Updated: 2014-04-03 03:07 EDT

1 Readings, Assignments, Labs, and ToDoIndexup to index

1.1 Assignments this weekIndexup to index

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant.

1.2 Lab work this weekIndexup to index

The worksheets are available in four formats: Open Office, PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing online.

1.3 Errors in submitted assignment01.txtIndexup to index

As of 9am today (Wednesday January 15), four students who have not Read All The Words in Assignment 1 will not be getting their marks:

Bad file name: linux lab.txt 
Bad file name: assignment01.txt.txt 
Bad file name: CST8207Assignment01xxxxxxxxxxxx.txt 
Bad file name: Problems with Multitasking.txt 

Go to your assignment upload area and check your file name!

3 From the Classroom Whiteboard/ChalkboardIndexup to index

3.1 Midterm Test Date Survey (not binding)Indexup to index

3.2 Getting locked out of the serverIndexup to index

Failed password for invalid user
Failed password for invalid user x
Failed password for invalid user cst
Failed password for invalid user user
Failed password for invalid user txxxxx
Failed password for invalid user xxx0000
Failed password for invalid user kxxxx000
Failed password for invalid user AXXX0000
Failed password for invalid user B0000000
Failed password for invalid user xxxxx0000
Failed password for invalid user xxxx0000@algonquincollege.com
Failed password for invalid user ssh xxxx0000@cst8207.idallen.ca

Your IP address is locked out of the CLS if the connection to the CLS fails before even asking for your login or password. To have the IP address unblocked, contact your instructor.

4 Real Sysadmin WorkIndexup to index

People in China and California try to log in as root on the CLS:

Sep  9 22:58:31 Failed password for root from 117.79.148.54 port 43791 ssh2
Sep 10 13:30:16 refused connect from 117.79.148.54  117.79.148.54)

$ whois 117.79.148.54
descr:          Beijing Sanxin Shidai Co.Ltd
descr:          1513 Xinjishu building Beijing link west road
descr:          Haidian District, Beijing, PRC
country:        CN

Sep 10 01:37:34 Failed password for root from 198.13.117.194 port 46897 ssh2
Sep 10 01:37:35 refused connect from 198.13.117.194 (198.13.117.194)

$ whois 198.13.117.194
OrgName:        Psychz Networks
OrgId:          PS-184
Address:        20687-2 Amar Road #312
City:           Walnut
StateProv:      CA

Sep 11 04:56:15 Failed password for root from 59.55.141.104 port 2396 ssh2
Sep 11 04:56:26 Failed password for root from 59.55.141.104 port 2766 ssh2
Sep 11 04:56:33 refused connect from 59.55.141.104 (59.55.141.104)

$ whois 59.55.141.104
descr:          CHINANET Jiangxi province network
descr:          China Telecom
descr:          No.31,jingrong street
descr:          Beijing 100032
country:        CN

Someone in Ohio tries probing account names:

Sep 10 10:05:17 Invalid user aditza from 66.84.25.6
Sep 10 10:05:18 Failed password for invalid user aditza from 66.84.25.66 port 55317 ssh2
Sep 10 10:05:19 Invalid user admin1 from 66.84.25.6
Sep 10 10:05:21 Failed password for invalid user admin1 from 66.84.25.66 port 56315 ssh2
Sep 10 10:05:22 Invalid user admin from 66.84.25.66
Sep 10 10:05:24 Failed password for invalid user admin from 66.84.25.66 port 57605 ssh2
Sep 10 10:05:25 Invalid user admin from 66.84.25.66
Sep 10 10:05:27 Failed password for invalid user admin from 66.84.25.66 port 58969 ssh2
Sep 10 10:05:27 Invalid user ale from 66.84.25.66
Sep 10 10:05:30 Failed password for invalid user ale from 66.84.25.66 port 59986 ssh2
Sep 10 10:05:30 Invalid user alex from 66.84.25.66
Sep 10 10:05:33 Failed password for invalid user alex from 66.84.25.66 port 33066 ssh2
Sep 10 10:05:33 Invalid user alex from 66.84.25.66
Sep 10 10:05:35 Failed password for invalid user alex from 66.84.25.66 port 34321 ssh2
Sep 10 10:05:36 Invalid user Alin from 66.84.25.66
Sep 10 10:05:37 Failed password for invalid user Alin from 66.84.25.66 port 35553 ssh2
Sep 10 10:05:38 refused connect from s66.n25.n84.n66.static.myhostcenter.com (66.84.25.66)

$ whois 66.84.25.6
OrgName:        Jumpline Inc
Address:        5000 ARLINGTON CENTRE BLVD 
City:           Upper Arlington
StateProv:      OH

Attackers in China probe account names:

Sep 10 15:57:21 Failed password for root from 221.6.96.177 port 56455 ssh2
Sep 10 15:57:26 Failed password for root from 221.6.96.177 port 57756 ssh2
Sep 10 15:57:31 Failed password for root from 221.6.96.177 port 59015 ssh2
Sep 10 15:57:35 Failed password for invalid user db2inst1 from 221.6.96.177 port 60362 ssh2
Sep 10 15:57:39 Failed password for root from 221.6.96.177 port 33334 ssh2
Sep 10 15:57:44 Failed password for invalid user prueba from 221.6.96.177 port 34543 ssh2
Sep 10 15:57:48 Failed password for bin from 221.6.96.177 port 35865 ssh2
Sep 10 15:57:49 refused connect from ns3.itgle.com (221.6.96.177)

$ whois 221.6.96.177
address:        No. 65 Beijing West Road,Nanjing,China

Sep 11 02:26:39 Failed password for root from 202.104.147.26 port 28629 ssh2
Sep 11 02:27:02 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:05 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:07 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:24 Failed password for root from 202.104.147.26 port 22920 ssh2
Sep 11 02:27:36 refused connect from 202.104.147.26 (202.104.147.26)
Sep 11 02:27:47 refused connect from 202.104.147.26 (202.104.147.26)
Sep 11 02:27:59 refused connect from 202.104.147.26 (202.104.147.26)

$ whois 202.104.147.26
person:         LI XINKAIG
address:        F9,HONGBO MANSION,HONGHUYI STREET,SHENZHEN
country:        CN

Someone in California probes account names:

Sep 10 23:57:41 Failed password for root from 216.99.159.114 port 53777 ssh2
Sep 10 23:57:44 Failed password for invalid user app from 216.99.159.114 port 54881 ssh2
Sep 10 23:57:46 Failed password for invalid user avouni from 216.99.159.114 port 55935 ssh2
Sep 10 23:57:49 Failed password for invalid user berila from 216.99.159.114 port 56930 ssh2
Sep 10 23:57:52 Failed password for bin from 216.99.159.114 port 58210 ssh2
Sep 10 23:57:55 Failed password for bin from 216.99.159.114 port 59461 ssh2
Sep 10 23:57:58 Failed password for bin from 216.99.159.114 port 60597 ssh2
Sep 10 23:58:02 Failed password for bin from 216.99.159.114 port 61815 ssh2
Sep 10 23:58:05 Failed password for bin from 216.99.159.114 port 63057 ssh2
Sep 10 23:58:07 Failed password for bin from 216.99.159.114 port 64347 ssh2
Sep 10 23:58:11 Failed password for bin from 216.99.159.114 port 40226 ssh2
Sep 10 23:58:11 refused connect from 216.99.159.114 (216.99.159.114)

$ whois 216.99.159.114
OrgName:        Psychz Networks
Address:        20687-2 Amar Road #312
City:           Walnut
StateProv:      CA

Some crackers in Columbia and Hong Kong try to fetch account files from my machine using long strings of parent directories (..) in Web URLs:

2013-04-28_03:08:36 190.90.185.241 "GET /help/index.php?screen=../../../../../../../../etc/voipnow/voipnow.conf HTTP/1.1" 404 243 "-" "HTTP_Request2/2.1.1 (http://pear.php.net/package/http_request2) PHP/5.1.6" 332 451 "/var/www/html/help"
2013-02-18_20:46:30 223.255.179.115 "GET /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 200 541 "-" "curl/7.19.4 (i386-redhat-linux-gnu) libcurl/7.19.4 NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18" 385 826 "/var/www/html/index.html"

$ whois 192.168.9.250
owner:       Flywan S.A.
address:     000 - Medellin - CO
country:     CO

$ whois 223.255.179.115
descr:          Wharf T&T Limited
descr:          Kwun Tong, Kowloon
country:        HK

 Take Notes in Class

Author: 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format

Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen