Robert's blog

It’s time to shut down for 24 hours…

The time has come to install 3rd party fonts to a linux laptop. It was not easy to find out how to do this. Although the process itself is simple:

# defoma-hints --no-question {type} /usr/share/fonts/{type}/{dir}/{files} >/etc/defoma/hints/{name}.hints
# defoma-font register-all /etc/defoma/hints/{name}.hints
# dpkg-reconfigure fontconfig


I’m expecting the brand new .vanyi.org server to be set up within one or two weeks, and after that I can start migrating my stuff. Until then I’m just fowarding my email to the Mora dormitory, where I still have my email address. However, today an issue came up:

# echo helo |netcat orion.fwall.u-szeged.hu 25
421 orion.fwall.u-szeged.hu: Too many concurrent SMTP connections; please try again later

The MX for Mora is orion and eos. Both were full. I’ve checked the postfix incoming graph with munin on the dormitory server, and it was clear that only the half of the usual email traffic came through. My test email did not. So, I’ve quickly changed the forwarding to gmail. I hope no important email has been lost in the last 24 hours.

Today I’ve upgraded drupal from 4.7.2 to 5.0. New version, new theme… new new…

Remember my last post? 🙂 Now, check this out:


weasel:~# cat /etc/debian_version
testing/unstable
weasel:~# uname -a
Linux weasel 2.6.17 #2 Wed Nov 1 17:33:07 CET 2006 mips GNU/Linux
weasel:~# cat /proc/cpuinfo
system type : Broadcom BCM47xx
processor : 0
cpu model : Broadcom BCM3302 V0.6
BogoMIPS : 261.63


Thanks to a documentation and some downloads I’ve found here, I have now a debian etch running on my ASUS wireless router. The guy exactly did what I wanted to. I already had debootstrap on my laptop, and OpenWRT dev kit. But he saved me some hard work. I should thank him 🙂 Although I needed to tweak a little bit, but now it works!!! I can now sleep better 😀

Long time, no blog. 🙂

We moved to another flat, w/o internet. Fortunately, within one month we could arrange one. It’s not that good as previously, but it works. I have also bought a wireles router. Not the ASUS WL-500g Deluxe, because I could not find one, but an ASUS WL-500g Premium thanks to one of my colleagues. It’s even better then the one I wanted. 32M RAM, 2x USB 2.0, supported by OpenWRT… yum! I have already an OpenWRT running on it:

.

Of course I’m already planning to replace OpenWRT with Debian mipsel. Crazy me, huh?

The results of my previous action were imminent. However, there was another issue. Check this:

There was an infected machine making connections with a lot of hosts in the university network over port 139. The soulution? Restrict the port in the firewall. 🙂

By the way, I was very busy with moving to another flat and after that we travelled to Erlangen, where I planned to (re)start writing my thesis. Thus I had no time for blogging.

http://www.ibiblio.org/Dave/Dr-Fun/df200601/df20060123.jpg

Since I had some spare time, I checked the Mora dormitory network again, and I’ve found this:

Some remarks:

• There is one or more infected machines on the network: see the high amount of SYN_SENT connections. I suppose it was a single machine being turned off between 23:00 and 7:30.
• Another suspicious thing: the high amount of TIME_WAIT connections. The timeout is 120 secs, that is the average 714 means almost 6 connections are closed each second. Given that it is now summer and only a few machines are in the dormitory, this is an obvious irregularity (nice expression 😉
• The number of ESTABLISHED connections is also high.

My conclusions: there is an infected machine, and there is a large amount of file sharing there. You don’t have to be Sherlock Holmes to find it out in a dormitory. I also think some applications just drop the connection, since the number of the ESTABLISHED entries does not correspond to the active connections shown for example by iptraf. Grrr…

So I decreased the timeout for SYN_SENT (from 120s to 60s), TIME_WAIT (also 120s to 60s) and ESTABLISHED (from 432000s/5days to 43200/12hrs).

By the way, I already have found ideas, how to tweak the router settings such that the network won’t be flooded (up to unsuability):

• The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads
• Netfilter extensions: iplimit patch

By the way, perhaps I should test Zabbix to replace Munin. There are debian packages of it. Althouh only the MySQL backend, and not the PostgreSQL. Why??? That was one (the) blocker for me to try Cacti, but fortunately Zabbix can use PostgreSQL as well.