altivo

Severe thunderstorms coming in, to arrive in the next half hour according to NWS. Heavy rain, lightning, and winds gusting to 75 mph. Whee, here we go. Shutting everything down in a minute.

New server activated this morning, and working. The only problem I had was related to the previously mentioned rats' nest of cables and lack of a map. I had swapped two of them in the ad hoc map I drew up yesterday. Took a few minutes to figure it out, but got it resolved before the first laptop user arrived. They pounded on it all afternoon and no complaints were reported to me. Since the server/router is so overpowered for the job, I can run bamdwidth monitoring on it simulataneously with no trouble. Interesting to see how much garbage, probably inadvertent, these folks are generating. Tons of NETBIOS calls (broadcasts, connection requests) and even some IPX (Novell Netware stuff) were logged.Now that I know which ports are which, I can actually see and follow the laptop subnet activity on the switch's LED display, and see the packet activity that doesn't get past the router.

Elsewhere on the geek front, I'm letting the home Alpha run OpenVMS full time now. I don't need the Linux stuff on there at the moment, and I want to recover my VMS skills. One puzzle that has arisen involves dealing with a graphical display and a text-based operator console on the same monitor. Linux lets you use CTRL-ALT-Fkey combinations to switch back and forth. OpenVMS has to have a similar capability, but it appears not to be enabled by default so I have to hunt down the configuration trick. I note that when I shut down and the OPA0: screen appears, it has the text "CTRL/F2 To return to DECWindows" in the status line. However, CTRL-F2 does nothing when you are already in DECWindows. Further investigation needed, but I suspect it's some system logical that has to be set before booting the system.

Gaiman's Stardust has arrived in all three versions: the original graphic (sort of) novel, the text novel, and the audiobook. At a glance, the graphic edition (illustrations by Charles Vess) is actually just a heavily illustrated paperback version of the novel. The text seems to be identical to the 1999 hardcover.

OK, better shut everything down now.

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Most Popular Tags

apples - 16 uses
art - 47 uses
astronomy - 22 uses
baking - 36 uses
birds - 108 uses
books - 96 uses
cooking - 120 uses
dogs - 67 uses
dyeing - 18 uses
economics - 19 uses
fairs - 17 uses
farm - 330 uses
fiber - 11 uses
films - 32 uses
food - 62 uses
fursuiting - 59 uses
fursuits - 14 uses
garden - 13 uses
gardening - 86 uses
geekery - 314 uses
health - 26 uses
holidays - 101 uses
horses - 181 uses
knitting - 42 uses
meme - 228 uses
mff - 18 uses
modeling - 21 uses
movies - 18 uses
music - 65 uses
nablopomo - 29 uses
nanowrimo - 179 uses
pets - 97 uses
plush - 18 uses
podcasts - 12 uses
politics - 84 uses
quiz - 143 uses
railroads - 23 uses
rants - 65 uses
reading - 77 uses
sheep - 28 uses
snow - 12 uses
spinning - 190 uses
trains - 12 uses
vacation - 14 uses
weather - 794 uses
weaving - 186 uses
weekends - 12 uses
wildlife - 83 uses
work - 520 uses
writing - 180 uses

Flat | Top-Level Comments Only

From:

duskwuff.livejournal.com

NetBIOS/IPX: I blame Windows.

altivo.livejournal.com

Well, yeah, they're all running Windows. Most of them have no idea what's going on in the machine. It was set up for them by someone else.

hrrunka

My router blocks more inbound port 135 junk than anything else. Port 445 gets about half as much, and 137 and 139 get a little. Other favourites are 1433 and 1434, which are something to do with ms-sql. I have noticed a significant drop in recent months, though. These days my firewall typically logs a few hundred inbound events^*1 a day. A year ago it wasn't unusual to see a couple of thousand events a day.

^*1 where an event may involve multiple attempts at a port from an IP.

I still see several thousand a day here. I assume you're talking about incoming TCP and UDP to those ports off the open internet. I've always figured that all of those are scans or probes seeking to break into unprotected Windoze systems with open shares or other security flaws. Sometimes the level of probes into ports 135-139 reaches almost DDOS frequencies. Certainly it exceeds the logging rate of the firewall and not all are logged. I've noticed too that when the firewall blocks an IP address for repeated attempts on closed ports, the attacks just switch to another originating IP address and continue.

soanos.livejournal.com

Yes, Netbios/IPX... Some use it to make windows networking easier, because TCP/IP is so hard to configure... not. :D

Is it possible to use MAC address filtering? I mean, ban the offender's MAC address for a few hours.
And even if they change the MAC address, they would be banned again for a few hours.
Of course, you would have to unblock them after some time. :)

Let's hope the storm won't be too bad. ^^

MAC address would only work on a local network. You'd just end up blocking the upstream router. Since these attacks come from the open internet, the IP address and associated domain are all you have to go by.

Now if you're dealing with an inside job, such as you might expect in a dormitory LAN or something, yes, the MAC address could lead you right to the culprit... Except that most NICs today do let the software override the hardware address and supply a made up one, so a sharp hacker can even conceal that.

Now we are assuming someone actually is sthat clever.
It is _usually_ some script kiddies who like to play "Neo". :P

Wandering about distractedly

Spring indeed

Spring indeed

no subject

no subject

no subject

no subject

no subject

no subject

no subject

Profile

November 2024

Links

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags