XMPP Service Operators - 2023-12-06


  1. nuegia.net

    I'm getting some really weird packets from 2a02:16a8:dc4:910::24f3

  2. nuegia.net

    anybody know what that is?

  3. nuegia.net

    their trying to send stanzas to my server claiming the stanza originating from a domain a control with a jid i know for a fact does not exist and has never existed

  4. kwaku

    how?

  5. moparisthebest

    how are they connecting enough that you'd let them send a stanza?

  6. nuegia.net

    i'm not letting them sending it i'm analyinzing packet captures

  7. nuegia.net

    this is what their sending

  8. nuegia.net

    <stream:stream to='nuegia.net' from='blackbox@nuegia.net' version='1.0' xml:lang='en' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'>

  9. nuegia.net

    there's no blackbox

  10. nuegia.net

    <?xml version="1.0" encoding="UTF-8"?><stream:stream to='nuegia.net' from='blackbox@nuegia.net' version='1.0' xml:lang='en' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>...........'kIBq..O.M....4t+....IZ?.M.~.... -..F... '..n.... ..........U.....&./.0.+.,....... ... ...../.5... ............... .. nuegia.net.......... . ................. ......................................+. ..........3.&.$... ^..T$y...i<.:>E.A..xa.x.^.u..2@c..........5.. #.....u+T...p.....q....6..Q.N*>}{.?.L.C>9..............,9g..Y. |..... 0.(+.H.Q4.....\..Rw......2p{._D....S.?!.......Tt..PK:v.w....sqX[......b.!9...|f.. m.g....&........t.l~oM..X..bP......sg..%+..a............z_.`....$...R..=..Y..9..[YG.?$..M.....5..7...\.<.bC$...i}.....!....4cY!..f.......J.~W.6..D..^.|9

  11. nuegia.net

    they send that packet and then starttls

  12. kwaku

    nuegia.net, that is jonas s IP

  13. moparisthebest

    so it's just a client trying to log in ?

  14. kwaku

    that might be some XMPP test bot

  15. nuegia.net

    jonas’, what's the purpose of this?

  16. Martin

    ojn?

  17. nuegia.net

    > so it's just a client trying to log in ? no blackbox@nuegia.net exists

  18. nuegia.net

    eventually they send a TCP RST

  19. Martin

    Maybe check with jonas’

  20. moparisthebest

    here's your answer nuegia.net https://github.com/horazont/xmpp-blackbox-exporter/blob/master/internal/prober/dial.go#L218

  21. kwaku

    nice one!

  22. nuegia.net

    thanks

  23. moparisthebest

    https://observe.jabber.network/ & therefore https://connect.xmpp.net/ use it, maybe you signed up for ojn and forgot? or maybe someone just checked your domain idk

  24. nuegia.net

    I'm signed up for o.j.n I just thought sending stanzas from my server but originating not from one of my ip ranges was bizzare

  25. kwaku

    how do you all handle centralized logging?

  26. nuegia.net

    kwaku, who?

  27. kwaku

    anyone here

  28. nuegia.net

    rsyslog

  29. jonas’

    nuegia.net, the reason why @from="blackbox@nuegia.net" is set is that we need to set *some* @from attribute. The domainpart needs to match your domain (otherwise your server would reject the connection with "this server does not serve domain .."), but the localpart is mostly irrelevant until authentication.

  30. nuegia.net

    thankyou jonas’

  31. jonas’

    I could change it to something like "observe-jabber-network-c2s-probe@.." or so.

  32. nuegia.net

    that would be less scary to the uninformed operator

  33. nuegia.net

    but now that i know what it is i'm not worried

  34. MattJ

    jonas’, on c2s? Servers shouldn't require any 'from' there, especially prior to TLS (in fact clients are specifically told not to set a from until after TLS)

  35. MattJ

    Still, it's good to have identification of ojn connections

  36. jonas’

    MattJ, but after TLS you need to, don't you?

  37. MattJ

    Technically you should, but the vast majority of clients do not

  38. jonas’

    I see

  39. MattJ

    I'm trying to change that (SASL2/FAST requires @from after TLS)

  40. unix.dog

    is anyone else getting invalid-namespace errors with federation to nuegia.net

  41. kwaku

    is matrix.org bifrost officially dead?

  42. MSavoritias (fae,ve)

    last i know anything and everything is put on hold in element/matrix. except the element client development that is

  43. MSavoritias (fae,ve)

    so yeah probably

  44. kwaku

    something happened?

  45. moparisthebest

    Did you mean https://libera.chat/news/official-matrix-bridge-farewell ?

  46. MSavoritias (fae,ve)

    > something happened? https://matrix.org/blog/2022/12/25/the-matrix-holiday-update-2022/ layoffs happened here. https://element.io/blog/element-to-adopt-agplv3/ https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/ https://news.ycombinator.com/item?id=38471579

  47. MSavoritias (fae,ve)

    as a start ^

  48. MSavoritias (fae,ve)

    and yeah libera was collateral damage. not that it was working anyway imo

  49. kwaku

    thank you