47 -!- Neoteric [n=timball@enki.sunlightfoundation.com] has joined #se2600
09:47 -!- mode/#se2600 [+o Neoteric] by ChanServ
09:47 -!- Neoteric [n=timball@enki.sunlightfoundation.com] has quit [Remote closed the connection]
09:57 -!- Neoteric [n=timball@enki.sunlightfoundation.com] has joined #se2600
09:57 -!- mode/#se2600 [+o Neoteric] by ChanServ
09:57 -!- mode/#se2600 [+o ladymerlin] by ChanServ
--- Log closed Tue Nov 17 10:26:38 2009
--- Log opened Tue Nov 17 10:26:48 2009
10:26 -!- Evilpig_ [n=wilpig@wilpig.org] has joined #se2600
10:26 -!- Irssi: #se2600: Total of 60 nicks [34 ops, 0 halfops, 0 voices, 26 normal]
10:26 -!- Evilpig [n=wilpig@wilpig.org] has quit [Read error: 104 (Connection reset by peer)]
10:26 -!- Irssi: Join to #se2600 was synced in 14 secs
10:36 -!- Venom_X [n=pjacobs@cpe-67-9-131-167.austin.res.rr.com] has joined #se2600
10:36 -!- mode/#se2600 [+o Venom_X] by ChanServ
10:38 < daswork> Exchange is still being funky.
10:38 < daswork> Weird.
10:39 < daswork> Telnet to port 25, send a text email, works.
10:39 < daswork> Send a regular email, works.
10:39 < daswork> Send a large email, sometimes fails.
10:39 < kive> No IPS in the middle, das? Might be worth a peek, if so.
10:40 < kive> Someone might have added a stupid sig
10:43 <@Neoteric> i'll show you a stupid sig...
10:43  * kive sees enough at work, kthx
10:45 < daswork> Nope.
10:45  * daswork redoes the cheapo qwest modem port forwarding settings.
10:48 < daswork> Weird, nope.
11:08 < daswork> Okay, switching it from PPPoE to PPPoA
11:08 < ephemeral> daswork:  Are you using an external transport server?
11:09 < ephemeral> You set the size limits in several places, including on the mailbox databases.
11:10 < daswork> ephemeral: Nope.
11:10 < daswork> ephemeral: Switching from PPPoE to PPPoA fixed it.
11:12 < daswork> If anyone has a theory why this would solve the problem, I'd like to hear it, since it seems silly to me.
11:14 < ephemeral> daswork: poor mtu negotiation
11:15 < daswork> ephemeral: Why would PPPoA fix it?
11:16 < ephemeral> daswork:  PPPoE steals from the ethernet mtu, lowering it to 14something.  PPPoA gives you a full 1500 byte mtu, as the oA part stands for "over ATM" and doesn't have to borrow the extra bytes.
11:17 -!- Neoteric [n=timball@enki.sunlightfoundation.com] has quit ["who's life in rain?"]
11:17 < daswork> 1492?  Think I've seen that.
11:17 < ephemeral> I haven't sorted out the "14something" bit.  When we used a redback it was 1462, When we used a cisco aggregator it was something different.
11:17 <@opticron> when colombus landed, right?
11:17 <@opticron> columbus?
11:18 < ephemeral> I determined it empirically by setting the DF bit on ping and trying different sizes.
11:18 < daswork> So where is the negotiation failing?  Is something trying to send a 1500 byte mtu, modem sees 14xx bytes, and stalls?
11:19 < ephemeral> external sends a 1500 byte packet with the df bit set, because their firewall is dumb.  your connection a.) fragments it or b.) drops it or c.) truncates it.
11:20 < daswork> Okay.
11:20 < ephemeral> telnet to 25 wouldn't detect it, as each character is its own packet, and you need a 1500 byte packet to break it.
11:21 < daswork> And I'd presume that cheapo DSL modems have the tendency to block ICMP needed for path mtu discovery?
11:21 < ephemeral> << would like a job working in networking again.  Server monkey was fun for a while, but...
11:21 < ephemeral> yes, or the ISPs do for `security'
11:21 < ephemeral> arf.
11:21 < daswork> Why do ISPs do that?
11:21 < daswork> Don't they have intelligent tech monkeys behind the scenes?
11:22 < ephemeral> no, the pmtu discovery message should actually happen at the dsl aggregator that terminates the pppoe tunnel.
