Syndicate content

Attacks by ZmEu or w00tw00t robots

Who is ZmEu?

An image showing ZmeuThe name Zmeu (no capital E) is the name of a fantastic creature of Romania. There are so many stories that there isn't a clear understanding of what it is... but it is human like, can spit fire and wants to marry young women.

If you're wondering, it is generally a bad guy.

ZmEu Attack

Today, I noticed a lot of traffic on one of my servers. Looking into what was happening, I immediately found out that an attacker was looking for a loophole in that system. That attack was being performed from China.

What is the 255 in "iptables -A INPUT -p icmp --icmp-type 255 -j ACCEPT"?

The following command adds a rule to your iptable firewall:

iptables -A INPUT -p icmp --icmp-type 255 -j ACCEPT

As we can see, the rule accepts protocol ICMP and uses ICMP type 255. Only, if you look for a list of valid ICMP types, 255 is not included.

The fact is that this rule actually says: accept any ICMP type. If you changed the ACCEPT with DROP, it would refuse all ICMP packets. In most cases, it is safe to accept ICMP packets since they do not divulge more information than necessary.

Note that in your firewall script, you may use "any" instead of 255. That will make it ...

crontab -e — change default editor, selected wrong editor

In Ubuntu 16.04, I wanted to add a user cron file with crontab -e, which has a new behavior: the very first time, it asks you what editor you want to use (i.e. nano, vim, ...)

If you choose the wrong one, then next time it does not ask you, it remembers your choice forever, so you'll be stuck.

The nano editor is okay, but difficult to work with if you're used to something like vim.

The data actually gets saved in a hidden file of your home directory named .selected_editor.

# Generated by /usr/bin/select-editor
SELECTED_EDITOR="/usr/bin/vim"

Mine was set to ...

SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET and ssl3_get_message:unexpected message

Today we had a problem with a combo of website that we never tried to run together.

Looking into it, it was definitely a problem with SSL. However, Apache2 would tell us absolutely nothing about it. No error or access logs. I think this is because it would happen at the time Apache and the client negotiate the SSL connection and Apache does not report such problems (at least by default, it might in case you turn on some debug mode?)

We had two different settings for two websites using the snakeoil certificate (As we test on VM machines, we use the snakeoil certificate as an easy way to check ...

Error trying to upgrade software on an Ubuntu system

Today I got a really strange error. Part of the message was:

E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/<some name>
E: The package lists or status file could not be parsed or opened.

That seemed really bizarre. I had never seen such an error before...

So I searched for it and one thing to know is that the files under that directory are temporary, so you can actually delete them. apt-get knows how to regenerate them.

So in other words you can do something like this:

sudo rm /var/lib/apt/lists/<some file>
# or ...

Cassandra node says it owns 0%??

Today I ran in a little bit of a problem with an new Cassandra node installation.

After the node was created, I ran nodetool and got this:

 $ bin/nodetool status
Datacenter: dc1
===============
Status=Up/Down
|/ State=Normal/Leaving/Joining/Moving
--  Address    Load       Tokens       Owns (effective)  Host ID   Rack
UN  127.0.0.1  219.83 KiB 256          0.0%              73bd8721  rack1

It took me a little while to find out that the problem was the IP address. Although it clearly says 127.0.0.1 here, the cassandra.yaml configuration file had localhost.

I edited the ...

Ever wondered how to verify the remote host fingerprint on SSH connect?

WARNING: This is actually wrong. The -F is a SEARCH feature. Not a way to recalculate the value on your own system. So you can verify that the value is the same in your database, but SSH already does that and shows you that terrible warning... so in effect it is the exact same command.

Whenever you connect to a computer with SSH, it gives you a fingerprint of the host.

Ever wondered how to check whether that fingerprint is a match? Yeah... I figured, 99% of us don't even know how to make sure that it is indeed a match.

There is the command line to generate that fingerprint:

    ...

Unable to complete the operation against any hosts — from Cassandra

Today I was testing a new intsallation that I prepared in the last month or so and once I hit Cassandra, I got this strange message:

   NoHostAvailable: ('Unable to complete the operation against any hosts',
   {<Host: 192.168.2.92 dc1>: Unavailable('Error from server: code=1000
   [Unavailable exception] message="Cannot achieve consistency level ONE"
   info={\'required_replicas\': 1, \'alive_replicas\': 0, \'consistency\': \'ONE\'}',)})

I looked for a solution with Google but was not really able to find anything that ...

Add a cache to upgrade your LAN servers faster

Since I have several computers running Ubuntu, I like to have them up to date, but it always takes a bit of time to download the new packages. I think those should be downloaded only once and then shared between all my computers (I also run VPS which can benefit from this sharing.)

So, I decided to finally look into it and the simplest was to install apt-cacher-ng on my main server:

sudo apt-get apt-cacher-ng

That's it for the main server (from what I've read, at least, although I am thinking that maybe we need to tell apt-get to check that cache first even on the main system?)

...

Why are my Ubuntu/Debian computer upgrades so slow?

I get a set of upgrades, about once a day these days (the Ubuntu and other Open Source developers are keeping way too busy!)

Because of that, I run the software updater. That takes time, generally. But why is that?

After various upgrades from one OS version to another, possibly from the start, I dunno exactly when it broke, but the autoremove feature stopped uninstalling the old kernels.

In itself, it is not so bad, you just get additional kernels under /boot. It can be come a problem if you have a small /boot partition, but otherwise, it is not a big problem in itself.

Until you upgrade!

Syndicate content

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • download
  • factorial
  • g++
    C++ compiler from the GNU compiler suite. Compliant as much as possible to the C++ standard. Includes support of a complete standard library (STL).
  • insert
  • OCX