#networking

What. vSphere is a web portal now. and kvm and libvirt might work for you, but even beyond personal preference, I need to be familiar with VMware products for my job. Most of the customers we interact with run it, and its what we run our kits on.

@thorny vector last version I used was 5.5 I believe

I briefly used 6.0

I don't have the time to dev out my own KVM solution that covers everything I can do NOW with vmware. And aaaah, that'd be it

@thorny vector hence Proxmox

it provides that front-end that kvm misses

https://upload.wikimedia.org/wikipedia/commons/f/f6/Proxmox-VE-4-4-screenshot-startpage.png

If i open a port, will people be able to access other things on the network, or only the server?

@thick minnow you're not opening a port. You are forwarding a port to a specific host on the local network

so you can only access the server, so the other devices will be safe?

yes and no

if someone gets access to the server (ex: ssh access though poor security they can access the rest of your network)

@thorny vector I've deployed vmware on systems for customers of mine, just for the sake of it being easy and quickly done

vCenter got a lot more powerful, and a lot more accessible in 6+. Add in the PowerCLI powershell module that works with ESXi/vCenter, and it gets crazy useful. It's so nice to do batch operations with powershell. I know proxmox has ansible integration, but being able to use powershell from my linux and windows hosts is very nice

PowerCLI made me want to shoot my own brains out

lol, why?

@thorny vector only machine i had available was a win7 machine

and before I got powerCLI running to use this 'esxi-customerizer'

4 hours went by

PowerCLI needs bunch of packages from PS

OK. All I'm going to d o is open one port and I'm using a domain name instead of an IP address

and PS on windows 7 SP2 does not have a package manager xD

Oh god. I hate using any powershell version before 5.

so I had to dig around microsoft pages finding the right libraries

@thorny vector yeah I had to patch it into my install

xD

and then ofcourse, the esxi customizer fails to create an image

so I have to retry

and it doesnt cache downloads

and I was on a 5M line

xD

like I said

well all a domain name does is resolve to an ip. Anyone can dig a domain name and find the ip

I wanted to shoot my brains out

dig monkeys.mom.com

I have a powershell updater metasploit module I wrote somewhere, so whenever I pivot to a win7/server2012, I can still use all the good stuff 5+ gives you.

When I have to do any pentesting

Same with a python dropper

@thorny vector that sounds like so much effort

I'd rather watch the world burn, than teach myself powershell scripting

CI Pipelines I've built that need to run on windows

are just .bat scripts that invoke bash -c

When it comes to windows pentesting/exploiting, its 100% necessary. Once you get powershell running, you've owned the system, regardless of how you got on the box

sounds like a reason to delete powershell

You're not wrong.

whole .NET framework

🥰

its not even powershell, its .NET

lol

I only use .NET because visual studio has a drag&drop GUI editor

I generate a rest client from my backend software in java

and then write frontends in C#

I cant do GUIs in java..

Its almost a permanent bullet point on all our customer reports "Lockdown/Disable powershell for all non-admin users. Disable remote winrm access."

I mean, yeah but a skilled attacker can still bypass all of that. You can totally run powershell without powershell, even if it doesnt make sense

And even if you implement mechanisms such as constrained language mode, it can all be toyed with one way or another

our school disabled cmd prompt, but powershell (non-admin) was still available

I do pentesting for a living, so yeah. Although I do web applications most of the time active directory is the main point of my research 😄

One of my favorite ways to get in somewhere is to find some way I can inject system commands remotely, and run a "powershell -encodedcommand"

my old highschool had one of those XP networks powered by Novell

That was so easy to hijack

like messing with networked printer spooler

to remotely shutting down other machines

in the network

@desert briar We had one customer where an employee was exfilling data from controlled hosts using dummy AD objects. That was so cool

networked printer spooler
You can still do that today, lol. Use it to cache anyones TGT into memory and then dump it

@desert briar I used it to troll my classmates

I mean, theoretically. For me the attack works like 3/10 times, lol

My towns MS/HS's network was probably fill of vulnerabilities. The publicly known art account was admin. I don't go there anymore, now at a county school which is much more secure

@desert briar when you sent a print task, it would create a job code which you entered on the payment terminal with your smartcard (student ID)

but you can just delete the job

and watch as your classmates enter the job code and it says: no job found

yeah well, need to be responsible 😄

@desert briar I also managed to overfill my 20MB disk quota

only 20mb?

yeah

@twin zealot this was pre 2010

still

well imagine having 3000 students

only 60tb

yeah on 15K SAS drives with 500GB each

IF NOBODY OVERFILLS IT @tame carbon

xD

@twin zealot I actually had one of those sandisk livedisks

@desert briar Pivoted out of a scif with a printer. That was a fun day.

that allowed you to manage and maintain a library of portable programs

you plugged it in, and it opened a toolbox

cus the school admins would delete .exe's from people home dirs

Printers are nice devices. Mainly if you can disguise your implant as one. No one will bat an eye 😄

i still have a portableapps.com

and other tools

lol, why disguise your implant? Just have your target compile it from source for you!

@twin zealot I do most of that with iPXE

all portable

@twin zealot I just plug in my laptop to the back of a server and provide a TFTP server

and then just netboot whatever image or tool I need

Because a printer which calls back every 30 seconds and uses VPN tunnels and what not is suspicious 😄

for systems that dont support iPXE I have a usb stick with grub & pxe

@desert briar Was referencing solarwinds, lol

Don't forget Me.Doc

Ah lol

Similair hack happened in 2017

And crippled Ukraine

yeah well, thats a different story 😂

as well as Mondalez and Maersk

https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine

MeDoc had about 400,000 customers across Ukraine, representing about 90% of the country's domestic firms

and prior to the attack was installed on an estimated 1 million computers in Ukraine

https://www.youtube.com/watch?v=6w3wr691uss&ab_channel=Disrupt

I watched this yesterday

pretty terrifying

During the attack the radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant went offline.

