![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
Internet access here at the haus was amazingly slow for the last couple of days, even after some warm reboots of the firewall/router, changing DNS entries, etc. I didn't spot anything on cox.net's network status about an outage, and was getting normal network speeds on the internal network. Traceroutes to multiple external sites weren't consistent as to where there might be an issue. I took my time troubleshooting because I didn't have a good reason to need full Internet speed and figured that cox.net would find the problem in a couple days if it was in their network.
I finally looked at my firewall/router logs when the problem didn't resolve by day three and found a bunch of malformed ICMP packets hitting my external IP address from multiple external sources. It looked like my router was under a light DDOS attack. Why? Hell if I know, I don't have anything running back here that might be of interest other than my file server, which stays powered off when no one's using a system on the network, like all the client systems. The router was saying that the packets might have been a JOLT attack. Reading further, I discovered that JOLT attacks target Windows boxes trying to lock 'em up, so someone may have thought I had a Windows box available at this IP address that they wanted to lock up for some reason. More likely it was some automated script kiddie activity. Again, wtf? Stupid script kiddies fishing for whatever joy they can, I guess. Maybe since my firewall/router didn't go down, their automated setup just kept at it, trying to knock it down before moving on. Would have been fun to tie up their resources further, but my wife and I gotta have our IntarWeb when we want it.
Simply turning off the target system usually resolves a JOLT attack according to the above site, so I cold restarted the firewall/router, effectively dropping the target completely off the Web for a couple minutes, and when the thing came back online, poof, Internet connectivity returned to normal speed. I'm not seeing malformed ICMP packets coming in like they were before, either.
My unknown assailant probably has chalked up another Windows box or router locked up and moved on. Whatever. Hope their system(s) overheat.
I finally looked at my firewall/router logs when the problem didn't resolve by day three and found a bunch of malformed ICMP packets hitting my external IP address from multiple external sources. It looked like my router was under a light DDOS attack. Why? Hell if I know, I don't have anything running back here that might be of interest other than my file server, which stays powered off when no one's using a system on the network, like all the client systems. The router was saying that the packets might have been a JOLT attack. Reading further, I discovered that JOLT attacks target Windows boxes trying to lock 'em up, so someone may have thought I had a Windows box available at this IP address that they wanted to lock up for some reason. More likely it was some automated script kiddie activity. Again, wtf? Stupid script kiddies fishing for whatever joy they can, I guess. Maybe since my firewall/router didn't go down, their automated setup just kept at it, trying to knock it down before moving on. Would have been fun to tie up their resources further, but my wife and I gotta have our IntarWeb when we want it.
Simply turning off the target system usually resolves a JOLT attack according to the above site, so I cold restarted the firewall/router, effectively dropping the target completely off the Web for a couple minutes, and when the thing came back online, poof, Internet connectivity returned to normal speed. I'm not seeing malformed ICMP packets coming in like they were before, either.
My unknown assailant probably has chalked up another Windows box or router locked up and moved on. Whatever. Hope their system(s) overheat.
I picked up a Promise NS4300N NAS yesterday and a couple of 500GB Seagate SATA drives. Thank you, Fry's, for being my most-of-the-time one-stop comp-mecca. The NAS setup was easy-peasy on the hardware side, but starting the thing up revealed my least favorite part of this device. The fan's noisy as fuck-all compared to all my other computer equipment. I will resolve this shortly in my own special way (most likely changing the fan and some sound damping in the case), and have kicked myself for not reading the box more closely before the purchase to note that the words "quiet" and "noise reduction" don't appear. I must have mixed this unit up with another one while I was researching online. The noise is the only thing about the hardware that I can give a negative to. The drive trays went on easily, the drives slide in and out of the unit smoothly with definite feedback when you've pushed them into the unit far enough, and I just had to plug in power and a network cable. Very nice.
Feeling smug after the hardware install went well, the initial software setup had the small hiccup of requiring a boot into Windoze to get the Windows-based configuration utility to find the NAS box so I could set a static IP address. After that very slight irritation, administration's all done by pointing a browser at the IP address. Could I have tried to get to the NAS through Linux by checking DHCP addresses off my firewall/router and pointing my browser at it? Yeah, but I wanted to play by the manufacturer's rules.