11:23 < ephemeral> But other sites may or may not listen to it.
11:23 < daswork> Weirdly, this network I was testing on is almost 100% Qwest hardware.
11:23 < ephemeral> Re: intelligent monkeys.  oo-ee-aa-aa (monkey sounds) :D
11:24 < daswork> With just a Leenucks server on one end and a Windoze server on the other.
11:24 < daswork> Although I wouldn't be too surprised to find a dumb firewall on one of the networks on either end.
11:26 < fall0ut> pmtud is generally broken
11:26 < daswork> What is the solution
11:26 < ephemeral> OMG, I found a good explanation from microsoft.  eek!
11:26 < fall0ut> strip-df bits on both sides
11:26 < ephemeral> http://msdn.microsoft.com/en-us/library/ms817967.aspx
11:26 < fall0ut> :)
11:27 < ephemeral> daswork:  stripping the DF bit will allow your ISPs aggregator to fragment the packets that won't fit through the smaller mtu.
11:28 < ephemeral> were you having trouble sending or recieving?
11:33 < daswork> ephemeral: The exchange server was having trouble receiving from some sites (comcast, for example) but not others (gmail).  I presume different mtus for their networks.
11:34 < daswork> So why doesn't the sender fragment the packet if it doesn't get received?
11:41 < ephemeral> daswork: It doesn't know to.
11:41 < ware> RAAWWR
11:41 < ware> it awakes
11:42 < ephemeral> To it, it just looks like the packet was dropped.  It retransmits, the mtu stays the same, and the packet is dropped.  Eventually it gives up.
11:43 < eryc> daswork: who is your ISP?
11:47 < daswork> eryc: Qwest.
11:47 < daswork> ephemeral: Ah, okay, so even if there is no DF bit, it doesn't know that the packet is being rejected.
11:50 < daswork> I should find a good book on network technology.  Any suggestions?
11:53 < ephemeral> if the df bit isn't set, the packet is fragmented, and it works.
11:58 < daswork> ephemeral: Let me see if I understand:  If a DF bit isn't set, and the packet is dropped (no response), the sender fragments it and tries again?
12:02 < ephemeral> DF = "don't fragment".
12:02 < ephemeral> 1minute.. phone.
12:03 < eryc> http://www.noob.us/humor/south-park-how-to-fix-the-internet/
12:15 <@Shadow404> something makes me laugh inside when i see an installer status bar say "Installing uninstaller"
12:17 < eryc> hahahahha
12:17 < eryc> just kidding thats not funny
12:18 < coil> ur not funny
12:21 <@Shadow404> coil.diaf.snsweather.com
12:22 < ephemeral> daswork:  Back.  Did you get it?
12:22 < coil> 404
12:23 < ephemeral> DF = "Don't fragment ( and drop the packet instead of fragmenting it.)"
12:24 < coil> SF = "Shut Fuck ( please shut the fuck up Shadow404.)"
12:24 < daswork> But what's the behavior with NO DF bit, and router #1 sends it to router #2 that silently drops it?
12:24 -!- daswork is now known as dasunt
12:24 -!- mode/#se2600 [+o dasunt] by ChanServ
12:25 -!- coil was kicked from #se2600 by dasunt [packet needed fragging.]
12:25 -!- coil [i=imgay@unaffiliated/coil] has joined #se2600
12:25 <@dasunt> Does router #1 fragment it and resend it?
12:25 <@dasunt> Or does the connection stall?
12:25 < ephemeral> daswork:  With df unset, the router should break the packet into two fragments and send it on through.
12:25 < coil> dasunt: hey bitch i wasn't talking to you
12:28 < ephemeral> the issue is that most modern OS have Path MTU discovery enabled.  They send packets at the maximum mtu with the DF bit set.
12:28 <@dasunt> ephemeral: I presume there is some sort of lag then, in which router #1 sends the packet, router #2 silently drops the packet, and router #1 has a timeout before it fragments the package and resends it?
12:28 <@dasunt> coil: I miss kicking you.
12:30 < coil> unfair i can't retaliate
12:30 < ephemeral> If that packet hits a router that can't handle it, it will drop the packet and send back a packet-too-big icmp message.  The problems are that ICMP message generation may be turned off, the icmp message may be lost or blocked, or a not-so-smart firewall may block the fragmented packets.
12:31 <@dasunt> ephemeral: Ah okay, so if ICMP is filtered, the upstream router won't know to fragment the package and retry.
