I was setting up a linux based firewall on a busy ntp server and to make sure everything worked as designed I added the usual:iptables -A INPUT -j ACCEPT --protocol all -m state --state ESTABLISHED,RELATEDAnd after less than half an hour the system log started filling withnf_conntrack: table full, dropping packet nf_conntrack: table full, dropping packet nf_conntrack: table full, dropping packet nf_conntrack: table full, dropping packetIt is indeed a busy server. The solution is to exclude all the ntp traffic from the stateful firewall. Which means I have to allow all kinds of ntp traffic (outgoing and incoming) by itself. The specific ruleset:iptables -t raw -A PREROUTING --protocol udp --dport 123 -j NOTRACK iptables -t raw -A OUTPUT --protocol udp --sport 123 -j NOTRACK iptables -A INPUT -j ACCEPT --protocol udp --destination-port 123I also made sure the rules for the ntp traffic are the first rules. Traffic at this server is somewhat over 1000 ntp request per second. So the counters of the NOTRACK rules go fast.# iptables -t raw -L -v Chain PREROUTING (policy ACCEPT 1652K packets, 126M bytes) pkts bytes target prot opt in out source destination 9635K 732M CT udp -- any any anywhere anywhere udp dpt:ntp NOTRACK 1650K 125M CT udp -- any any anywhere anywhere udp dpt:ntp NOTRACK Chain OUTPUT (policy ACCEPT 1522K packets, 117M bytes) pkts bytes target prot opt in out source destination 9029K 686M CT udp -- any any anywhere anywhere udp spt:ntp NOTRACK 1520K 116M CT udp -- any any anywhere anywhere udp spt:ntp NOTRACKBut no packets are dropped, which is good as this server is supposed to be under a constant DDoS.
: And they are back! New episodes showing up.
I noticed today one of the ntp servers I manage has been collecting ages of ntpd mode 7 probes without ever responding. But it makes a nice overview of probing IPv4 addresses:remote address port local address count m ver rstr avgint lstint =============================================================================== 126.96.36.199 1714 xxx.xxx.xxx.xxx 3 7 2 1 3413098 40058 188.8.131.52 14152 xxx.xxx.xxx.xxx 7 6 2 1 1107023 60553 184.108.40.206 33482 xxx.xxx.xxx.xxx 9 7 2 1 647886 73704 220.127.116.11 47493 xxx.xxx.xxx.xxx 2 7 2 1 12199 78678 18.104.22.168 33066 xxx.xxx.xxx.xxx 44 7 2 1 139771 83493 22.214.171.124 39353 xxx.xxx.xxx.xxx 1 7 2 1 0 84058 126.96.36.199 16124 xxx.xxx.xxx.xxx 4 7 2 1 1830407 127241 188.8.131.52 36749 xxx.xxx.xxx.xxx 1 7 2 1 0 138342 184.108.40.206 38141 xxx.xxx.xxx.xxx 12 7 2 1 147806 143793 220.127.116.11 33119 xxx.xxx.xxx.xxx 6 7 2 1 199742 180842 18.104.22.168 57630 xxx.xxx.xxx.xxx 6 7 2 1 968029 223794 22.214.171.124 34540 xxx.xxx.xxx.xxx 2 7 2 1 31910 