Mozilla performing pdf.js DNS queries?
Hi, Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Has anyone else come across these lookups? Kind regards, Seth
RE: Mozilla performing pdf.js DNS queries?
Pdf is quite a standard. One might wonder what it cannot do. One could call it evil. http://superuser.com/questions/368486/link-to-image-within-pdf-and-have-the-image-displayed David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) -Oorspronkelijk bericht- Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Seth Mos Verzonden: Thursday, November 13, 2014 2:26 PM Aan: NANOG list Onderwerp: Mozilla performing pdf.js DNS queries? Hi, Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Has anyone else come across these lookups? Kind regards, Seth
Re: Mozilla performing pdf.js DNS queries?
David Hofstee schreef op 13-11-2014 14:39: Pdf is quite a standard. One might wonder what it cannot do. One could call it evil. http://superuser.com/questions/368486/link-to-image-within-pdf-and-have-the-image-displayed Ah yes, a image within a PDF could definitely do this I suppose. I just thought it odd that the browser would leak this out. dnsmasq[3151]: query[A] pdf.js from 10.6.24.11 dnsmasq[3151]: query[] pdf.js from 10.6.24.11 dnsmasq[3151]: query[A] pdf.js from 10.6.24.11 dnsmasq[3151]: query[] pdf.js from 10.6.24.11 This could become a whole can of worms if a .js TLD ever makes it to the internet and registers this domain name. We see this from Ubuntu terminals running Mozilla Firefox 33.0 Best regards, Seth David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) -Oorspronkelijk bericht- Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Seth Mos Verzonden: Thursday, November 13, 2014 2:26 PM Aan: NANOG list Onderwerp: Mozilla performing pdf.js DNS queries? Hi, Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Has anyone else come across these lookups? Kind regards, Seth
Re: Mozilla performing pdf.js DNS queries?
On Thu, 13 Nov 2014 14:26:28 +0100, Seth Mos said: Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Totally wild shot in the dark - recent Mozilla have an onboard PDF viewer written in javascript called pdf.js http://en.wikipedia.org/wiki/PDF.js It's callable from within other javascript via chrome:// or resource:// references, but sometimes people don't get it right: http://superuser.com/questions/614002/how-to-open-pdf-js-in-firefox-via-chrome-url My guess is that somebody else didn't quite get it right, and is trying to get to the hostname when they intended to get to the javascript. pgpnqC0LkwArK.pgp Description: PGP signature
Re: Mozilla performing pdf.js DNS queries?
@darq 17:40 ircperson oof. apparently .prod is a TLD now @darq 17:40 ircperson and a friend's environment is basically on fire. @darq HAHAHA /kc On Thu, Nov 13, 2014 at 12:00:56PM -0500, valdis.kletni...@vt.edu said: On Thu, 13 Nov 2014 14:26:28 +0100, Seth Mos said: Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Totally wild shot in the dark - recent Mozilla have an onboard PDF viewer written in javascript called pdf.js http://en.wikipedia.org/wiki/PDF.js It's callable from within other javascript via chrome:// or resource:// references, but sometimes people don't get it right: http://superuser.com/questions/614002/how-to-open-pdf-js-in-firefox-via-chrome-url My guess is that somebody else didn't quite get it right, and is trying to get to the hostname when they intended to get to the javascript. -- Ken Chase - k...@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
AS7381 clue listening?
We have the appropriate tickets and formalities in flight, but wondering if someone of clueful status from AS7381 is listening. We are seeing indications your interface to AS3356 in CHI may be reaching congestion. We are getting the we'll have an engineer call you back treatment most of the day. Off list please.
Re: Mozilla performing pdf.js DNS queries?
