Updated: 2013-10-07 00:38 EDT

1 Readings, Assignments, Labs, and ToDo

1.1 Assignments this week

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant.

1.2 Lab work this week

1.3 Errors in submitted assignment01.txt

As of noon today (Sunday September 15), 11 students have not Read All The Words in Assignment 1 and will not be getting marks tomorrow:

Bad file name: part 2.txt
Bad file name: assignment 01.txt
Bad file name: CST8207 Assignment 01 Xxxxxxx.txt
Bad file name: Assignment01.txt
Bad file name: assignment01XxxxxXxxxxxxx.txt
Assignment uploaded without file attachment
Bad file name: assignment01.txt.txt
Text found in Blackboard comments box (ignored)
Bad file name: assignment 01.txt
Bad file name: assignment01.txt.txt
Bad file name: Assignment01.txt

Go to your assignment upload area and check your file name!

3 From the Classroom Whiteboard/Chalkboard

3.1 Midterm Test Date Survey (not binding)

3.2 Getting locked out of the server

Sep  8 17:28:33 Failed password for XXXXXXXX from 173.33.93.53 port 59990 ssh2
Sep  8 17:29:07 Failed password for XXXXXXXX from 173.33.93.53 port 59990 ssh2
Sep  8 17:34:17 Failed password for XXXXXXXX from 173.33.93.53 port 60044 ssh2
Sep  8 17:34:57 Failed password for XXXXXXXX from 173.33.93.53 port 60044 ssh2
Sep  8 21:20:55 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:21:06 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:21:28 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:21:55 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:22:05 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:22:11 Failed password for XXXXXXXX from 173.33.93.53 port 61939 ssh2
Sep  8 21:22:46 Failed password for XXXXXXXX from 173.33.93.53 port 61948 ssh2
Sep  8 21:23:04 Failed password for XXXXXXXX from 173.33.93.53 port 61948 ssh2
Sep  8 21:23:09 Failed password for XXXXXXXX from 173.33.93.53 port 61948 ssh2
Sep  8 21:23:12 Connection closed by 173.33.93.53 [preauth]
Sep  8 21:25:26 refused connect from cpe185933464b36-cm185933464b33.cpe.net.cable.rogers.com (173.33.93.53)
Sep  8 21:25:52 refused connect from cpe185933464b36-cm185933464b33.cpe.net.cable.rogers.com (173.33.93.53)
Sep  8 21:26:19 refused connect from cpe185933464b36-cm185933464b33.cpe.net.cable.rogers.com (173.33.93.53)
Sep  8 21:32:46 refused connect from cpe185933464b36-cm185933464b33.cpe.net.cable.rogers.com (173.33.93.53)

4 Real Sysadmin Work

People in China, California try to log in as root on the CLS:

Sep  9 22:58:31 Failed password for root from 117.79.148.54 port 43791 ssh2
Sep 10 13:30:16 refused connect from 117.79.148.54  117.79.148.54)

$ whois 117.79.148.54
descr:          Beijing Sanxin Shidai Co.Ltd
descr:          1513 Xinjishu building Beijing link west road
descr:          Haidian District, Beijing, PRC
country:        CN

Sep 10 01:37:34 Failed password for root from 198.13.117.194 port 46897 ssh2
Sep 10 01:37:35 refused connect from 198.13.117.194 (198.13.117.194)

$ whois 198.13.117.194
OrgName:        Psychz Networks
OrgId:          PS-184
Address:        20687-2 Amar Road #312
City:           Walnut
StateProv:      CA

Sep 11 04:56:15 Failed password for root from 59.55.141.104 port 2396 ssh2
Sep 11 04:56:26 Failed password for root from 59.55.141.104 port 2766 ssh2
Sep 11 04:56:33 refused connect from 59.55.141.104 (59.55.141.104)

$ whois 59.55.141.104
descr:          CHINANET Jiangxi province network
descr:          China Telecom
descr:          No.31,jingrong street
descr:          Beijing 100032
country:        CN

Someone in Ohio tries probing account names:

Sep 10 10:05:17 Invalid user aditza from 66.84.25.6
Sep 10 10:05:18 Failed password for invalid user aditza from 66.84.25.66 port 55317 ssh2
Sep 10 10:05:19 Invalid user admin1 from 66.84.25.6
Sep 10 10:05:21 Failed password for invalid user admin1 from 66.84.25.66 port 56315 ssh2
Sep 10 10:05:22 Invalid user admin from 66.84.25.66
Sep 10 10:05:24 Failed password for invalid user admin from 66.84.25.66 port 57605 ssh2
Sep 10 10:05:25 Invalid user admin from 66.84.25.66
Sep 10 10:05:27 Failed password for invalid user admin from 66.84.25.66 port 58969 ssh2
Sep 10 10:05:27 Invalid user ale from 66.84.25.66
Sep 10 10:05:30 Failed password for invalid user ale from 66.84.25.66 port 59986 ssh2
Sep 10 10:05:30 Invalid user alex from 66.84.25.66
Sep 10 10:05:33 Failed password for invalid user alex from 66.84.25.66 port 33066 ssh2
Sep 10 10:05:33 Invalid user alex from 66.84.25.66
Sep 10 10:05:35 Failed password for invalid user alex from 66.84.25.66 port 34321 ssh2
Sep 10 10:05:36 Invalid user Alin from 66.84.25.66
Sep 10 10:05:37 Failed password for invalid user Alin from 66.84.25.66 port 35553 ssh2
Sep 10 10:05:38 refused connect from s66.n25.n84.n66.static.myhostcenter.com (66.84.25.66)

