[00:40] <InHisName> mr bacon is missing:   http://imgur.com/gallery/s7m9R
[00:43] <TheEvilPhoenix> heh
[01:09] <anduril> InHisName was just me trying to win karma on reddit :-p
[06:21] <beta0x64> woot
[06:21] <beta0x64> hello
[06:36] <beta0x64> ls
[06:36] <beta0x64> woops :(
[09:28] <JonathanD> Morning
[09:56] <rmg51> morning JonathanD
[09:59] <JonathanD> hey rmg51
[10:20] <rmg51> o/
[11:17] <InHisName> good morning now that we are all back together a 2nd time
[11:17] <JonathanD> indeed.
[11:17] <JonathanD> InHisName: why did you break freenode.
[11:21] <InHisName> I just was trying out a new hacker tool, I din't realize it was gonna DOooo something.........
[11:33] <SamuraiAlba> Good bacon to all!
[13:33] <InHisName> mr bacon came and went already and I couln't send him the bucket o' bacon
[13:48] <ChinnoDog> om nom bucket 'o bacon
[17:38] <InHisName> I'm dabbling around with iptables and NAT trying to connect outside to 192.168.101.163:80   anyone have suggestions.   All that I tried haven't made a diff yet.
[17:40] <InHisName> I'm seeing a default web page from my astlinux box I want the other to respond not this one.   The astlinux box is where the iptables are used.
[17:41] <ChinnoDog> Where is "outside"?
[17:43] <InHisName> wild wild internet
[17:47] <ChinnoDog> You can't route to a private IP range across the internet because the internet routers will block it
[17:52] <rhpot1991> you would need to route it at the router
[17:52] <rhpot1991> if you have access to it
[17:52] <rhpot1991> think firewall
[17:58] <Resistance> ^
[18:28] <InHisName> after experimenting with several iptable items,  I needed one FORWARD and one PREROUTING item to get page to play from hidemyass proxy.   Now I have a simple page up at that web site playing off one of my machines instead of a host web site.
[18:35] <jthan> jedijf: meeting tomorrow night? I have a potential "new contributor" to the team that would like to see what we're all about here on irc :-p
[18:35] <jthan> He saw we have meetings, but didn't know if they were a real thing
[19:47] <InHisName> I have lotta usb logging into /var/log/messages   --  how do I find where logs coming from so I can decide if I want to turn it off ?
[19:51] <InHisName> seems this is set to 'yes' -- zcat /proc/config.gz | grep USB_STORAGE_DEBUG
[19:53] <InHisName> zcat /proc/config.gz | grep USB_DEBUG
[19:53] <InHisName> that one not set
[20:28] <InHisName> http://pastebin.com/HJphhm89
[20:29] <InHisName> I found errors in /var/log/messages   back in early morning hours.
[20:29] <InHisName> Errors on ports that  'shields-UP!' reports as stealthed.
[20:30] <InHisName> Can someone interpret these lines into something meaning ful ?
[20:31] <InHisName> the logging above in in dmesg   some sort of 'ring logging'   Things fall off pretty quick due to all the USB logging.
[20:32] <InHisName> s/in in/is in/
[20:32] <ssweeny> InHisName, someone is trying a dictionary attack on your server
[20:34] <InHisName> those ports 35739 and so on are all tested as 'stealthed' by shields up!   How is someone hooking into a stealthed port ?
[20:35] <InHisName> Or is that HIS IP and port numbers ?
[20:35] <ssweeny> InHisName, that's the remote port
[20:36] <InHisName> Oh now makes more sense.   Is there clue which of my ports they are trying to punch on ?
[20:36] <ssweeny> InHisName, my guess would be 22
[20:36] <jthan> InHisName: just use shorewall and lock up your ports.. use pubkey auth for your ssh
[20:36] <ssweeny> InHisName, that's the standard ssh port
[20:37] <InHisName> Yes, I noticed I had left it 'open' a few days ago and forgot about it.  It is closed now.