251316 126.96.36.199 50130 xxx.xxx.xxx.xxx 3 7 2 1 2950157 308291 188.8.131.52 33716 xxx.xxx.xxx.xxx 2 7 2 1 853413 311971 184.108.40.206 30820 xxx.xxx.xxx.xxx 2 7 2 1 3258925 334017 220.127.116.11 35963 xxx.xxx.xxx.xxx 7 7 2 1 452131 339518 18.104.22.168 42895 xxx.xxx.xxx.xxx 10 7 2 1 692139 348753 22.214.171.124 51096 xxx.xxx.xxx.xxx 2 7 2 1 74579 392665 126.96.36.199 38393 xxx.xxx.xxx.xxx 2 7 2 1 3535530 394349 188.8.131.52 48871 xxx.xxx.xxx.xxx 2 7 2 1 537671 411921 184.108.40.206 34651 xxx.xxx.xxx.xxx 5 7 2 1 1361673 478157 220.127.116.11 37973 xxx.xxx.xxx.xxx 6 7 2 1 476469 502270 18.104.22.168 21269 xxx.xxx.xxx.xxx 10 7 2 1 718112 567076 22.214.171.124 38190 xxx.xxx.xxx.xxx 6 7 2 1 1107237 649625 126.96.36.199 54536 xxx.xxx.xxx.xxx 8 7 2 1 40836 721372 188.8.131.52 39857 xxx.xxx.xxx.xxx 2 7 2 1 415601 788308 184.108.40.206 36079 xxx.xxx.xxx.xxx 2 7 2 1 1501700 862267 220.127.116.11 37702 xxx.xxx.xxx.xxx 4 7 2 1 1637431 908028 18.104.22.168 47766 xxx.xxx.xxx.xxx 5 7 2 1 361160 913255 22.214.171.124 39122 xxx.xxx.xxx.xxx 2 7 2 1 109901 976174 126.96.36.199 34990 xxx.xxx.xxx.xxx 41 7 2 1 88999 1045070 188.8.131.52 38666 xxx.xxx.xxx.xxx 6 7 2 1 822261 1079624 184.108.40.206 54815 xxx.xxx.xxx.xxx 7 7 2 1 89032 1102095 220.127.116.11 48406 xxx.xxx.xxx.xxx 4 7 2 1 1133779 1198815 18.104.22.168 39660 xxx.xxx.xxx.xxx 3 7 2 1 1951322 1244586 22.214.171.124 39459 xxx.xxx.xxx.xxx 2 7 2 1 53072 1252190 126.96.36.199 51099 xxx.xxx.xxx.xxx 10 7 2 1 223881 1325320 188.8.131.52 34319 xxx.xxx.xxx.xxx 4 7 2 1 905995 1339133 184.108.40.206 15081 xxx.xxx.xxx.xxx 2 7 2 1 2932231 1430316 220.127.116.11 35972 xxx.xxx.xxx.xxx 2 7 2 1 1499287 1491171 18.104.22.168 43409 xxx.xxx.xxx.xxx 2 7 2 1 4255207 1497992 22.214.171.124 55927 xxx.xxx.xxx.xxx 3 7 2 1 1566148 1718947 126.96.36.199 41914 xxx.xxx.xxx.xxx 2 7 2 1 53524 1936953 188.8.131.52 41523 xxx.xxx.xxx.xxx 5 7 2 1 1112720 1948506 184.108.40.206 40862 xxx.xxx.xxx.xxx 2 7 2 1 1676933 1991259 220.127.116.11 45915 xxx.xxx.xxx.xxx 20 7 2 1 156321 2041538 18.104.22.168 45785 xxx.xxx.xxx.xxx 2 7 2 1 132706 2107890 22.214.171.124 35315 xxx.xxx.xxx.xxx 5 7 2 1 350936 2206670 126.96.36.199 30296 xxx.xxx.xxx.xxx 3 7 2 1 59063 2226284 188.8.131.52 40060 xxx.xxx.xxx.xxx 2 7 2 1 20615 2253429 184.108.40.206 56609 xxx.xxx.xxx.xxx 4 7 2 1 604491 2291452 220.127.116.11 123 xxx.xxx.xxx.xxx 2 7 2 1 85831 2381504 18.104.22.168 50367 xxx.xxx.xxx.xxx 2 7 2 1 868629 2449128 22.214.171.124 40815 xxx.xxx.xxx.xxx 2 7 2 1 182471 2525650 126.96.36.199 40640 xxx.xxx.xxx.xxx 2 7 2 1 66892 2715823 188.8.131.52 39284 xxx.xxx.xxx.xxx 4 7 2 1 163873 2759391 184.108.40.206 45371 xxx.xxx.xxx.xxx 2 7 2 1 92720 2768083 220.127.116.11 18637 xxx.xxx.xxx.xxx 2 7 0 1 802096 2787683 18.104.22.168 40362 xxx.xxx.xxx.xxx 37 7 2 1 85431 2983252 22.214.171.124 49125 xxx.xxx.xxx.xxx 4 7 2 1 60114 3023906 126.96.36.199 34969 xxx.xxx.xxx.xxx 2 7 2 1 254056 3095396 188.8.131.52 41025 xxx.xxx.xxx.xxx 2 7 2 1 107397 3103557 184.108.40.206 40409 xxx.xxx.xxx.xxx 5 7 2 1 206100 3224158 220.127.116.11 35814 xxx.xxx.xxx.xxx 2 7 2 1 571497 3264230 18.104.22.168 39557 xxx.xxx.xxx.xxx 2 7 2 1 52796 3292818 22.214.171.124 47756 xxx.xxx.xxx.xxx 2 7 2 1 242695 3296347 126.96.36.199 59698 xxx.xxx.xxx.xxx 8 7 2 1 246226 3446607 188.8.131.52 52301 xxx.xxx.xxx.xxx 2 7 2 1 839605 3455884 184.108.40.206 52337 xxx.xxx.xxx.xxx 4 7 2 1 1384 3648002 220.127.116.11 37602 xxx.xxx.xxx.xxx 2 7 2 1 752428 3652434 18.104.22.168 53586 xxx.xxx.xxx.xxx 3 7 2 1 103699 3796467 22.214.171.124 52224 xxx.xxx.xxx.xxx 2 7 2 1 138668 3837468 126.96.36.199 42111 xxx.xxx.xxx.xxx 4 7 2 1 608618 3932262 188.8.131.52 59987 xxx.xxx.xxx.xxx 2 7 2 1 143642 4096101 184.108.40.206 40165 xxx.xxx.xxx.xxx 4 7 2 1 146715 4317577 220.127.116.11 55857 xxx.xxx.xxx.xxx 4 7 2 1 115972 4329305 18.104.22.168 49717 xxx.xxx.xxx.xxx 4 7 2 1 314874 4463013 22.214.171.124 58611 xxx.xxx.xxx.xxx 3 7 2 1 359548 4485937 126.96.36.199 56661 xxx.xxx.xxx.xxx 7 7 2 1 176060 4516810 188.8.131.52 58043 xxx.xxx.xxx.xxx 2 7 2 1 687406 4684505 184.108.40.206 46254 xxx.xxx.xxx.xxx 2 7 2 1 1263073 4750583 220.127.116.11 49259 xxx.xxx.xxx.xxx 2 7 2 1 329846 5160890 18.104.22.168 6065 xxx.xxx.xxx.xxx 3 7 0 1 101832 5558503 22.214.171.124 33999 xxx.xxx.xxx.xxx 3 7 2 1 90416 5655119 126.96.36.199 52973 xxx.xxx.xxx.xxx 2 7 2 1 2174 5717159 188.8.131.52 59170 xxx.xxx.xxx.xxx 2 7 2 1 47838 5847404 184.108.40.206 39141 xxx.xxx.xxx.xxx 2 7 2 1 4837 5895126All IP addresses with only 1 packet removed.
: Has anyone created a mediawiki template/plugin/... to use the first traffic light protocol in mediawiki? I'd like to classify pages in our internal cert documentation.
We hebben al een paar keer gehad dat er plastic afval achterbleef in de container daarvoor. Vandaag was het ophaaldag en zat de container vrij vol, maar ongeveer de onderste 1/3e bleef zitten. De niet zo milieuvriendelijke oplossing is om wat er overblijft in een vuilniszak te stoppen en die bij het restafval te doen. Ik heb toch maar een vriendelijke melding aan de gemeente gedaan of daar iets aan te verbeteren is. Ik ben benieuwd. Update: Reactie van de gemeente:Uw melding is opgenomen in de reguliere werkzaamheden. Het kan daardoor enige tijd duren voordat uw melding zichtbaar is opgelost.Klinkt een beetje als een standaardtekst voor afvalinzamelingsproblemen. Maar ik ga het een paar keer aankijken hoe het gaat.