On Nov 13, 2014, at 8:42 AM, Ken Chase m...@sizone.org wrote: @darq 17:40 ircperson oof. apparently .prod is a TLD now @darq 17:40 ircperson and a friend's environment is basically on fire. @darq HAHAHA https://www.icann.org/resources/pages/name-collision-2013-12-06-en Regards, -drc signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Mozilla performing pdf.js DNS queries?
https://bugzilla.mozilla.org/show_bug.cgi?id=1098415 has been filed to track this issue. ~reed On Thu, Nov 13, 2014 at 5:26 AM, Seth Mos seth@dds.nl wrote: Hi, Whilst rummaging through some DNS (dnsmasq) logs I've noticed quite a decent amount of queries for pdf.js from what appear to be mozilla browsers. Seems rather odd that it is performing DNS queries for a internal PDF viewer. Has anyone else come across these lookups? Kind regards, Seth
AS4826 leaking at Any2 LA?
We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826. Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We filtered them out, but thought other folks should know just in case. I also did call their NOC send them a copy of my notes - just thought I'd throw this out there! Regards, Randal
Re: Mozilla performing pdf.js DNS queries?
On 11/13/2014 08:27, Seth Mos wrote: We see this from Ubuntu terminals running Mozilla Firefox 33.0 I have personally declared FF33 to be a pinnacle disaster in a long string of disasters. I don't have the wherewithal, time, or desire to sort out what new breakages there are and which are just unfortunate coincidences. Most annoying is that with either FF or TB running, my windows 8.1 machine hangs for minutes at a time. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: AS4826 leaking at Any2 LA?
Kudos where due - Vocus' NOC picked up and knowledgeably directed me where to go, Craig is on here advising within 20 minutes, and I received a separate note from another Vocus network engineer who provided an insightful explanation and resolution. Good work, and thanks for your quick responses! Randal On Thu, Nov 13, 2014 at 5:27 PM, Craig Spiers craig.spi...@vocus.co.nz wrote: Hi Randal, I have put an interim solution in place to stop this - a more permanent solution requires some customer involvement. For the time being - you can consider this issue closed. Cheers Kind regards, *Craig Spiers* * | Senior Network Engineer * *M*: +64 21 511 523 *D*: +64 9 913 9672 *E*: craig.spi...@vocus.co.nz *P*: 0800 VOCUS NZ or +64 9 912 8899 *W*: vocus.co.nz http://www.vocus.co.nz/ *A*: 7a Parkhead Place, Albany, Auckland 0632, NZ On 14 November 2014 at 12:57:07 pm, randal k (na...@data102.com) wrote: We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826. Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We filtered them out, but thought other folks should know just in case. I also did call their NOC send them a copy of my notes - just thought I'd throw this out there! Regards, Randal
Linux router traffic monitoring, how? netflow?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, I have a tiny linux router based on ubuntu and sometimes I get a massive load of UDP traffic because of one of the PCs in the network. Usually I handle the situation with a strict block using iptables. The main issue is to find it due to the load. For now I am monitoring the traffic load using MRTG but it won't notify me. I can try to use nagios to monitor traffic load for a period of time but before I start working on it I want another person opinion and options. I have seen netflow in the past but never actually used it. Thanks in advance, Eliezer -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4 cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2 IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM= =gZaZ -END PGP SIGNATURE-
Re: Tech Laptop with DB9
AirCable is also good if you have Bluetooth available. I use that for Bluetooth and AirConsole with a tablet. https://www.aircable.net/products/serial5x.php On Wed, Nov 12, 2014 at 1:56 AM, g...@1337.io g...@1337.io wrote: My CF-19 does the trick quite nicely On 11/10/14 12:39 PM, Max Clark wrote: Hi all, DB9 ports seem to be a nearly extinct feature on laptops. Any suggestions on a cheap laptop for use in field support (with an onboard DB9)? Thanks, Max
Re: AS4826 leaking at Any2 LA?