12:31 < ephemeral> s/router/host/
12:31 < ephemeral> yes, you've got it.
12:31 <@dasunt> So why do most modern OSes set the DF bit?
12:32 < ephemeral> Path MTU discovery.
12:32 <@dasunt> Why not do path mtu, figure out the maximum size, then send packets with the DF bit unset?
12:33 < ephemeral> pmtu discovery in a nutshell = Send big packets with df, listen for the "couldn't fragment" icmp message, try a smaller mtu if I get one.
12:34 < ephemeral> The MTU could be different for any two hosts on the internet, depending on the path to get there.  It can even change during the course of a session.
12:35 <@dasunt> ephemeral: So is pmtu discovery always ongoing then?  Or does the host assume one MTU per destination and sticks with that?
12:35 < ephemeral> it is always going on.
12:36 <@dasunt> But ptmu breaks if ICMP is filtered, right?  Because the ICMP "couldn't fragment" message doesn't arrive, the host doesn't know what the problem is.
12:36 < ephemeral> bingo.
12:36 < ephemeral> the host says "oh, you didn't get my packet" and resends it.
12:37 < ephemeral> more accuratesly, "you didn't _acknowledge_ my packet, I'll resend it"  (depending on the protocol.)
12:37 <@dasunt> *thinks*
12:38 <@dasunt> I'm going to try to jump ahead here:  To optimize network speed (since fragmenting a packet slows transmission down), a host sets all packets as DF and relies on MTU to be able to send the largest packet possible for the connection?
12:39 < ephemeral> s/mtu/mtu discovery/
12:39 <@dasunt> *nods*
12:39 < ephemeral> Yes, that is one of the optimizations it does.  Tcp windowing is another.
12:39 <@dasunt> What's TCP windowing?
12:40 <@dasunt> This?  http://en.wikipedia.org/wiki/TCP_window_scale_option
12:41 < ephemeral> When you first start a tcp session, it acknowledges every packet.  As the connection is "proven" to be reliable by the traffic getting through successfully, it will send larger numbers of packets before waiting for a "I got them all send more" acknowledgement."
12:41 <@dasunt> Ah, okay.
12:42 <@dasunt> I really do need to find a good book on this stuff.
12:42 < ephemeral> steering back around to 2600 stuff for a second, a researcher discovered that some operating systems go all pear shaped if you set the window size to 0. >:)
12:43 < ephemeral> A note.  PMTU discovery is a Layer 3 (ip) function, and works for TCP, UDP, and a number of other protocols.
12:44 < ephemeral> TCP windows are Layer 4 (TCP) functions, and only work for TCP.  Other protocols (i.e SIP) use other methods.
12:46 <@dasunt> Wait, what is a window size of zero?  Acknowledge every packet?
12:46 < ephemeral> Acknowledge every packet would be a window size of 1.  The vulnerability is that some OS regard a window size of 0 as "OMG Ponies!"
12:47 < ephemeral> It is a nonsense value, so they don't know what to do.
12:48 < ephemeral> The appropriate thing to do would be to ignore it and use a size of 1.  Instead, they just crash.
12:48 <@dasunt> Hmmm, so is each host responsible for setting the tcp window, or are tcp windows negotiated between two hosts when they make a connection?
12:49 < ephemeral> They are continuously negotiated.  In the header of your ACK, you have a field that tells me what your window size is.  My header has its own window size.
12:50 < ephemeral> http://www.osischool.com/protocol/tcp/slow-start
12:50 <@dasunt> So it's a remote DOS?
12:51 < ephemeral> Yes.
12:52 < ephemeral> http://www.osischool.com/protocol/tcp/sliding-window
12:52 < ephemeral> this osischool site isn't half bad.
12:52  * kive boggles. When did #se2600 start getting used to actual intelligent technical conversations? :)
12:52 < kive> s/to/for
12:53 <@dasunt> Interesting.  Looks like it the zero tcp window size exploit includes vista and server 2008.
12:53 < ephemeral> kive: We're discussing his exchange server's inability to recieve horse porn as attachments over 1.5k.
12:53 < ephemeral> kive: better? :D
12:53 < kive> Much! =)
12:54 < ephemeral> dasunt: and the response (at least initially) was "naah. we're not gonna fix w2k or xp."
12:54 < ephemeral> ttfn.
12:54 <@dasunt> XP isn't listed.