As planned I participated in the UBA PSK63 prefix contest in the weekend. Activity was Saturday evening and Sunday morning interrupted by some good sleep. Compared to my experiences in the ARRL RTTY roundup one weekend earlier the 40 meter band decided to act quite differently. On Saturday evening it was quite hard to make a contact. A lot of interference, no far away stations and it was hard to get heard by the other side. I stopped before 22:00 UTC (23:00 localtime) because I thought some sleep would be more effective than getting annoyed by the lack of contacts. Indeed, Sunday morning things got better although I heard only nearby signals on the 40 meter band, including some Belgian stations. No serious DX. Belgian stations are good for extra multipliers so it was good for the score. In the end I made 76 contacts. The last contact was started by a CQ I called at 11:59 UTC but it was only answered at 12:00, so it does count but I had to note it in the log as originating at 11:59 where the software normally logs the moment I see the callsign for the first time. Log submitted and de Veron afdelingscompetitie updated.Read the rest of I participated in the UBA PSK63 prefix contest
Note beforehand: I have not tested this procedure, every time I needed it it was faster to boot Windows to run the utility Draytek has available. I needed the recovery procedure again: there was a new firmware 3.8.12 with newer VDSL modem driver and the standard update via the webinterface failed. I just want to keep the notes from "OzCableguy" since his shop and blog have gone. I found the saved version via archive.org, Updating Draytek firmare using the MacOS X or UNIX command line and TFTP - OzCableguy.Draytek modems have several methods available to update their firmware. You can use the Firmware Upgrade Utility under Windows, load it from the web interface via HTTP, FTP the file to the modem or use the TFTP (Trivial File Transfer Protocol) service built into the box. If your modem has been bricked you can’t use FTP or HTTP. If you don’t want to use Windows or go through the web interface, then this TFTP method is a viable alternative. Note that unlike a lot of other boxes using TFTP to load firmware, the Draytek is acting as a TFTP server, the UNIX/MacOS box as a client and you PUT the file onto the modem. It is normally the other way around, but that needs some extra setup steps that are conveniently avoided with this method. The firmware comes in two pieces. Use the .rst version of the file if you want to change the modem settings back to factory defaults, use the .all file to keep the current settings (.all may not be a good option if the modem is bricked). Secondly you need an ethernet interface on your Mac or UNIX box set to the subnet 192.168.1.0 (eg: with IP address 192.168.1.10) so that you can talk to the modem at its default IP address of 192.168.1.1. If the modem is up and running (and not bricked), you should now be able to ping it ..And this last bit is where the windows utility is better: it will tell you when the recovery is done and a success. With a commandline tool you'll just have to wait for the leds to blink right. After all the recovery and the waiting the modem works again and the line is stable. I chose the 'modem6' version again. I may try the 'modem5' and 'modem4' version too to see whether I can get lower latency without losing stability. Although the improvement may be in the single digit millisecond range so it would be a lot of work for very little improvement.$ ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.309 ms 64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.421 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.409 ms ^C —-192.168.1.1 PING Statistics—- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.309/0.380/0.421/0.050 ms$If your modem is really bricked then the ping will only work when the modem is actually in TFTP upload mode as below. You can ignore this step, it just demonstrates that the ethernet cable is working. Now we can upload the firmware. With the modem powered off, press and hold the factory reset button, then power up the modem. Continue to hold the button down until ’some’ of the lights flash together. On the Vigor2820Vn ’some’ is the left column of three. On the 2800 and 2910 the left two LEDs flash. Release the button and on your UNIX/MacOS box type the following commands (note that the modem only stays in TFTP mode for a short time, you can actually type right up to the end of the put command and just press return when the left-hand modem lights start flashing). The name of the firmware and the number of bytes transmitted depend on the product you are trying to recover.$ tftp 192.168.1.1 tftp> binary tftp> put v2820_v03301_211011_A.rst Sent 4973144 bytes in 13.1 seconds tftp> quit $There will be a pause after the ‘put’ command, but your modem ethernet port light should be flashing madly. The transfer is done when you get the “Sent” message. Quit the TFTP client and perhaps your Terminal session, there’s nothing more to see. What happens next isn’t really documented but we presume that the modem has to unpack the firmware and load it into flash. On our 2820Vn the column of 3 lights continued to flash, but gradually slowed down, speeded up, then slowed again. Eventually after a minute or two the modem rebooted in the normal fashion. Just be patient.