This kind of shit scares me

targetted attacks at PLC software

I worked at a company that developed IoT solutions for public infrastructure

and even those systems

some security aspects were poor at best

like a remote interface connected to public internet with a password login

responsible for a sewer drainage and pumping station

I'm not a pentester

but if a regular developer can easily code inject a site in an afternoon and two cups of coffee, you have a serious problem

I made their CI/Git dashboard pink

xD

by just hiding some javascript in a commit message of some project

i did work at a pharma and part of it was manuf

we did air gapped network

i supposed at that point you'd have to purposely try to bring a USB in, but im not sure what they did to protect that

before I left they were starting a thing where all USBs entering the building would need to be connected to an appliance to check them

@waxen scroll see

I'd attack that appliance

and make it into a worm spreader

brilliant attack vector

makes sure your payload is on every single usb

i mean, the appliance is not gonna execute files on USBs you attach to it so 💁

@waxen scroll yeah but imagine you hijacked the appliance :D

nobody thought SolarWinds would be hacked

MeDoc also provided updates to things like ATMs

i should ask what current job is doing about SW

https://www.bbc.com/news/world-asia-38741339

i hope at the very least at renewal they say 50% off or we walk

This hack was brillaint ^

They basically had bunch of money mules

who went to the ATMs at specific times

at which the ATMs were programmed to dispense all their money

@waxen scroll I forget exact details of how they did it

but they used a spearfish attack on employee systems

and managed to break into the domain controller with a network exploit

through that they reached the update servers, and patched all the ATMs

this is also why you shouldnt post where you work on social media

ye

👀

i have "confidential" on mine lol

@waxen scroll I know stories from companies in my area that were targetted by a spearfish

managed to steal 10 grand

They sent a request for payment pretending to be a legit customer

they registered a domain under the name of company.eu

instead of company.nl

so the sender of the invoice seemed legit

and at the time of the email, the boss was on a flight

so they couldn't verify, and just paid

I pulled the domain through WHOIS and it returned a registrar that had 'bitcoin' in the name

at that point I concluded that the money was basically gone

@waxen scroll but the fact that they knew about a specific order that had to be paid, and how they pulled off this targetted attack

made me wonder, how did they know this company was a customer, and how it happened while the boss was inavailable

must have had some kind of insider knowledge

through an infected system or similair

the invoice was legit too. only thing that was modified was the bank address

Sounds like a sure sign of insider access.

@waxen saddle at one of the two parties yes

@waxen scroll do you prefer individual email or having email threads/conversation when viewing email? I tried both but I noticed with conversation mode, search couldn't locate one contact I had sent email to individually. The reason being because I emailed two different contacts in that same thread but not the original person

It gets so confusing

I hate conversation view if search can't find them

i use individual. no real reason, thats how ive always done it and it works. im assuming you mean a view feature and not meaning whether or not theres history in a reply

Yeah. It's a view feature

I might just switch back to the old way for work day today and see

@hollow marlin

I think I figured out why KVM guests are kernel panicing

Well I figured out when it happens. After a normal start from a fully off state, it works just fine. However when I sleep the computer instead, at next start it will not work

I've had some issues before with sleep not actually turning off the computer as fans and lights kept on running

I guess linux doesn't take long to load so I'll be shutting my computer down now

@peak cloaksleep mode is kinda against whole compute philosophy

n-no

its just a thing mobile devices want

but for servers its a scenario you never encounter

but that same kernel is also used in non-servers

yeah

you dont wanna start forking

so it works 'ish'

with kernel panics

I always used it in windows because even with a m.2 it took a bit to load

@waxen scroll except windows

where

shutdown = hibernate

by default

triggered

wait, really?

@peak cloak what do you think 'fast boot' means

then what's hibernate?

it means, it never shuts fully down

@peak cloak ram is never cleared

fast boot is hibernate + write to disk

We used to have standby and hibernate

these days its just standby and 'fast boot'

confusing

yes

I thought hibernate was write ram to disk

Sleep was just low power mode kinda

oh ye it is

sleep was keep memory alive

my mistake

@peak cloak fast boot is just hibernate

but on shutdown

so it doesnt have to load system services again

those are already up

and because all the desktop services are started after winlogon

generally it'll work

so logout, write memory to disk, shutdown

explains why windows was still sometimes "weird" after a shutdown

have you never noticed uptimes

in days?

and big hiber.sys or whatever it was called

no never looked at it

yes

hibifile.sys

thats same size as your entire memory space

Guys i have a little problem

How do i protect myself from a ddos Attack

its an armsrace

whoever has the faster connection wins

So if he has 2 vps

And i have

1

I basically lost

most anti ddos in datacenters is on the edge of the network

they prevent traffic from entering the network in the first place

those edge routers have VERY fast internet connections

The problem is that someone has ddos attacked us in the past

And it went throught

the ddos protections

it can be hard to identify real traffic from ddos traffic

you basically need a bigger player doing ddos protection for you

The problem is that i know who is going to make the attack but he uses a vpn

That would be the host?

they have more badnwidth and systems to prevent it

fighting ddosers is hard

well then block their ip

best you can do is contact the network operator of the IP addresses its coming from

I've called exchanges before to report DDoSers

he use a vpn and he bouces off of more servers

gave them contact details and such

So he has lots of ip

@oak night ye simply put

there's nothing you can do

He has some from every part of the world

unless you can figure out his home address

and contact the police

report it

that's how I've warded off DDoSers before

I try to dox them

and then threaten them

The best way would be to turn off the computer

threaten that you call the police on them, if they are 15 year old skids

usually works

@oak night isnt that the whole point?