$ whois 66.84.25.6
OrgName:        Jumpline Inc
Address:        5000 ARLINGTON CENTRE BLVD 
City:           Upper Arlington
StateProv:      OH

Attackers in China probe account names:

Sep 10 15:57:21 Failed password for root from 221.6.96.177 port 56455 ssh2
Sep 10 15:57:26 Failed password for root from 221.6.96.177 port 57756 ssh2
Sep 10 15:57:31 Failed password for root from 221.6.96.177 port 59015 ssh2
Sep 10 15:57:35 Failed password for invalid user db2inst1 from 221.6.96.177 port 60362 ssh2
Sep 10 15:57:39 Failed password for root from 221.6.96.177 port 33334 ssh2
Sep 10 15:57:44 Failed password for invalid user prueba from 221.6.96.177 port 34543 ssh2
Sep 10 15:57:48 Failed password for bin from 221.6.96.177 port 35865 ssh2
Sep 10 15:57:49 refused connect from ns3.itgle.com (221.6.96.177)

$ whois 221.6.96.177
address:        No. 65 Beijing West Road,Nanjing,China

Sep 11 02:26:39 Failed password for root from 202.104.147.26 port 28629 ssh2
Sep 11 02:27:02 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:05 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:07 Failed password for root from 202.104.147.26 port 21095 ssh2
Sep 11 02:27:24 Failed password for root from 202.104.147.26 port 22920 ssh2
Sep 11 02:27:36 refused connect from 202.104.147.26 (202.104.147.26)
Sep 11 02:27:47 refused connect from 202.104.147.26 (202.104.147.26)
Sep 11 02:27:59 refused connect from 202.104.147.26 (202.104.147.26)

$ whois 202.104.147.26
person:         LI XINKAIG
address:        F9,HONGBO MANSION,HONGHUYI STREET,SHENZHEN
country:        CN

Someone in California probes account names:

Sep 10 23:57:41 Failed password for root from 216.99.159.114 port 53777 ssh2
Sep 10 23:57:44 Failed password for invalid user app from 216.99.159.114 port 54881 ssh2
Sep 10 23:57:46 Failed password for invalid user avouni from 216.99.159.114 port 55935 ssh2
Sep 10 23:57:49 Failed password for invalid user berila from 216.99.159.114 port 56930 ssh2
Sep 10 23:57:52 Failed password for bin from 216.99.159.114 port 58210 ssh2
Sep 10 23:57:55 Failed password for bin from 216.99.159.114 port 59461 ssh2
Sep 10 23:57:58 Failed password for bin from 216.99.159.114 port 60597 ssh2
Sep 10 23:58:02 Failed password for bin from 216.99.159.114 port 61815 ssh2
Sep 10 23:58:05 Failed password for bin from 216.99.159.114 port 63057 ssh2
Sep 10 23:58:07 Failed password for bin from 216.99.159.114 port 64347 ssh2
Sep 10 23:58:11 Failed password for bin from 216.99.159.114 port 40226 ssh2
Sep 10 23:58:11 refused connect from 216.99.159.114 (216.99.159.114)

$ whois 216.99.159.114
OrgName:        Psychz Networks
Address:        20687-2 Amar Road #312
City:           Walnut
StateProv:      CA

Some crackers in Columbia and Hong Kong try to fetch account files from my machine using long strings of parent directories (..) in Web URLs:

2013-04-28_03:08:36 190.90.185.241 "GET /help/index.php?screen=../../../../../../../../etc/voipnow/voipnow.conf HTTP/1.1" 404 243 "-" "HTTP_Request2/2.1.1 (http://pear.php.net/package/http_request2) PHP/5.1.6" 332 451 "/var/www/html/help"
2013-02-18_20:46:30 223.255.179.115 "GET /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 200 541 "-" "curl/7.19.4 (i386-redhat-linux-gnu) libcurl/7.19.4 NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18" 385 826 "/var/www/html/index.html"

$ whois 192.168.9.250
owner:       Flywan S.A.
address:     000 - Medellin - CO
country:     CO

$ whois 223.255.179.115
descr:          Wharf T&T Limited
descr:          Kwun Tong, Kowloon
country:        HK

 Take Notes in Class

Author: 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format


Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen