When the going gets tough, the tough sniff packets.
Until last week I still ran Kubuntu 8.04 (Ubuntu with KDE) on my personal desktop. We also use this on all our corporate desktops, and my wife’s PC at home. I wanted to wait for KDE 4 to mature a bit more before upgrading, so intrepid wasn’t an option.
I waited 4 months after the release of jaunty, so the problems should be either documented or resolved, and the release notes didn’t mention anything that seemed too serious. So I decided to give it a test.
In the last 3 weeks our company mail servers have been slammed with a massive increase in spam relay attempts. Logs showed many failures like so.
Jul 12 14:15:26 mailserver.example.com postfix/smtpd[19885]: NOQUEUE: reject: RCPT from 206.12.0.10.in-addr.arpa[10.0.12.206]: 554 5.7.1 <symons@yahoo.co.uk>: Relay access denied; from=<yyjaqveh@lpsb.com> to=<symons@yahoo.co.uk> proto=ESMTP helo=<206.12.0.10.in-addr.arpa>
IP addresses have been obscured to protect the guilty (or ignorant, as this is certainly a botnet). Unfortunately, a large number of the IP addresses in question belonged to my own satellite customers. Mail servers for our other domains were almost entirely unaffected. Which tells me that some bastard has written a botnet spam client that looks up its own public IP, finds the reverse DNS entry, looks up the MX record of the corresponding domain, and then attempts to relay mail through that server. This is particularly mean, as it will encourage your own ISP to shut you down.
Tags: networking, security
After my recent adventure with reverse-path filtering, I didn’t expect to see it again so soon. And then I took another look at a long-standing annoyance in our OpenVPN network.
I set up OpenVPN so our offices and laptops could securely access internal resources. This lets me print documents directly to another office, for instance. Or access web-based applications that we don’t make available to the public. Or remotely SSH into a PC and fix a problem. Read the rest of this entry »
Tags: kernel, networking, openvpn
I recently created a very complex network using routers running Ubuntu Hardy. These routers were configured with the following features:
During debugging of this network, I encountered an odd scenario whereby traffic coming in from the external interface (eth0) could not reach the IP address of the secondary (inactive) router’s internal interface (eth1, VLAN tagged).
Tags: kernel, networking
I love SSHFS. I manage a lot of machines, and I very often want to do something like this:
diff root@server1:/etc/randomrcfile root@server2:/etc/randomrcfile
There are ways to do this with Kompare (a KDE diff app) and the fish:// Kioslave, but not on the command line. SSHFS makes it easy:
mkdir /tmp/server1 /tmp/server2
sshfs root@server1:/ /tmp/server1/
sshfs root@server2:/ /tmp/server2/
diff /tmp/server1/etc/randomrcfile /tmp/server2/etc/randomrcfile
I do this so often that I’ve written my own script to handle this for me, smount. Copy it somewhere in your path, remove the extension (or don’t, as you prefer), and optionally make a copy or symlink called “sumount”. Now you can rapidly mount and unmount multiple hosts.
The game of global whack-a-mole continues, and it does not favour those holding the mallets. tvrss.net, formerly my source for RSS feeds of torrents of my favourite TV shows, is likely down for good. You can search eztv.it for individual torrents directly, but why? showrss.karmorra.info is already up, and it’s even better than tvrss.net. Now I have one custom feed for all my shows, and it automatically filters out duplicates and resolutions I don’t want.
Tags: htpc
When I starting using WordPress on tolaris.com, I noticed an innocuous link in the admin interface entitled “Turbo”. This feature uses Google Gears to speed up working with the blog, and to work offline (!) by storing data (html, images, javascript) in my firefox profile and running javascript in the background. Unfortunately, Google doesn’t release Gears for 64-bit architectures.
Today I discovered that someone has patched Gears to work with Firefox 64-bit, and released a precompiled installer. Warning: after installation, when Firefox restarts, you will see a warning that the plugin could not be installed (‘”Google Gears” could not be installed because it is not compatible with your Firefox build type (Linux_x86_64-gcc3). Please contact the author of this item about the problem.’). However, it is installed and works just fine. Unfortunately this message is repeated each time Firefox restarts.
I can now browse my admin page with Firefox in offline mode. Sniffing proves that not a byte is passing. Now I can write blog posts on planes, without having to use an offline text editor.
Update 2009-05-29: My old colleague from my days at Greenpeace, Niels Peen, now provides the latest version (5.21.0) with proper build tagging. So you will no longer see the warning about Linux_x86_64-gcc3 being the wrong build type. Thanks, Niels!
Update 2009-07-24: 5.31.0 and 5.32.0 are now available here, also with build instructions so you can do it yourself!
We use Quintech SRR2150 L-band switches at our teleports. These are simple devices for switching L-band inputs and outputs. The most common application for one is to switch inputs to a spectrum analyser. This allows me to use one spectrum analyser to monitor several inputs (multiple antennas, multiple polarisations on the same antenna, etc).
Quintech’s switches are pretty basic. They have a front control panel, an interactive shell accessible by serial or telnet, and a custom communications protocol over 9100/TCP. Quintech provide a basic Windows management application, but it is either rudimentary (version 1.0) or totally broken (version 2.06). Why not control it from the command line? Thankfully Quintech have fully documented their management protocol, and implementing it in Perl was a few hours’ work back in 2007.
As I mentioned in my last post, I now have a Home Theater PC (HTPC). Want to look under the hood?
I recently bought a Shuttle X27D to use as a Home Theater PC (HTPC). The reviews of this hardware run from disappointing to average, but I’m reasonably happy with it. It’s quiet (just one small fan for the GPU, and none for CPU, case, or power supply), uses little power (I measured it at 32 W in full operation), and the analog audio jack on the motherboard has no discernable noise in the audio stream (unlike my Dell Vostro 1500 laptop).
Unfortunately, the Intel 945G graphics processor can’t reliably handle 720p @24 frames video. I tested with a downloaded copy of Sita Sings the Blues, and it dropped frames as the animated fireworks exploded during the title sequence. It was fine with most of the rest of the film. Still, it means I’m likely to stick to upscaled 480p video. Which is far better for my bandwidth usage.
Naturally, I ran into some problems setting it up.
All content © 2008- Tyler J. Wagner
Recent Comments