He is as old as me

yeah the point of a ddos is for normal user not to be able to access your service

That could work

Yes it is

But i

have webservers and minecraft servers on that vps

hey guys

https://www.amazon.in/TP-Link-TL-WN725N-150Mbps-Wireless-Adapter/dp/B0088TKTY2/ref=sr_1_1?dchild=1&keywords=wifi%2Btplink&qid=1610039060&sr=8-1&th=1

will this work with my Raspberry Pi 2

what chipset does it use

that's the best way to check if something works on linux

also if you are using a pi as a server, just use ethernet

@lapis kestrel yeah

@lapis kestrel though the pi has onboard wifi

i want to connect the pi to my tv and watch movies

does it? then why doesnt it ever work?

yeah doesn't the pi have wifi?

@lapis kestrel do you know the command raspi-config ?

you can set the wifi up that way

https://www.raspberrypi.org/documentation/configuration/images/raspi-config.png

mine doesnt have wifi

or any wireless at all

oh it's a pi 2

ill need to install an os first 😛

you don't install an os on a pi

yep pi 2 model B

fyi

i mean the sd card thing

yeah

what are you supposed call it then?

idk, but usually installing means like putting on internal storage

idk

doesnt the sd card act as internal storage?

what are you planning on using the pi as?
like a smart tv type thing?

yeah, but it's kinda the equivalent of booting off a usb

i have to eliminate all accounts

doesn't matter

yeah. planning on installing kodi and use it to watch amazon prime and disney +

Except mine

wdym?

CUZ THE other have passwords

he can bruteforce

And delete the log

So that i can't trace him back

wait, is the vps not a clean vps?

what do you mean

?

why does someone else have access

I use with a friend

your friend has sudo access?

yes

i'll delete his user

it is the only way

disable password login

you have ssh keys now

For me

I could do that

How?

I think it's system wide

or not

@oak night https://serverfault.com/questions/285800/how-to-disable-ssh-login-with-password-for-some-users

THANKS

inbefore you lock yourself out 😆

It is not system wide

i have ssh keys

we already tested that keys work

backup your keys

yeah

yeah well, was just cracking a joke

you intend on my pc?

by the way, if you want to keep your passwords. Badly. You can use 2fa with SSH

but +1 for ssh keys

no like have them somewhere else other than your pc

backed up

in case your drive fails or something

worst case scenario, its a pi. If you have physical access its fairly easy to reset the root password

You just rewrite the boot options I believe so that it boots into a root shell

Then you fix your keys & passwords

i'm back

i dont have

my server stuff lives on a wire rack without security. same goes with the equipment at the lab of the professor i volunteered for

I tried to ask him to add locks to purchase orders but he says it isnt necessary

@waxen scroll lool we need to buy a whole new rack door!

How can i access winsp with ssh keys?

he took them off and maintenance threw it away!

hahahaha

i'd like to get root access to his stuff

the doors are taller than us and pretty heavy

https://winscp.net/eng/docs/guide_public_key

he wanted to show off how sexy the equipment looked to students

lool

thats why the doors are off

glass doors ...

thats in the plan for the room expansion

but he's being met with resistance to tear down the walls

of a room that hasn't been used since 2017

no tear down. need cooling

used to be where the old comp hardware class took place

well he wants to get rid of these cages though too

but yeah i guess he could just redo it in his current room

the hope was one side of the classroom is net/cisco and the other side is ethical hacking/cyber

right now its all of those in one room

Hope he manages to gets something to work out.

He might also want to add a fiber run from the classroom to the datacenter too.

o i always have to bring like a sweater or something when im in there

freezing and loud

a bad combo

like a normal server room

yeah im not a fan

servers need cooling 😦

especially when they are all getting faster every year

quite incredible

I managed to talk with who would have done the DDos Attack He said that he is not going to ddos

But i don't think that he isn't actually going to try

In the future

Can i set that only one ip is able to connect to 1 user?

I dont think you fully comprehend what a ddos is

its an unstoppable shitflood of data

so much that your router starts boiling

there isnt much you can do, unless your gear can withstand

for ssh? yeah I think so

or if you can filter it from the root

but I wouldn't because your ip is dynamic

Ok but for preventing bruteforce i can

and you are under cgnat

what you want to secure your ssh interface?

yup

just use an ssh key and disable password login

no amount of brute force can break that

How?

I have ssh key login

ssh-copy-id username@host

that installs your public key into that account

he already did that

it works

are you logged in with key auth?

Yes

ok its in /etc/ssh/sshd_config

there's a field

called "PasswordAUthentication"

set that to 'no'

Ok

And passphrase

that passphrase is for the key itself

?

the passphrase is what encrypts the keyfile itself

so you enter the passphrase so ssh can read your private key

which it uses to identify against the public key

https://en.wikipedia.org/wiki/Public-key_cryptography

not only can it encrypt and decrypt, it can also be used to verify an identity

that message arrived late

because only the private key can decrypt information that was encrypted with the public key

so you prove your identity by proving you own the private key

@oak night dont forget to reload the sshd

ok

thats enabled by default

Should i get rid of #

you dont have to

its just commented out because thats the default

you have to uncomment the password one

and set it to no

Who pinged me I missed the message

I have to reload

time play CIV

and dominate the world as China

going to build a wall

OP OP https://i.imgur.com/x2jPU8R.png

where?

anything that is commented by default is a default setting

ok

i have to eat

if you want to change it you need to uncomment it

cya after

@oak night you shouldnt call these init scripts directly

you should use systemd

Ok

yeah

systemd does this for you

those are the actual scripts it calls

sudo systemctl reload ssh I think

ye

what is this start lmao

https://i.imgur.com/YclNPrI.jpeg

reroll, meh

I need coast

reminds me of the factory I made in minecraft

WangDong

Like your home network?

Depends on the type of attack

actually yes. does the answer include "expensive equipment"?

or can i use a beefy pc to do it too

@nocturne harness well yes

but floods are floods, layer 7 attacks behave slightly differently :)

Well, depends on the type of attack though 😉

like

maybe 100,000 connections

flooding

America would be proud https://i.imgur.com/mh1fKYx.jpeg

DoS attacks don't necessarily have to be floods, there's a variety of different kind of ways you can DoS something

Does anyone know if the UDM Pro 1.8.5 firmware is stable?

So, some basic types of DoS attacks can simply be defeated with good firewall policy

my study in networking rarely touched on firewall concepts

o okay

for example, if someone is just flooding you with syn's, if you have a firewall policy to only allow connection to be open from inside, it would prevent that from using up your ports (and using up all ports is a type of DoS)

nice to know a good fw policy with basic hardware is enough for most case

o i see

But if they just send you a ton of giant UDP packets that's more than your network can even transfer, then this doesn't help 😛

On the vps

My uni teacher explained CSMA/CD by having a conversation and then constantly talking over us

@tame carbon omg thats perfect

until I asked him if he knows what a DDoS

REEEEEEEEEE

Unless everyone was REEing sounds like only a DoS 😛

yes basically

im gonna tell my prof to use this one

I think he's teaching network I and II so this concept should come up this semester. perfect time for him to use it

lel

+9 culture district

https://i.imgur.com/1PhbnNu.jpeg

Its enough for 99% of cases. Many enterprise FWs will have many of the simpler attacks like SYN floods enabled by default. Similar to IPS but they're referred to as screens

DoS is much easier from the inside nowadays. Here it usually goes by the name of Steve

Neat

Hey so how can i figure out my ranged for Global Port Range and Base Host Port for my games?

Im wanting to change my Nat Type from Nat Type 2 to NAT Type Open

To be exact, League of Legends and Overwatch

League does not require port forwarding

Will it help?

It doesnt matter

mmk

so what about OW?

It does not rely on peer 2 peer connectivity

uhh

@torn juniper you can look this stuff up you know

i tried and got lost

haha

https://portforward.com/overwatch-nat-type-open/

ty

I'm trying to set up a router to daisy chain with the Verizon FiOS G1100 router, it's safe to do that right, if the Verizon router is plugged in via MoCA and the non-Verizon router is daisy chained so the WAN port is plugged into a LAN port on the Verizon router?

@shadow garden daisy chain? Never heard of that in networking

You want to add another WIFI "emitter"?

No.

Outright connect a second router

why

just trying to understand because there may be a better solution to your problem

Game is confused. https://i.imgur.com/ueO9t9N.png

This means I win.

to work around the fact that there's a cable box in play which uses MoCA for the channel guide and on demand and whatelse.

https://i.imgur.com/cNcl1kN.jpeg

ayy

I'll draw up a diagram of what I'm trying to perform

I mean about the 2 routers. Why 2 routers?

fastur

Exactly that.

To work around MoCA and Verizon's proprietary baloney

I have fios, can't you just use a moca splitter and then a moca adapter so you have coax going to the cable box and coax going to a moca adapter for ethernet which then goes to a router

lack of diagrams makes following this conversation hard

I only have fios internet though, which means I can just use the ethernet off the ONT directly

i'll make one rn

This basically.

wat

fiber comes in

plugs into.. coaxial?

wait

wtf verizon

fiber -> coax

why not ethernet

because exisitng coax in walls

I guess this was pre-gigabit ethernet.

that too

and I think tv only works on coax

My house was among the first in my neighborhood (if not THE first)

I have ONT output ethernet

not coax

because no TV

we just stream

for some reason mom decided to keep basic cable because somehow it worked out to be.....cheaper than internet only???????

ISPs dont know math

no

they know math

they just know where to kick you.

(in the testicles)

https://www.youtube.com/watch?v=Z3IPVWN-1ks

We just got the most basic internet plan 300/300

Switched from optimum

250/250 here

Same thing my dad did

but cant compare, this is a corporate FttH line

Optimum TV + Internet + Phone was somehow cheaper than Internet + Phone

when I finish my education this spring, probably going to make a lot more money

might just upgrade my internet for the hell of it

I can get up to 800mbit on this line rn

I was young and didn't know much about computers at the time

werent we all? xD

I don't think I even had a desktop computer

lol my first computer ran '95

and had a 35MB harddrive

Win 7 here

had a 1 TB hard drive I think

main game i played on that machine

was Age of Empires

the original one with the Rise of Rome expansion

gah. listening to psytrance makes me want to rave

I miss normal life :(

My first laptop was a piece of (REDACTED) emachines netbook with, get this, windows 7 starter

I'm so mad at myself because I threw that motherboard away because I thought it was broken, it's not that old that it wouldn't be a descent server. I think it was the cmos battery that was dead

https://open.spotify.com/track/7b11BFUVukiMNeNJjSmPPY?si=bsvd6qp4SGmdMbx8U-82BA

my first game was train simulator, lol

I was really into trains

@peak cloak I also played a lot of runescape as a kid

I still do sometimes

its been 15 years now, sunk about 4500 hours into that

its a lot of afk grinding while watching netflix or yt

I don't like grindy games

and complicated ones

Minecraft is enjoyable

well, CIV requires like full attention lol

I play that a lot recently

but the nice thing about civ is that its quite casual

there's no pressure, you can take all the time you need

cities skylines is also nice, I like the transportation aspect

and Transport Fever

lol when you are in golden age in civ and you have good economic income

it feels like you are just playing sim city

you just build up infrastructure to get ahead of the other players

if you are undisturbed and in a good strategic area

you can really steamroll

@peak cloak you can build these special one-of-a-kind buildings that take forever to build

but I was booming so hard in my capital

https://i.imgur.com/7J8aJlP.png

^ xD

anyone able to help me with syntax errors?

Built 8 wonders in 1 city

@idle berry whats up

using mariadb, trying to setup a MC server panel

ok

@idle berry do you specifically need mariadb?

mysql is generally easy to setup, because they have a little desktop workspace

I manage user accounts with the MySQL Workbench

i'm following the instructions that the panel provided

they had me install and use mariadb

so

1s, the people in the other server are replying

query looks right

not sure what went wrong there

@idle berry https://mariadb.com/kb/en/alter-user/#authentication-options

syntax changed with 10.4

either that, or the simple clause IDENTIFIED BY 'password'

yeah i got it in the panels discord, but ty anyway 😄

mariadb is weird

they changed a lot of things

if you are used to mysql, has quite a few pitfalls :(

So first world problem...
I finaly pulled the trigger, bought a new Docsis 31 modem, and upgraded the account to full gig speeds. But for what ever reason im not able to pull consistantly, nore am i able to get above 750. https://www.speedtest.net/my-result/d/2bb31818-b39a-4d8c-b304-9d1a02ca9484 I dont know if i should even be testing it using SpeedTest.net but im not sure who else i could use. Im hard wired in via a USB3.0 to ethernet adapter. ISP states everything is nomial after they added a splitter to lower the power in to the modem.

For one you should be trying to test wired but not with a USB adapter

@hollow marlin your right. I just tested with that and I'm getting 900 consistently now ... Such a simple thing.. I used the usb because the ethernet port on the laptop broke

Yeah many use garbage NICs with hubs, even decent 3.0/3.1 and TB3 adapters, which just cannot reliably handle a gig.

Does anyone know if I can SSH from outside a network into a device on a network with Google Nest Wifi routers? I haven't seen much talk about it on the internet

yeah as long port 22 is forwarded

to a computer running an ssh server

unless google pulled some tricks

technically port 22 specifically doesn't need to forwarded, any non conflicting port would work

just need to tell ssh what port then to connect to Ex: ssh user@192.168.1.1 -p 12345

The interesting part is the computer cannot see devices outside the mesh router network

Main router -> mesh router -> NAS

oh yeah of course, double nat

The interesting part is that a computer on one mesh router cannot ping another computer on the same network but on a different router

router?

you mean access point

because it can get confusing

probobly something the way google designed it?

idk

do ipconfig /all on windows to check ip and subnet

or ip addr on linux

Access point 🤦‍♂️

Sorry for the late reply, discussing the same thing on another server

You need to port forward, but the real question is: How do you have your ISP Gateway and WiFi Router/AP's configured? IP Passthrough, DMZ, etc the likes

I believe spectrum is blocking images and video (not text though) from instagram and facebook for my home internet. When using my wifi, images and video do not load on facebook or instagram, this happens on multiple devices (2 iphones, 2 PCs and a macbook). When using cellular data or someone elses wifi I was able to see the images and videos from FB and Insta. Using a VPN also loads the videos and pictures. Is there anything that would cause this other than some sort of throttling from spectrum?

— My overall internet speed has not changed

I apologize for this possibly basic internet question, but I think I need help setting up Psiphon. I've tried running it as admin, but for some reason, my Windows 10 computer's IPv4 route tables doesn't change at all...

i accidentally reset my router and have since set the names of the access points and passwords back to the same but when i connect to it it tells me that im connected with no internet

how do i fix that

connect to the internet

@trail hearth

i actually think i figured it out

the numbers dont add up

if i switch the connection is a bit more stable but sometimes i get big spikes up to 1200ms

i bought a new wifi adapter and it is still doing the same thing, my wifi is cranked up but its still doing weird things

also, the connection on all my devices are great and fast download speed but only my pc is having issues

wired

@tacit mantle does this happen if you are wired instead of wifi?

i dont have access to a wired connection right now

i used usb tethering with my phone as it is good but idk if its good enough to count as wired

Well can't diagnose otherwise

@tacit mantle either wifi is being crap, or the modem is messing up

but can't verify without eliminating one of the two

but it seems fine for everyone else

like my laptop is ok

crappy wifi chipsets

those exist

its nothing to do with my motherboard right

no idea

making wild guesses is not going to help locate the problem

@tacit mantle so it's not shit when you use your phone as the source

so maybe yea, sht chipset

shitset

but i changed the wifi adapter 2 times

Run a ping test to your router. This will tell is if it’s a WiFi/router/local problem or an Internet problem.

@tacit mantle traceroute

MTR can be useful for this

https://sourceforge.net/projects/winmtr/

If you do a trace to 1.1.1.1, should be immediately obvious where the fault is

ill give a run ty

@tacit mantle usually, you'll see lost packages after a certain host

so if hop 3 is faulty, hops 1 and 2 should have 0% loss

and hop 3, 4, 5 etc should have similar loss% to the faulty hop

i dont understand @tame carbon

so 192.168.0.1 is your router, no packet loss to the router

omg, very nice exe, thx very good replacement for cmd tracert, wich is very slow

Loss% means how much % of all packets to your router is lost

@tacit mantle ok wifi is not to blame

@tacit mantle keep it running for longer

wait 5 mins at least

10 packets isnt enough to conclude anything

12*

🔨 💢

Ok

Ive been using the cmd one alot, ill use this from now on

mtr is included in linux

I've been using it

What do the 3rd and 4th one mean

those are all hops on internet routers

first hop is usually to your home router

And the 2nd

that's ISP stuff

idk really know how that works

I got disconnected from my internet, my pc only, not my phone

Does the metal connector on my adapter that goes in the slot of the usb, if its hot, its normal right?

wait your using a usb adapter

Yes

Tplink ac600 t2u archer, something like that

there's the problem

I think

I dont have access to a ethernet cable yet

I have to use wireless for a few more weeks and its driving me nuts

Im sure there is a way to fix it right

I cant even connect to my wifi

@tame carbon Poor hAP ac2 only made it to ~half the v4 global table before she called it quits

@hollow marlin not enough memory

the hAP ac2 has neither a lot of storage

or a lot of ram

but do you really need the entire global table to use BGP?