[20:38] <jedijf> switch port
[20:38] <jthan> You could always use 443
[20:38] <jthan> 52500
[20:39] <InHisName> I am playing with web server on internal machine and connecting to port 80.    What can these .ru folks try to do in that port.
[20:39] <InHisName> You all saying to use 443 or 52500 in place of 80 ?
[20:39] <jedijf> leave it open; the F opyum team needs something to do
[20:39] <ssweeny> if you change the port they'll have a harder time finding it
[20:41] <InHisName> It might be tough on anyone who wanted to browse to that website if they did not know to postfix :52500 on end.
[20:41] <ssweeny> right
[20:41] <ssweeny> but if you're just playing with your own you can put it wherever you want
[20:42] <MutantTurkey> why does he need all of this?
[20:42] <MutantTurkey> j/w?
[20:42] <jedijf> InHisName: mainly 22
[20:42] <InHisName> But for next few weeks where no one will be browsing yet, sounds like at least good enough temporailly.
[20:42] <jedijf> let them hammer your 80
[20:42] <MutantTurkey> InHisName: intruders?
[20:42] <MutantTurkey> just set a good password for ssh, lockout after 3 attempts.
[20:42] <MutantTurkey> thats all.
[20:43] <InHisName> aparently so.  I left 22 open for a few days.   No one was getting in only 2 users and really goofy passwords.
[20:43] <jedijf> InHisName: and no root login
[20:43] <jedijf> sshd.config
[20:43] <jthan> yeah
[20:43] <MutantTurkey> vim that baby!
[20:43] <Resistance> sshd_config :/
[20:43] <MutantTurkey> vim is 20 years old?
[20:43] <MutantTurkey> jeez
[20:43] <jthan> search for permitrootlogin
[20:44] <InHisName> that machine does have a root.  Not ubuntu
[20:44] <jedijf> for ssh you don't wnat to allow root login
[20:45] <jedijf> root@inhisname.com would be a disaster
[20:46] <InHisName> its all closed up now.   Now I've opened up port 80, should I change it to big port #?
[20:46] <jedijf> InHisName: just change it(ssh)
[20:46] <InHisName> ssh is closed 2 hours ago
[20:47] <Resistance> InHisName:  fwiw, i moved my SSH traffic to 63329
[20:47]  * Resistance chose a random port :P
[20:47] <Resistance> i also use 2222 on occasion
[20:47] <Resistance> depending on the setup
[20:47] <InHisName> right now I don't need any ssh traffic from outside
[20:48] <MutantTurkey> Resistance: not very secure now that we all know your port and IP address...
[20:48] <Resistance> MutantTurkey:  i didnt say its to this system ;P
[20:48] <MutantTurkey> sure sure
[20:48] <InHisName> but NO bot logging here so not too awful
[20:48] <Resistance> MutantTurkey:  you cant even be sure that's the correct port ;P
[20:48] <jedijf> who cares, it's give you log monitor practice
[20:49] <jedijf> then netstat and see the ircbots they install as crons
[20:49] <jedijf> and john internally scanning itself
[20:49] <jedijf> the compromised box
[20:50] <jedijf> honeyd homework
[21:30] <InHisName> Ok, now got big numbered port open and 80 closed.
[21:31] <jedijf> InHisName: 80's not the problem, 22 was
[21:33] <InHisName> I said a couple times that 22 got closed up and was asking about 80 and what to expect from that being open.   I close it about 4 hours ago now.
[23:04] <InHisName> how come when I do 'last', I only get one line output.   The file grows larger after each login/logout.   Still only the first line is shown with last command.
[23:05] <InHisName> I am running an older linux 2.6.16.12 with busybox doing the last command.
[23:12] <JonathanD> waltman: new UPS works, holodeck is secure.