As in previous years, I am planning to participate in the UBA PSK63 Prefix Contest in the upcoming weekend. I can't participate for 24 hours since other things have to be done too in the weekend including the all important 'sleep'. I just finished the preparations:Read the rest of I am planning to participate in the UBA PSK63 contest
On Saturday evening the 20 meter band will probably be closed by the time I am available for contesting. So I'll start on the 40 meter band. The choice for 40 meter band only or all band will have to be made on Sunday morning, depending on the amount of new contacts I can make in the 40 meter band.
- The endfed antenna for 10/20/40 is hanging outside
- The contest macros have been updated to call CQ UBA PFX TEST
For the past weekend I had the ARRL RTTY Roundup planned, meaning I had reserved time in the family calendar. Other things had to happen too but I reserved time for contesting and made sure I had the right macros available before the contest started. I hoped to find time to set up the endfed antenna before the contest but that did not happen so it was the first thing to do when we got home at the beginning of Saturday evening. In the contest I only operated on the 40 meter band. Most of the time I was able to participate were in the dark when I did not expect the 20 meter band to cooperate and I thought that operating in just one band would make me end higher in the rankings for that more specific category. Only after the contest I read the rules exactly and noticed that this specific contest does not differentiate between single and multi band operation. In the end I made 95 contacts. Local noise is high in my current setup so only the strongest stations came through the noise. I made only one contact in CQ mode, the rest was search and pounce. Propagation wasn't really good until late in the evenings when I managed to score some US contacts. I did see someone from Prince Edwards Island in Canada but that station did not hear me return. I noticed WP2B did not give me a US state but a serial number and found out that is a US Virgin Island callsign, so that was a new country for me. In the end a nice contest. For upcoming contests: check the rules / propagation predictions and plan my strategy.Read the rest of I participated in the ARRL RTTY Roundup 2018
Ik wilde vandaag iets betalen in een website en die kwam vervolgens met "Mastercard securecode". Alleen de manier waarop was dusdanig dat ik de betaling afgebroken heb omdat ik het niet vertrouwde. De afhandeling van Mastercard securecode was binnen een iframe van de website, in een compleet andere stijl dan de website. Vervolgens bleek bij het opvragen van details dat dat iframe komt van https://www.securesuite.co.uk/ing_retail/ wat geen EV certificaat heeft. Na het vragen om de creditcard gegevens kwam een vraag over de rekening die gekoppeld is aan de creditcard en een geboortedatum. Of dat gaat om mijn geboortedatum of die van de persoon van wie de creditcard is stond er niet bij. Dus een ernstige phishing poging of een slechte implementatie van het voorkomen van fraude. Ooit heb ik de mastercard secure code ingesteld, en daar werd ook niet naar gevraagd. Ik heb er voor gekozen de betaling af te breken. In 2010 schreef al iemand hierover: Verified by Visa and Mastercard SecureCode are broken and need to be fixed. Sindsdien is de enige verandering dat ik nu een EV certificaat op zo'n site zou verwachten. En dat heeft www.securesuite.co.uk niet.