12:54 <@dasunt> Wait, it is.  Found it.
12:59 <@dasunt> Thanks for th ehelp.
13:07 < fall0ut> guh
13:07 < fall0ut> so nobody has a contact at sungard?
13:29 <@dasunt> http://blogs.citypages.com/blotter/2009/11/punks_cut_video.php
13:29 <@dasunt> ^- Ha ha.
13:29 <@dasunt> The youtube video got posted to my bicycling forum this morning.
13:30 <@dasunt> Then the comments got filled with email contact information for police departments and news organizations.
13:56 < ephemeral> back.  yvw.
13:57 -!- dc0de [n=dc0de@ip68-107-57-222.sd.sd.cox.net] has quit [Read error: 110 (Connection timed out)]
14:04 <@Shadow404> that video is retarted
14:34 <@dasunt> Shadow404: Yes it is.
14:35 <@dasunt> Although I'll give them props for the additional stupidity of putting their names on the video where they commit crimes.
14:58 < rattleXw> I have not seen this video, but I'm getting the vibe that these idiots were inspired by a combination of Jackass and Bumbfights.  If that's the case, blah blah natural selection blah blah cops blah blah prison assrape blah blah.
15:08 <@dasunt> rattleXw: Yep.
15:08 <@dasunt> rattleXw: They assaulted random people, including old folks and kids.
15:09 <@dasunt> Here's the video:  http://www.youtube.com/watch?v=h7RreMvOBXc
15:10 <@dasunt> The guy who originally posted the video gave his age on youtube as 28.  <_<  Pretty old for this sort of shit.
15:29 -!- Venom_X_ [n=pjacobs@66.54.185.131] has joined #se2600
15:29 -!- mode/#se2600 [+o Venom_X_] by ChanServ
15:36 -!- Venom_X [n=pjacobs@cpe-67-9-131-167.austin.res.rr.com] has quit [Read error: 110 (Connection timed out)]
15:36 -!- Venom_X_ is now known as Venom_X
16:07 -!- remoford [n=remoford@c-76-22-152-27.hsd1.tn.comcast.net] has quit [Read error: 60 (Operation timed out)]
16:26 -!- fie2 [n=fie@ip70-178-143-190.ks.ks.cox.net] has quit ["Leaving"]
16:50 -!- Venom_X is now known as Venom_bbl
17:06 -!- fie [n=fie@ip70-178-143-190.ks.ks.cox.net] has joined #se2600
17:14 -!- fie2 [n=fie@ip70-178-143-190.ks.ks.cox.net] has joined #se2600
17:20 -!- fie3 [n=fie@ip70-178-143-190.ks.ks.cox.net] has joined #se2600
17:28 -!- fie2 [n=fie@ip70-178-143-190.ks.ks.cox.net] has quit [Read error: 145 (Connection timed out)]
17:34 -!- fie [n=fie@ip70-178-143-190.ks.ks.cox.net] has quit [Read error: 110 (Connection timed out)]
17:56 -!- fie3 [n=fie@ip70-178-143-190.ks.ks.cox.net] has quit ["Leaving"]
18:12 -!- fie [n=fie@ip70-178-143-190.ks.ks.cox.net] has joined #se2600
19:03 <@m0j0-j0j0> fie: are you in ATL?
19:12 <@m0j0-j0j0> whatever, this is why I hate you all/.
19:12 -!- m0j0-j0j0 [n=m0j0-j0j@vnet503-hosoc.mcclatchyinteractive.com] has quit ["goodnight"]
19:38 -!- Venom_bbl is now known as Venom_X
20:04 < fall0ut> h0tlanta
20:51 -!- emwav [n=me@cpe-069-134-238-189.nc.res.rr.com] has joined #se2600
20:54 -!- emwav [n=me@cpe-069-134-238-189.nc.res.rr.com] has quit [Client Quit]
21:54 -!- Netsplit orwell.freenode.net <-> irc.freenode.net quits: ware
22:16 -!- Netsplit over, joins: ware
22:35 -!- oddball_ [n=oddball@c-76-22-243-130.hsd1.tn.comcast.net] has joined #se2600
22:35 -!- oddball [n=oddball@c-76-22-243-130.hsd1.tn.comcast.net] has quit [Read error: 60 (Operation timed out)]
22:39 -!- Venom_X [n=pjacobs@66.54.185.131] has quit []
--- Log closed Wed Nov 18 00:00:32 2009