I thought you can use it with a partial map

Well yeah. You should have min of a gig for full tables. Also I have the OG hAP ac2 that was "accidentally" shipped with 256mb ram instead of 128mb

what

vintage

Have 3 of them. 2 US and 1 EU for when I want give the finger to the FCC and spectrum

I should turn this into a meme

https://i.imgur.com/40vfd16.png

"Genuine router-on-a-stick"

+128mb

Ugh. What I did say before the bot stepped in is this was a lab and as someone with little programming experience was a nightmare to get working

mh?

this was a lab
This was a lab with exabgp/super-smash

ahh

ok sorry, I didnt quite follow

super-smash?

Finishing the full name is a nono before the bot deletes my comment

lmao

stupid filter

Basically exabgp builds the peering and super-smash- generates random NLRIs, send it to exabgp and it advertises the routes

oh so you feed your BGP table into exabgp

and it spits out rules for your device to configure?

Used for testing as it can be set to advertise/widthdraw rapidly to test your hardware/convergence

It makes its own random tables

random?

My knowledge of bgp is poor at best

oh wait

are you using exabgp to generate test cases?

Simply, advertising routes such as 8.8.8.0/24 next-hop 1.2.3.4 is a basic NLRI. That is a single route. This would randomize the subnet/prefix list each run so it might be 8.8.8.8/32, 8.8.0.0/16, etc. Much more to NLRIs but that is the basics

8.8.8.0/24 would be the source network ?

or what is that nexthop

Thats the route

yeah thats between two entities though?

Correct

where's the network information of the other side?

is it just their router?

oh wait, a router announces its own network, and its neighbors ?

So when it advertises 8.8.8.0/24 next-hop 1.2.3.4, it is saying if you want to reach an IP within 8.8.8.0/24, send it to 1.2.3.4

that sounds... insecure

lol by design

is there a way I can more easily learn BGP?

there's no use for me in it, since i only have a static route here

yeah, weren't there attacks by reporting bogus routes

Thats how routing works. There are plenty of security measures in place. But with BGP you need to specifically setup the peering, you can't just start peering and advertising routes

idk how any of this works either

BGP is simple, but complex at the same time. The former because the amount you have to take into account, not specifically the protocol

BGP - It's like you're at home or running through a field of flowers. Except the flowers explode if you touch them and your home is nothing but pins and needles 😄

BGP is fun though

I could give you the run down some time with a screen share. If you get into networking as a career, its something you will need to know

I still have 1000+ page books on BGP 🙂
Edit: or maybe it was 500 pages, it was a lot

its mostly just a sidething I got into 1 year ago

grew out of developing my own software and running linux systems

just a hobby

professionally I just write code

dont really do networking stuff

maybe help the odd client fix a networking problem

or run some ethernet

So many 1000+ page books on it

having a statically routed subnet to my WAN

is the first time I even did a manual network config

before, I always had a shitty $isp router

lol I love IRC sometimes, random channel I was in

<DuckBot> ・゜゜・。。・ ​ ゜゜\​_ö< q​uack!
<Crystal> and it has lots of plugins and modules
<Crystal> .bang
<DuckBot> Crystal you shot a duck in 7.441 seconds! You have killed 13 ducks in ##.

@waxen scroll snagit is giving me some real trouble in recording performance. the support ppl just asked me to give them a procmon log. I think that's the first time i ever had support ask for such a useful log to dig deeper into fixing the root problem.

Does it slow down for you when you record short videos with it?

If i insert my username with all:all there can i have root privileges?

yep

I have a TV box that requires an internet connection, but it only has wired internet (ethernet) port.

My router is upstairs and the TV box is downstairs. I want to know if there's a possibility where I can get a WiFi extender with an ethernet port so I connect it to my TV box

Can someone help

@oak night don't modify the sudoers file

use usermod

on ubuntu the sudo permissions are tied to a user group

@forest wedge yes, it's called a wireless bridge, but for best experience just run ethernet

Or move the router

@peak cloak I don't want to

@oak night usermod -aG sudo username

Do you know an alternative @peak cloak

this gives a user account sudo permissions

Because I want to get wireless bridge but what would be the best for my situation

@waxen scroll you shouldnt modify the sudoers file on an ubuntu system

Why?

@oak night that file is configured to run with the usergroups that ubuntu has configured

Ok

permission handling is done by assigning usergroups

groups like dialout are for accessing modems, etc

@peak cloak pls help?

I have a TV box that requires an internet connection, but it only has wired internet (ethernet) port.

My router is upstairs and the TV box is downstairs. I want to know if there's a possibility where I can get a WiFi extender with an ethernet port so I connect it to my TV box

If the speed isnt much of a concern and you can reach the wifi signal just get a cheap asus router (access point) or an extender

it will connect to the wifi and provide you with an ethernet port/s

https://www.amazon.com/Wireless-N300-Technology-streaming-performing-RT-N12/dp/B00DWFPDNO/ref=sr_1_1?dchild=1&keywords=asus+rtn12&qid=1610137835&sr=8-1 (2.4ghz only)

or

https://www.amazon.com/TP-Link-Extender-External-Antennas-TL-WA855RE/dp/B0195Y0A42/ref=sr_1_5?dchild=1&keywords=wifi+extender+ethernet&qid=1610137859&sr=8-5 (2.4ghz only)

If you cant get your hands on such device easily, or cant find something below $50 try to get your hands on a chromecast 🤷‍♂️

One message removed from a suspended account.

Does anyone know of a docker container that manages upnp port forwarding?

Hey I need help making my WiFi go upstairs and faster

Why do you want that? Your router should handle that. Containers don’t fully replace virtual machines you should make network appliances and put them in between environments

You can use something like istio inside an environment to restrict traffic between containers

I have containers such as emby that I want to access outside of my home network but im not allowed to access the router

Not entirely sure, if I was in your position I would use zerotier to connect it.

It would be safer than using port forwarding on your router as well

@thick minnow Im using DuckDNS to get a url with OpenVPN running on my server I just need to upnp port forward that

If someone can help me please ping me

ethernet

more Access Points

with a wired backhaul

how wopuld i go about that and whats do i need?

@peak cloak

depends on the house

my house is pretty small, so I only need one AP

I have this

https://www.tp-link.com/us/business-networking/ceiling-mount-access-point/eap225/

this is an Access Point, not a router

you really only want one router

Thank you

Hey all. I just purchased an Amplifi Alien router through BestBuy earlier today and it will arrive tomorrow, I'm curious to know if my 2.4Ghz 802.11ac IoT devices (smart outlet plugs, cameras, Echo devices, etc) will all work fine on the 2.4Ghz Wifi 6 network

I'd believe so. No reason it shouldn't

Okay, awesome. I was concerned that I screwed myself with compatibility

Is 802.11ac not compatible with Wifi6? To my knowedgle everything is backwards compatible

I think so, I was just looking to confirm that was the case.

I should really know this... I'm taking CCNA certifications at 16 ffs

lmao

Ah ha. Okay. 802.11ac works on the 5GHz band only, but will fall back to 802.11n which is 2.4GHz and 5GHz

802.11ac's theoretical bandwidth is 1,300 Mbps while 802.11n's theoretical bandwidth is 450 Mbps

Imo, I would highly doubt smart devices and cameras would saturate that 450 Mbps bandwtidth

Also... Are you sure you're using the full 802.11ac IoT devices at 802.11ac speeds and not 802.11n for the reason 802.11ac is a 5GHz band device?

Sorry for the spam 😂

I may or may not be up too fucking late and barely thinking

Well, I am unsure if my devices are ac or n variant. I have things like iHome plugs, Wyze plugs, an A/C unit that is Alexa controlled. All of these things use 2.4Ghz wifi, they don't work on 5Ghz so I was just hoping they will work on my Wifi 6 network on the 2.4Ghz band

Remember certs don't make the admin. I know more guys without any certs that outperform guys that can use them like wallpaper.

Then if they're using 2.4GHz they're at a maximum 802.11n, and since Wifi6 is backward compatible with 'older' standards like 802.11n and even older standards. I say 'older' loosely here because it's 'old' in the sense it's not the newest standard being adopted.

I'm not saying that certifications are everything, but I am saying I should probably know it 😂

I'm literally doing it right now for school

prolly simple question but I'm looking at routers to upgrade from my isp provided router. was wondering if wifi 6 routers have improved range or does it depend on the router and device i have

any one have experience with kvm over ip? is it affordable and reliable?

@tranquil berry wifi 6 currently is just improved scheduling, so better for crowded areas. WiFi 6e I think operates on 6ghz so it's faster, but because of the higher frequency can't penatrate walls as well. So 2.5ghz wifi, n, is the slowest but the longest range.

i like how my isp provided wifi comes with 2 ethernet port

So my router does not cover my entire house and I cant afford a mesh router system, I do however have a spare router in the house. What options do I have

Does ur 2nd router has AP function?

wait nvm

it doesnt

just checked

Some routers have AP mode in their configuration and some have Wireless repeater connection type available

I know there might be option to make it into one if you don't have those options. That would require flashing some 3rd party firmware like DD-WRT, but I'm not familiar enough with that to give any help on how to do that

ok, i may be dumb, but cant i just connect the two routers with a cable and have them working that way. i dont necessarily need wireless (i think what you are talking about is wireless)

You can also connect them using ethernet cable

Or just connect them both to modem incoming into your house/apartment

In that case just make sure that you set different channels for both of them so they wouldn't mess with other routers signal

nah the modem is not accesible. but if i just connect both by a cable do i have to configure/setup stuff

afaik DHCP should setup IP automatically

can i use something like this and just add multiple routers to it... whats the difference if i just connect them both

https://www.amazon.com/TP-Link-TL-SF1005D-5-Port-100Mbps-Desktop/dp/B000FNFSPY

Switch is best choice imo... It just splits ur network to multiple devices

spend the extra $5 and get a gigabit switch

I have switch myself... So I could have dedicated connection for PC and also two routers connected to switch

My WAN is stuck renewing. Any ideas on how to fix it or if its an issue

@trail hearth not obtaining an IP ?

Correct. Two DHCP servers on a bridge will cause conflicts

my connection is 100mbps, planning to downgrade to 50, so i dont feel the need to get a gigabit one

@deft reef you'll want gigabit

because if you do a download, it completely grinds local network traffic to a halt

local network should at least be an order of magnitude faster than your uplink

wait are u suggesting me to get a gigabit speed internet or a gigbait switch

Gigabit switch

@deft reef imagine having a NAS locally, and you are downloading something at 100mbit/s

if you then try to access the NAS, almost nothing will happen

because that 100M switch can't keep up, link is congested

if you have a 1G switch, even if you download at max speed

you still have 90% available in local traffic

I kinda get some of it....

Your max speed is as fast as the slowest link in the chain

@deft reef yeah, but the 2 networks won't see each other because of NAT

a 100M switch on a 100M internet plan, you are holding yourself back

If you do any local transfers you'll really feel it

only a little, and its worth the $10 investment ontop to get gigabit switching

for a 40 mbps plan

?

Youtube is giving me ads for this stupid scam: https://wifisuperconnector.com/WF1-ISP-INT-2.html?gclid=EAIaIQobChMInNa_-efy7AIVv8znAx03rQSEEAEYASAAEgJSJvD_BwE

@deft reef still. 100M is very slow comparatively

what does local transfer mean exactly?

@deft reef still you should go for a gigabit switch

PC to anything on your local network (NAS, other PC, etc)

@deft reef if you have a local network storage, and you stream a movie from it or something

nah, not planning to do anything

100M is slow, very slow. Only about 12,5 megabytes/second

Yeah, gigabit is the minimum standard today

gigabit ethernet is 125MB/s max

that's about as fast as a mechanical drive

@peak cloak "Doctors don't want you to know this secret"

lol, reminds me of clickbait advertising

only a bunch of casual users using youtube, netflix, browsing, downloading some games etc... does the local network storage thing still apply?

A gigabit switch isn't much more expensive and it's more future proof

this is honestly

first time ever, that i had to convince someone that gigabit is better and easier than fast ethernet

https://www.amazon.com/Mercusys-5-Port-Desktop-Switch-MS105G/dp/B07RK6CVS3/ref=sr_1_3?crid=11EKSA4DSMK7U&dchild=1&keywords=gigabit+switch+4+port&qid=1610199575&sprefix=gigabit+swit%2Caps%2C267&sr=8-3
how is this then. (available in my country)

thats even worse

that's a hub

its not even a switch

i linked the wrong thing

wait

https://www.amazon.in/TP-Link-TL-SG1005D-Gigabit-Ethernet-Unmanaged/dp/B00YMTNVEM/ref=sr_1_4?crid=11EKSA4DSMK7U&dchild=1&keywords=gigabit+switch+4+port&qid=1610199575&sprefix=gigabit+swit%2Caps%2C267&sr=8-4

TPLink SG105

thats the one you should get

its a $25 5-port gigabit switch

https://www.tp-link.com/us/business-networking/unmanaged-switch/tl-sg105/

you plug your router into one port

and whatever else you want to connect to your network

I have a similar switch, except mine has 8 ports

my only concern was I am not planning to get anything above 100 for a long time. most likely 40 mbps. then do i really have to get a gigabit switch. sorry, its just me being dumb

@deft reef yeah but this is futureproofing.

That switch will work for the next 5-10 years

And if you ever transfer data locally

you'll be glad you have gigabit

i will be leaving this house, its just for my parents.. and i doubt they will even need anything better than 100... but i see your point, ill just get the gigabit one

@deft reef I actually have a similair situation to yours

except I had to decide between gigabit and 10gigabit

I only have 250mbit/s internet

and have a 10G local network

thats 20x faster than my internet speed

but its nice. I can transfer a 1GB file in a couple seconds to my NAS

I will also be moving out eventually, but I have an above average network setup. I will eventually just probobly get a bigger unmanaged switch for them and leave behind the erx with vpn so I can troubleshoot problems they have without having to drive there

And take with me the rack and the managed switch

btw, i looked into it.... pretty sure this is same as the one you are suggesting but just not metal casing... the exact one that you specified is out of stock here
https://www.amazon.in/TP-Link-TL-SG1005D-Gigabit-Ethernet-Unmanaged/dp/B00YMTNVEM/ref=psdc_1375427031_t1_B00A128S24?th=1

to make 10gb network worth it for me I would need 50TB of ssd storage. 😒

btw another question

Yeah I have no use for 10g either

@primal ice not really. You can have your steam library on a NAS

1gb already saturates my 25TB HDD NAS.

then your NAS is awfully slow

so i plug my incoming fiber optic cable into my router, then one wire from router to the switch... then another from the switch to a different router... But now can i configure the routers in such a way that they are the same network?

@deft reef why do you have two routers?

Only if they have an AP mode or disable NAT

i have a spare one at home and want to use it to extend range

and it doesnt have ap mode

@deft reef ahh, so its purely a wireless access point then?

@deft reef if you plug the network into the LAN port, (instead of WAN). Disable DHCP

yes, so mobile devices can have coverage throughout the house

it can act as a switch + wifi

@tame carbon i dont think all routers will work like that but it's worth a try

most routers you can disable DHCP

I guess it will hhave a shorter range than an actual router, and why not use the one that i already have

You can ignore NAT settings, since you are not using WAN

@deft reef the thing that makes a router, "a router". is the fact that it differentiates between two kinds of ports

a 'WAN' for wider area network (or internet), and a LAN

I will try to do that with my old linksys router

@deft reef by disabling the DHCP server, only your primary router can hand out IP-addresses to local devices

this in effect, turns the router into a managed switch

ohhh... so I dont need a switch. and just plug one end of wire into lan of primary router and other end in wan of secondary? right?

(disabling dhcp)

@deft reef Yeah, the LAN port from RouterA goes to the LAN port of RouterB

ok, so both lan

RouterB has its DHCP disabled, and has an IP on the same subnet as routerA

For example

yeah don't use the WAN port of the second router.

RouterA: 192.168.1.1/24

RouterB: 192.168.1.2/24

to configure this I may ask upon advice again from you awesome ppl :P

if you connect to wifi from the RouterB, you get your IP address from the DHCP Server on A

If you didnt do it this way, you'd end up with two firewalls in series, and two subnets

this would make portforwarding a hellhole

what will this finally result in tho? two seperate wireless networks or something like a mesh router system

what

no

just one network

uhh, i mean

Wifi networks are just 'access points' to an ethernet network

he means the ssid and yeah depending on what the routers support you could have 4 ssid's you would have to assign.

ooow that networking

from a mobile device, will it auto connect to the strongest wifi signal from nearby router or will there be 2 different. (example routerA and routerB)

@deft reef oh that

yeah, clients automatically connect to the strongest known network

@deft reef you can connect to either one, and it will work the same way

I have like 3 access points on my local network

but there will be two right? i cant bypass getting a mesh router system by doing something like this