After spending an evening fixing scripts on The Virtual Bookcase to make them run in PHP 7 and make them safer at the same time I came to the conclusion that I still don't like php. My conclusion is that if I want to maintain sites I'd rather redo them in perl. I noticed any serious maintenance on the scripts of The Virtual Bookcase was 9 years ago (!). That was also when I had the habit of writing maintenance scripts in perl and web code in php. The upside is that a part of the page-generating code is already available in perl. But a rewrite is a task for another day. For now the site works cleanly in PHP 7 (and 5) and I can go on to the next task for moving the homeserver.Read the rest of Fixing stuff in The Virtual Bookcase for PHP 7
In building the new homeserver there is also time to test things and improve robustness a bit (although I should not overdo it). The one thing that forces me to look at some web-code again is that the new servers run PHP version 7. Some of my code is giving warnings, time to fix that. But I haven't written any serious PHP in ages, I just rewrote sites in mod_perl. So my PHP is rusty and needs work, especially with PHP 7. It's a good thing I use version management, which allows me to test the fixes on the development version(s) of the site and push them to the production version when I'm happy with the results. Some of the things I notice that could improve go on the todo list. One thing I did notice and fixed right away was that the CVS metadata inside the web directories could be requested too. Although I find no serious security information in there it is still an unwanted information leak.
Ik wilde voor het einde van 2017 nog een keer een DAB scan doen, omdat alle lokale DAB multiplexen tijdelijke proeven zijn die per 31-12-2017 aflopen. Maar weer geen lokale multiplexen in de scan.Read the rest of Laatste DAB scan van 2017: nog geen lokale multiplexen
Since the powerfailure that caused problems for the weatherstation computer ritchie and the conclusion that even after the bios upgrade the serial ports kept failing there was no 'inside the shed' temperature. But this week I needed a better view of the temperature inside the shed as we're using it to keep some meat cool. So I heated up the soldering iron and the heatshrink gun and made a cable with two DS18B20 sensors in it. I decided that if I started on measuring temperatures inside the shed I also wanted the temperature near the roof. The interesting bit was adding the two sensors to the w1retap configuration. It seems the whole 1820 family of temperature sensors needs to be set up as a 'DS1820' and w1retap will find out how to read it. Resulting configuration:28F24C5602000054:DS1820:Tempinside:TEMP0:⁰C:: 286B545602000031:DS1820:Temproof:TEMP0:⁰C::and now I have logging of the temperatures:2017-12-29T16:28:00+0100 Tempinside 2.812500 ⁰C 2017-12-29T16:28:00+0100 Temproof 2.687500 ⁰CAnd it helps us to determine when we need to make space in our fridge and move some other things to the shed to keep them somewhat cool.
Before I expose anything to the outside world I want the access controls to work as I expect, but things have changed a lot in Apache 2.4. Standard for a site that's normally available is now in 2.4:<Directory "/home/httpd/idefix/html"> Require all granted </Directory>(and any other needed options). But for development systems I want a username/password request to access them. This part took a bit of work to get right. First I found Upgrading to 2.4 from 2.2 - Apache HTTP Server Version 2.4 has a repeating typo in the authorization samples:AuthBasicProviderisn't going to work, giving
FileUnknown Authn provider: Fileerror messages. The right bit is:AuthBasicProvider fileThe difference one letter makes. That also did not give me a working configuration, leading to interesting errors in the log of type:AH00027: No authentication done but request not allowed without authentication for /. Authentication not configured?Which turned out to be a missing bit in the samples in the same document: the AuthType is needed too. The full now working access rule is:<Location "/"> AuthType Basic AuthBasicProvider file AuthUserFile /home/httpd/data/sitemanagers AuthName "Koos z'n Doos beheer" <RequireAny> Require valid-user </RequireAny> </Location>The use of RequireAny allows me to add trusted IP ranges so that the site is reachable from a trusted IP address or after using http basic authentication. The good news is that the samples in Authentication and Authorization - Apache HTTP Server Version 2.4 are correct.
In the new homeserver I want an haproxy running on the "router" so it can route http requests to the right backend. At the moment I am testing this and after the 'http' config I'm now testing the 'https' part. To keep things consistent things that come in via https also get requested via https from the backends. For testing I have some ports on the main server forwarded to haproxy so I can test with all aspects of host-header based routing. After some searching I found out that when I visit http://developer.urlurl.org:8080/ the header is set toHost: developer.urlurl.org:8080And this wasn't routed to the 'development' server. The production server is the 'default' so I searched for the right incantation to test the domain name part and found:acl devsite hdr_dom(host) -i developer.urlurl.orgAnd now it's a config that will test on developer.urlurl.org port 8080 and will run on port 80 too. I like configurations that I can test before bringing them into production.