The web-based admin interface is fairly straightforward with some exceptions. I told the box to set up a RAID 1 (mirroring) between the two drives and it gave me access to the volume while it completed its mirroring online. Nice touch to allow access during the RAID initialization. Next, I started looking more closely at the shares and security. Shares are simple to build, you just create a directory, but instead of having the protocols and access rights administration for the shares on one page, they're on separate screens, so admins end up bouncing around a bit to get everything set up. Not a big deal, just a little odd. For each share, there's user and group access to set up, giving quite a bit of flexibility. Once the user name, password, and mappings are set up, the NS4300N seems to have robust Windows security support. The NS4300N's NFS configuration requires entering the IP address of any systems that are going to access NFS shares on the NAS. I didn't see a way to use a subnet for this, so a network configuration where DHCP is used for systems that are going to access the NS4300N through NFS are going to have a rough time. As far as I can tell, every potential IP address that might access the NAS has to be entered into the dialog one at a time, or they can't reach any NFS shares on the NS4300N. For my configuration this isn't a problem, since most of my *ix systems have static IP addresses already. I added the first few potential DHCP addresses to the list just to be on the safe side, though.
Group configuration is easy in the NS4300N. Groups are listed with a leading @ along with all the regular user names in the share user access control screen. This leaves the potential for setting a group's access to X while a specific user's access can be set to Y. Most likely the user rights will take precedence over the group rights, but this isn't clear, though I haven't dug deeply into the docs for the latest firmware release to see if it has the goods on that. I could test or dig more, but I must again say that I've succumbed to laziness. My setup's not going to use groups since I have a whole two regular users.
Some other small notes worth mentioning include gigabit ethernet, firmware upgrading is fairly simple (the unit shipped with the initial firmware instead of the 9/12/07 firmware), hot swappable drives, and RAID volumes are fully accessible while volumes are created or migrated from one RAID level to another.
That's about it. It's a simple setup, the unit has good functionality, there are some issues to overcome in the admin interface for larger installations, and it's a noisy little critter if that matters to you. Bada boom, I have a new file server in a very short time. I'd encourage anyone interested in the unit to head over to Promise's web site and download the latest manual for more details.
Feeling smug after the hardware install went well, the initial software setup had the small hiccup of requiring a boot into Windoze to get the Windows-based configuration utility to find the NAS box so I could set a static IP address. After that very slight irritation, administration's all done by pointing a browser at the IP address. Could I have tried to get to the NAS through Linux by checking DHCP addresses off my firewall/router and pointing my browser at it? Yeah, but I wanted to play by the manufacturer's rules.
The web-based admin interface is fairly straightforward with some exceptions. I told the box to set up a RAID 1 (mirroring) between the two drives and it gave me access to the volume while it completed its mirroring online. Nice touch to allow access during the RAID initialization. Next, I started looking more closely at the shares and security. Shares are simple to build, you just create a directory, but instead of having the protocols and access rights administration for the shares on one page, they're on separate screens, so admins end up bouncing around a bit to get everything set up. Not a big deal, just a little odd. For each share, there's user and group access to set up, giving quite a bit of flexibility. Once the user name, password, and mappings are set up, the NS4300N seems to have robust Windows security support. The NS4300N's NFS configuration requires entering the IP address of any systems that are going to access NFS shares on the NAS. I didn't see a way to use a subnet for this, so a network configuration where DHCP is used for systems that are going to access the NS4300N through NFS are going to have a rough time. As far as I can tell, every potential IP address that might access the NAS has to be entered into the dialog one at a time, or they can't reach any NFS shares on the NS4300N. For my configuration this isn't a problem, since most of my *ix systems have static IP addresses already. I added the first few potential DHCP addresses to the list just to be on the safe side, though.
Group configuration is easy in the NS4300N. Groups are listed with a leading @ along with all the regular user names in the share user access control screen. This leaves the potential for setting a group's access to X while a specific user's access can be set to Y. Most likely the user rights will take precedence over the group rights, but this isn't clear, though I haven't dug deeply into the docs for the latest firmware release to see if it has the goods on that. I could test or dig more, but I must again say that I've succumbed to laziness. My setup's not going to use groups since I have a whole two regular users.
Some other small notes worth mentioning include gigabit ethernet, firmware upgrading is fairly simple (the unit shipped with the initial firmware instead of the 9/12/07 firmware), hot swappable drives, and RAID volumes are fully accessible while volumes are created or migrated from one RAID level to another.
That's about it. It's a simple setup, the unit has good functionality, there are some issues to overcome in the admin interface for larger installations, and it's a noisy little critter if that matters to you. Bada boom, I have a new file server in a very short time. I'd encourage anyone interested in the unit to head over to Promise's web site and download the latest manual for more details.
I worked out something on Feisty Fawn that I should have thought of earlier.... When Firestarter, a nice, simple, graphical firewall for Linux, is in use, it tends to block some DHCP activity that is mighty helpful in connecting to a wireless network. So I allow DHCP traffic through Firestarter and the connection issues I'd had with initial connection to the haus network have gone from being somewhat minor to vanishing completely. Aw yeah.
I also decided that it would be fun to have the laptop on my desk next to my main system's screen. In preparation for this, I hunted around for something that would allow for seamless Windows/Unix remote control over TCP-IP. I'd seen such a critter a while ago, but couldn't remember what it was. Well, I settled on a free, difficult to configure, yet very nice when set up application called Synergy.
Synergy's free and Lifehacker has a short tutorial on it that helped me out. Ubuntu Feisty Fawn has two packages available: synergy, the base application, and quicksynergy, a GUI interface for the base synergy package. I pulled those down and installed them. quicksynergy is actually much easier to use than the Windows interface for Synergy, somewhat amusingly, but it's not as flexible as the Windows menus for more complex configurations.
I set up my Windows box as the server, and after a bit of juggling had the network traffic between the two systems flowing but locked down in both firewalls so that I can run the laptop as if it were another monitor attached to the right side of my Windows system. Now I can do away with having to use separate keyboard and mouse for the laptop, and if I want to, say, research on the laptop while composing in Windows, I can.
Ees nice.
I also decided that it would be fun to have the laptop on my desk next to my main system's screen. In preparation for this, I hunted around for something that would allow for seamless Windows/Unix remote control over TCP-IP. I'd seen such a critter a while ago, but couldn't remember what it was. Well, I settled on a free, difficult to configure, yet very nice when set up application called Synergy.
Synergy's free and Lifehacker has a short tutorial on it that helped me out. Ubuntu Feisty Fawn has two packages available: synergy, the base application, and quicksynergy, a GUI interface for the base synergy package. I pulled those down and installed them. quicksynergy is actually much easier to use than the Windows interface for Synergy, somewhat amusingly, but it's not as flexible as the Windows menus for more complex configurations.
I set up my Windows box as the server, and after a bit of juggling had the network traffic between the two systems flowing but locked down in both firewalls so that I can run the laptop as if it were another monitor attached to the right side of my Windows system. Now I can do away with having to use separate keyboard and mouse for the laptop, and if I want to, say, research on the laptop while composing in Windows, I can.
Ees nice.
I finally got wireless working under Dapper Drake and am posting this via wireless from El Laptop-o sans wired connectivity.
The solution? Well, several steps were involved. I don't have the links handy, but they went something like this:
1. Get a better supported wireless card. In my case the Linksys WPC54G v3 worked out much better than my 54GS did. Turns out that this new card has a Broadcom 43xx based chipset, which led me to the rest of the solution.
2. Remove standard Broadcom 43xx support from the Ubuntu kernel via rmmod.
3. Install bcm43xx-fwcutter and pull/install the firmware/driver from the Windows driver CD for the wireless adapter for it.
4. Install the gnome network manager and disable support for Ubuntu's default network manager.
5. Install wpasupplicant and disable it so the gnome network manager can still use its components.
6. Unplug the regular network cable, plug in the wireless card.
7. Restart Ubuntu.
8. Pick the local network from those available (looks like my neighbors have 2 other ones around that I didn't know about), set up the WPA Personal information and go web surfin'.
So the gnome network manager, wpasupplicant, and bcm43xx-fwcutter were the necessary pieces, and configuring 'em was key as well.
No, I'm sorry, I'm not going to try to track all this down and post where I got the pieces and the command line information. I'm going to do something besides Linux networking for a while :)
The solution? Well, several steps were involved. I don't have the links handy, but they went something like this:
1. Get a better supported wireless card. In my case the Linksys WPC54G v3 worked out much better than my 54GS did. Turns out that this new card has a Broadcom 43xx based chipset, which led me to the rest of the solution.
2. Remove standard Broadcom 43xx support from the Ubuntu kernel via rmmod.
3. Install bcm43xx-fwcutter and pull/install the firmware/driver from the Windows driver CD for the wireless adapter for it.
4. Install the gnome network manager and disable support for Ubuntu's default network manager.
5. Install wpasupplicant and disable it so the gnome network manager can still use its components.
6. Unplug the regular network cable, plug in the wireless card.
7. Restart Ubuntu.
8. Pick the local network from those available (looks like my neighbors have 2 other ones around that I didn't know about), set up the WPA Personal information and go web surfin'.
So the gnome network manager, wpasupplicant, and bcm43xx-fwcutter were the necessary pieces, and configuring 'em was key as well.
No, I'm sorry, I'm not going to try to track all this down and post where I got the pieces and the command line information. I'm going to do something besides Linux networking for a while :)
First the tech:
There's a TreePad Lite for Linux version. Shocking, I say, that I didn't look there sooner. So yeah, I guess I'm still fiddling with Ubuntu.
I've just upgraded my network to gigabit ethernet for the file server and my main system. Why? So the file access is faster for the OGG files on the file server. And to speed up the network in general, too. I have the cable modem hooked to a 10/100 firewall/router which is then connected to an 8-port gigabit switch. The various other pieces of the network now dangle off of that switch including my print server and the wireless router.
The toughest part in getting the gigabit stuff working was getting the new NIC (network interface card) working in the file server. The big problem was that the motherboard didn't seem to be correctly updating the type of card, so NAS-Lite 2 tried to load the wrong driver. I moved the NIC to a different slot and the motherboard said it had a CMOS checksum error, which was kind of nice because I was going to reset the CMOS to defaults anyway. To make a long story short (too late!), the NIC popped right up after that and I'm in business.
The results? So far music access seems almost as fast as it is with my USB 2 external hard drive, which means it's a mighty big speed increase in read rates. I'm stoked. NAS-Lite 2 gets yet another recommendation from me to any of you network nerds out there who need a quick, cheap file server. Printing is noticeably zippier, even though it's only a 100Mb connection, and it seems like the Internet access from my main system is a bit faster, too. The Internet connection's 10Mb at the cable modem, so maybe relieving some of the regular network traffic from my firewall/router has increased the amount of backplane bandwidth it has available for Internet packet routing.
My apologies to the non-technical in my audience. I'll make up for it now by bringin' on the English:
I finished up Bill Bryson's Made In America and absolutely loved it. The full title is "Made In America: an informal history of the English language in the United States" but should probably be something more like "Made In America: an informal history of the United States and its impact on the English language." It's much more about American history than about American English, yet Bryson intertwines the two so well, making this a trivia lover's dream. A not-so-quick excerpt:
... [T]wo other linguistic novelties of the early 1900s need mentioning. The first is the hot dog. Memorably defined by H. L. Mencken as "a cartridge filled with the sweepings of abattoirs," the hot dog had been part of the American scene since the early 1800s, but hod gone under the name frankfurter or wienerwurst (literally "Vienna sausage," and corrupted to wienie as early as 1867). The modern name didn't arise until a popular cartoonist named T. A. "Tad" Dorgan drew a picture of a dachshund in an elongated bun in the early 1900s and the term caught on in a big way. It was also helped by the fact that Hot dog! as a cry of delight or approbation was also sweeping the nation as a catchphrase.
Dorgan was responsible for a slew of catchphrases, among them cat's pajamas, yes man, skiddoo, you said it, drugstore cowboy, and yes, we have no bananas....
It's a fun read, intricately researched and formidably worded. Light American history buffs and English linguists should definitely have a read. My next Bryson book will be A Walk in the Woods.