Hi Randal, I’m taking a look at this for you right now. Cheers Kind regards, Craig Spiers | Senior Network Engineer M: +64 21 511 523tel://+64 21 511 523 D: +64 9 913 9672 E: craig.spi...@vocus.co.nzmailto:craig.spi...@vocus.co.nz P: 0800 VOCUS NZ or +64 9 912 8899 W: vocus.co.nzhttp://www.vocus.co.nz/ A: 7a Parkhead Place, Albany, Auckland 0632, NZ [Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png] On 14 November 2014 at 12:57:07 pm, randal k (na...@data102.commailto:na...@data102.com) wrote: We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826. Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We filtered them out, but thought other folks should know just in case. I also did call their NOC send them a copy of my notes - just thought I'd throw this out there! Regards, Randal image001.png@01CFACB3.94A9E780 Description: image001.png@01CFACB3.94A9E780
Re: AS4826 leaking at Any2 LA?
Hi Randal, I have put an interim solution in place to stop this - a more permanent solution requires some customer involvement. For the time being - you can consider this issue closed. Cheers Kind regards, Craig Spiers | Senior Network Engineer M: +64 21 511 523tel://+64 21 511 523 D: +64 9 913 9672 E: craig.spi...@vocus.co.nzmailto:craig.spi...@vocus.co.nz P: 0800 VOCUS NZ or +64 9 912 8899 W: vocus.co.nzhttp://www.vocus.co.nz/ A: 7a Parkhead Place, Albany, Auckland 0632, NZ [Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png] On 14 November 2014 at 12:57:07 pm, randal k (na...@data102.commailto:na...@data102.com) wrote: We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826. Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We filtered them out, but thought other folks should know just in case. I also did call their NOC send them a copy of my notes - just thought I'd throw this out there! Regards, Randal image001.png@01CFACB3.94A9E780 Description: image001.png@01CFACB3.94A9E780
Route Science
Does anyone still have a Route Science box running out there? Our enterprise still has a box running and working. Just curious..;-)
RE: Linux router traffic monitoring, how? netflow?
Hello Eliezer. Netflow will be the best solution to find the host that's generate load. First you need decide what netflow analyzer you'll use. I know about some plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu router. Also you have another way, you can monitor (snmp traffic) all ports on switches and then find analyze. B.R. Murat -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eliezer Croitoru Sent: Thursday, November 13, 2014 8:10 PM To: nanog@nanog.org Subject: Linux router traffic monitoring, how? netflow? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, I have a tiny linux router based on ubuntu and sometimes I get a massive load of UDP traffic because of one of the PCs in the network. Usually I handle the situation with a strict block using iptables. The main issue is to find it due to the load. For now I am monitoring the traffic load using MRTG but it won't notify me. I can try to use nagios to monitor traffic load for a period of time but before I start working on it I want another person opinion and options. I have seen netflow in the past but never actually used it. Thanks in advance, Eliezer -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4 cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2 IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM= =gZaZ -END PGP SIGNATURE-
Re: Linux router traffic monitoring, how? netflow?
Hello I've used ntop in the past with great success. ntop.org Regards Wayne On 14 November 2014 02:35, Murat Kaipov mkai...@outlook.com wrote: Hello Eliezer. Netflow will be the best solution to find the host that's generate load. First you need decide what netflow analyzer you'll use. I know about some plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu router. Also you have another way, you can monitor (snmp traffic) all ports on switches and then find analyze. B.R. Murat -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eliezer Croitoru Sent: Thursday, November 13, 2014 8:10 PM To: nanog@nanog.org Subject: Linux router traffic monitoring, how? netflow? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, I have a tiny linux router based on ubuntu and sometimes I get a massive load of UDP traffic because of one of the PCs in the network. Usually I handle the situation with a strict block using iptables. The main issue is to find it due to the load. For now I am monitoring the traffic load using MRTG but it won't notify me. I can try to use nagios to monitor traffic load for a period of time but before I start working on it I want another person opinion and options. I have seen netflow in the past but never actually used it. Thanks in advance, Eliezer -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4 cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2 IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM= =gZaZ -END PGP SIGNATURE-