[23:17] <jedijf> InHisName: try last -n5
[23:18] <jedijf> for 5 lines(if they exist) man last for more info...-Fad may interest you
[23:20] <waltman> JonathanD: excellent
[23:21] <waltman> JonathanD: pleia2 seems to think she's in "Florida" this week, so I guess it's working
[23:21] <JonathanD> I needed extra power for florida.
[23:25] <waltman> understandable, what with all that heat down there
[23:25] <JonathanD> Indeed.
[23:26] <waltman> and emulating Disney must be tough
[23:27] <JonathanD> waltman: emulating disney isn't the hard part.
[23:27] <waltman> oh?
[23:27] <JonathanD> Getting re-broadcast rights to do so is.
[23:27] <waltman> it's not technically being broadcast, is it?
[23:27] <JonathanD> it is, to lots of virtual people.
[23:28] <JonathanD> Besides, the media companies think you should pay for broadcast licenses if animals can hear your music.
[23:28] <waltman> oh, you mean that *you're* Disney?
[23:28] <waltman> When my cousins went down there last month, that was YOU?
[23:28] <JonathanD> There is no disney. ONly my basement.
[23:28] <waltman> impressive!
[23:28] <JonathanD> it's all a myth.
[23:28] <waltman> That explains a LOT
[23:29] <JonathanD> This is why it's always so crowded there.
[23:29] <waltman> it explains the mouse motif
[23:29] <JonathanD> I don't like mice.
[23:29] <waltman> exactly!
[23:29] <JonathanD> I haven't seen one (outside a pet store) in quite a while.
[23:30] <JonathanD> Last time I saw one was I think at my parents house, when in high school...
[23:30] <JonathanD> I shot it :/
[23:30] <waltman> yow
[23:30] <waltman> !
[23:30] <JonathanD> oh wait
[23:30] <JonathanD> last time was the mouse + snake?
[23:30] <waltman> outside doesn't count
[23:30] <waltman> that's NATURE
[23:31] <JonathanD> https://secure.flickr.com/photos/47445571@N07/5041763415/in/photostream
[23:31] <waltman> cute mouse + big scary snake
[23:31] <JonathanD> https://secure.flickr.com/photos/47445571@N07/5041763249/in/photostream RAWR I AM DEATH SNAKE!
[23:32] <waltman> at some point I figured out what kind of snake that was, but now I forget
[23:33] <JonathanD> I recall
[23:33] <JonathanD> waltman: apparently one that likes mice, though.
[23:37] <waltman> many snakes like mice, no?
[23:39] <waltman> I think I'd decided it was an Eastern Rat Snake
[23:39] <JonathanD> it must have been confused
[23:39] <JonathanD> as that isn't a rat.
[23:40] <waltman> bah, no.
[23:40] <waltman> eastern milk snake
[23:40] <JonathanD> that isn't a milk eihter.
[23:42] <waltman> wikipedia says they got the name because they're often found near barns
[23:42] <waltman> of course, it's not a barn, either
[23:46] <pleia2> it's actually not been very hot, so I don't think it's working very well
[23:46] <JonathanD> hmmmm
[23:47] <JonathanD> pleia2: isn't it supposed to be 20F above the norm wherever you travel?
[23:47] <waltman> pleia2: the sizing algorithm for the parrots seems a little off, too
[23:47] <pleia2> haha
[23:48]  * pleia2 lurks in conference hallways
[23:49] <pleia2> there is a lot of yuengling here, it's weird
[23:49] <pleia2> clearly I'm in PA
[23:50] <JonathanD> pleia2: beer is hard to simulate.
[23:50] <pleia2> yeah
[23:50] <JonathanD> Much easier to just use local stuff.
[23:52] <waltman> JonathanD: Perhaps this explains why they switched to synthehol in the next gen series
[23:57] <waltman> I'm beat today. I probably should've skipped Central.
[23:59] <pleia2> I should have skipped that beer