But first, I've started reading a book containing the stories Frankenstein, Dracula, and Dr. Jekyll and Mr. Hyde. I know the near-mythological stories of these creatures, but haven't managed to read their literary births. I think I'm going to enjoy them all very much as long as I can keep from critiquing a 19-year-old Mary Shelley's writing instead of just enjoying her creation.
One trivia note that might interest some of you: Stephen King mentions in the book's forward that Robert Louis Stephenson wrote about Dr. Jekyll's predicament in only three days. The tale so horrified his wife that he destroyed it, then rewrote it in another three days in the form he presented to the world. Less than a week of work to create one of the West's most enduring archetypes... Not bad at all.
G'night!
There's a TreePad Lite for Linux version. Shocking, I say, that I didn't look there sooner. So yeah, I guess I'm still fiddling with Ubuntu.
I've just upgraded my network to gigabit ethernet for the file server and my main system. Why? So the file access is faster for the OGG files on the file server. And to speed up the network in general, too. I have the cable modem hooked to a 10/100 firewall/router which is then connected to an 8-port gigabit switch. The various other pieces of the network now dangle off of that switch including my print server and the wireless router.
The toughest part in getting the gigabit stuff working was getting the new NIC (network interface card) working in the file server. The big problem was that the motherboard didn't seem to be correctly updating the type of card, so NAS-Lite 2 tried to load the wrong driver. I moved the NIC to a different slot and the motherboard said it had a CMOS checksum error, which was kind of nice because I was going to reset the CMOS to defaults anyway. To make a long story short (too late!), the NIC popped right up after that and I'm in business.
The results? So far music access seems almost as fast as it is with my USB 2 external hard drive, which means it's a mighty big speed increase in read rates. I'm stoked. NAS-Lite 2 gets yet another recommendation from me to any of you network nerds out there who need a quick, cheap file server. Printing is noticeably zippier, even though it's only a 100Mb connection, and it seems like the Internet access from my main system is a bit faster, too. The Internet connection's 10Mb at the cable modem, so maybe relieving some of the regular network traffic from my firewall/router has increased the amount of backplane bandwidth it has available for Internet packet routing.
My apologies to the non-technical in my audience. I'll make up for it now by bringin' on the English:
I finished up Bill Bryson's Made In America and absolutely loved it. The full title is "Made In America: an informal history of the English language in the United States" but should probably be something more like "Made In America: an informal history of the United States and its impact on the English language." It's much more about American history than about American English, yet Bryson intertwines the two so well, making this a trivia lover's dream. A not-so-quick excerpt:
... [T]wo other linguistic novelties of the early 1900s need mentioning. The first is the hot dog. Memorably defined by H. L. Mencken as "a cartridge filled with the sweepings of abattoirs," the hot dog had been part of the American scene since the early 1800s, but hod gone under the name frankfurter or wienerwurst (literally "Vienna sausage," and corrupted to wienie as early as 1867). The modern name didn't arise until a popular cartoonist named T. A. "Tad" Dorgan drew a picture of a dachshund in an elongated bun in the early 1900s and the term caught on in a big way. It was also helped by the fact that Hot dog! as a cry of delight or approbation was also sweeping the nation as a catchphrase.
Dorgan was responsible for a slew of catchphrases, among them cat's pajamas, yes man, skiddoo, you said it, drugstore cowboy, and yes, we have no bananas....
It's a fun read, intricately researched and formidably worded. Light American history buffs and English linguists should definitely have a read. My next Bryson book will be A Walk in the Woods.
But first, I've started reading a book containing the stories Frankenstein, Dracula, and Dr. Jekyll and Mr. Hyde. I know the near-mythological stories of these creatures, but haven't managed to read their literary births. I think I'm going to enjoy them all very much as long as I can keep from critiquing a 19-year-old Mary Shelley's writing instead of just enjoying her creation.
One trivia note that might interest some of you: Stephen King mentions in the book's forward that Robert Louis Stephenson wrote about Dr. Jekyll's predicament in only three days. The tale so horrified his wife that he destroyed it, then rewrote it in another three days in the form he presented to the world. Less than a week of work to create one of the West's most enduring archetypes... Not bad at all.
G'night!
- Mood:
impressed - Music:Helloween - Eagle Fly Free
Syndicate