While doing some upgrades on new homeserver I ran into a problem with the tun/tap network driver which is needed for virtual machines, giving the error messageDec 27 21:41:51 conway kernel: [ 266.832675] tun: Unknown symbol dev_get_valid_name (err 0)Since virtual machines are the main thing to run in this machine I needed this driver to work. Searching for solutions found the suggestion to reinstall the linux kernel image, which I did:# apt-get install --reinstall linux-image-$(uname -r) # apt-mark auto linux-image-$(uname -r)After which the system came up fine but without a network connection it seemed. This is irritating as the homeserver is in the attic and I found out the VGA screen up there does not cooperate with the new server. So another VGA screen got dragged up there to fix it. Some searching later I found the eth2 and eth3 interfaces got swapped from what I expected. These are the two mainboard interfaces, both Intel interfaces but with different chipsets. There is a /etc/udev/rules.d/70-persistent-net.rules which sets this up but it isn't working at the moment: In the system logs:[ 2.833442] udevd: Error changing net interface name eth2 to eth3: File exists [ 2.834309] udevd: could not rename interface '4' from 'eth2' to 'eth3': File exists [ 2.866356] udevd: Error changing net interface name eth3 to eth2: File exists [ 2.868197] udevd: could not rename interface '5' from 'eth3' to 'eth2': File existsMaybe different names that don't start with eth will work better to get truely persistant names as the current situation isn't very stable and reliable. After all the work the tun/tap driver works again so the virtual machines now start fine.
Yesterday on the 26th of December I saw FT8 activity on the 10 meter amateur radio band (28.0 MHz-29.7 MHz) and made a few contacts. Propagation dropped around 12:35 UTC after which I made one contact with a nearby amateur. Today I spun the big dial on the radio to the 10 meter band after dark and made contacts (around 17:20 UTC). This is extra special as the maximum frequency at which propagation across the ionosphere occurs drops after the sun stops illuminating it and therefore the 10 meter band is the first band to drop after sunset. All this was predicted: the most recent 'space weather news' had some good news for radio amateurs. Today I found an article The sun will probably knock out the grid someday | Popular Science which mentions the 'Space Weather Woman' Tamitha Skov and her youtube channel TamithaSkov. I have watched a few episodes and I read articles here and there with the predictions of solar flares and solar wind.Read the rest of The 10 meter band is alive the last few days
This morning I noticed some to me new amounts of sshd noise in the log:Dec 26 01:55:43 server sshd: Bad protocol version identification '\200F\001\003\001' from 220.127.116.11 Dec 26 01:56:24 server sshd: Bad protocol version identification '\200F\001\003\001' from 18.104.22.168 Dec 26 01:56:53 server sshd: Bad protocol version identification '\200F\001\003\001' from 22.214.171.124 Dec 26 01:57:33 server sshd: Bad protocol version identification '\200F\001\003\001' from 126.96.36.199 Dec 26 01:58:17 server sshd: Bad protocol version identification '\200F\001\003\001' from 188.8.131.52 Dec 26 01:58:51 server sshd: Bad protocol version identification '\200F\001\003\001' from 184.108.40.206 Dec 26 01:59:32 server sshd: Bad protocol version identification '\200F\001\003\001' from 220.127.116.11Dec 26 12:07:58 server sshd: Bad protocol version identification '\200F\001\003\001' from 18.104.22.168 Dec 26 12:08:55 server sshd: Bad protocol version identification '\200F\001\003\001' from 22.214.171.124 Dec 26 12:09:52 server sshd: Bad protocol version identification '\200F\001\003\001' from 126.96.36.199Going on and on and on and.. So I looked it up and found How to block Bad protocol version? · Issue #1284 · fail2ban/fail2ban · GitHub which has a simple rule to block this with fail2ban. As soon as the sshd.local was loaded a block was set for 188.8.131.52.