spam stats

While following this threat on slasdot, I came across this site by a system admin who tracks where the spam he fights on a daily basis originates from. This is further proof to break the myth of spamming that “Most spam originates from outside the US”. From this site, we can see that ~35% of spam originates from the US. I am not sure how the author is getting the country of origin from the IP address. I work at an ISP and know that even though all the IP addresses belong (are allocated) to us, they are all allocated to our customers (located outside the US). And we don’t SWIP them as we are required to :). So if any of our customers send out spam, for the rest of the world, it would look as if though it is originating from the US. Wonder how much of the 35% is made up of such spammers.

Server Move

I wanted to install Gallery so that I can easily share some of the “art” that I shoot :). The server I was on did not have some settings (it has php – safe_mode on) that stopped me from installing Gallery. The good people at 3-95.com , where I host this site, offered to move me to a new server that would allow me to install Gallery. So here we are on a brand new server. I will be posting some new pictures soon.

Troubleshooting episode

I was helping a friend with some E-mail problems he was having. Here is the scenario. He is getting a “Cannot authenticate to server” when using his Outlook 2000 to get mail from his Cobalt Qube server. According to him..”Everything was working fine, but the computer crashed. So I had to rebuild the machine and now mail doesn’t work”. Pretty easy right.. So I troubleshoot it in the following way

1) Check account settings in Outlook and make sure that he has the correct “username”, “password” and “server” properties. Everything checks okay. But client still cannot authenticate to the server.

2) Alright.. Lets see if the service is running on the client. Since I didn’t have access to the server, I had to walk my friend through the process. Again, required daemons are running, but cannot authenticate.

3) Now.. I am getting all excited frustrated. I run nmap on the server remotely and see that SMTP is filtered.. Hmm.. Is that a problem.

4) Finally.. I give up and make my friend change the rules on this firewall so that I can log into the server remotely. First thing I do is check the logs (/var/log/maillog) and Bingo!!! I instantly see the error
Feb 9 21:00:10 www in.qpopper[2269]: Karen at 192.168.1.102 (192.168.1.102): -ERR [AUTH] Password supplied for “Karen” is incorrect.“. My friend was using “Karen” instead of “karen” as the username.

If only I had asked my friend to meticulously check his settings 🙂 in the first place.

Moral of the story: Unix usernames are case sensitive. And never believe the user when they say that all the settings are correct :).

MySQL – Setting up initial privileges

Ever install MySQL and wondered what to do next? Well, the first thing is to secure the root user (Note: The MySQL root user is different from the OS root user). These three simple steps should deal with it.

shell> mysql -u root mysql
mysql> SET PASSWORD FOR [email protected]=PASSWORD(‘new_password’);
mysql> FLUSH PRIVILEGES;

MySQL has really good documentation on their website. It is can be accessed here.

Dlink 614+ and Dynamic DNS

I purchased a server from Dell recently. Want to use it as a test server to play with at home. I have a small LAN at home setup using a Dlink 614+ router. I forwarded some services to the server, so that I can access it remotely. Since the IP address on my cable modem changes every so often, how do I access it remotely? Dynamic DNS from dyndns.org to the rescue :).

Register for an account over here.
Create a Dynamic DNS host on Dyndns.org
Log into the 614+ router
Go to Tools –> Misc.
Enable DDNS
Use members.dyndns.org as the server address
Enter the complete hostname (ex. Samurai.kicks-ass.net)
Enter the username and password that you have registered at dyndns.org
Click on “Apply” and you are all set.

Terminal prompt – L[U]nix

While browsing through the forums at ArsTechnica, I came across this posting. One of the poster had a pretty cool prompt on his terminal login screen. Here is the command he used to get that effect

export PS1=”\n\[\e[30;1m\][\[\e[35;1m\]0\[\e[30;1m\]] \[\e[0m\]\[\e[36m\]\h\[\e[37m\]:\[\e[34;1m\]\w\[\e[30;1m\]$ \[\e[0m\e7\e[1G\e[1H\e[1K\e[30;1m[\e[33m\j\e[30;1m] [\e[32;1m\!\e[30;1m] [\e[36m\u\e[30;1m] [\e[31;1m\d\e[30;1m] [\e[35m\@\e[30;1m] [\e[0m\e[36m`uname -sr`\e[30;1m]\e8\]”

Or if you are using Redhat, you can just edit the /etc/profile file and place the above command in it. So each time you log in to the system, you get this pretty cool prompt. I keep saying that it is cool :), but don’t give any explanation. I think a picture is due here…

Terminal Prompt

For the initiated..you can come up with your own neat tricks by reading this.

DDoS attacks :: Article

Came across this article on security-protocols.com in which the author discusses DDoS (Distributed Denial of Service). I was particularly interested since we have been experiencing such attacks on our network recently. Unlike DoS (Denial of Service) attacks where the source of attack can be easily identified and blocked, it is very difficult to identify the source of DDoS attacks. The only way we can stop the attack is by blocking all traffic to the destination of the attack. And this is exactly what the attacking party wants. I don’t see a solution to this in the near future. A good point that the author mentions is that all routers should have ingress and egress filtering configured properly. This in effect allows only authorized networks to originate and terminate at a router, thereby minimizing the ability of an attacker to use a spoofed IP address.

A bit of satellite technology

As mentioned here, I work in the satellite industry. I am pretty new to it and everyday is a learning experience. Today, I sat down with our in house satellite guru and found out how one calculates the bandwidth occupied by a carrier from the from the data rate on a satellite link. The formula is

BWAL = (Sr*1.4)

Where
BWAL = Bandwidth allocated for the satellite link in Khz.
Sr = Symbolrate of the link in Ksym/s (Kilo Symbols per second).

Sr in turn is calculated using the following formula

Sr = Dr*(1/MI)*(1/FEC)*(1/RS)

Where
Dr = Datarate in Kbps.
MI = Modulation Index (The values of MI for the different modulations are BPSK=1 | QPSK = 2 | 8PSK = 3 | 16PSK=4 | 16QAM = 4).
FEC = Forward Error Correction.
RS = Reed Solomon value. This can vary depending on what values are being used. Reed Solomon is an external codec as compared to Turbo which is a stand alone codec. If RS is not being used in the link, then a value of 1 is used.

Pretty confusing eh :). As if though this is not enough, there is another value called Information rate (Ir). And the formula for that is

Ir = Dr(1/RS)

Think that is enough satellite technology for one day :).

Link Speed – Maximum speed per session

I work at a teleport and most of our business is related to providing Internet service to ISPs in South Asia. One of the most frequent complaints that our help desk gets is “My link is slow, you guys are not providing us the complete speed”. Usually it is a case of the customer not understanding the finesse of TCP/IP. I came across this article by Adam Grow III. He uses the following formula to calculate the maximum possible speed per session on a link.

Throughput = 8*(TCPS/PropDelay)

Where
Throughput is measured in Kilobits per seconds (Kbps)
TCPS = Size of the TCP/IP stack in byte (Windows default is 8192)
PropDelay = propogation delay in seconds

Using the above formula, for a geostationary satellite (where the propogation delay is ~540ms), the throughput is ~120Kbps. So even if the client has a 1Mb link and he just has one session, he can only use a fraction of the link. Only multiple sessions can saturate the link.