Updated: 2014-02-01 03:45 EST

1 Readings, Assignments, Labs, and ToDo

1.1 Midterm Test #1

1.2 Quizzes: Midterm #1 Quiz

This is one of several quizzes in this course. Each midterm and final exam will have an associated quiz. See the course outline for the mark weight of all course quizzes, midterm tests, and exams.

The quizzes are open-book, but the midterm tests and final exam are closed-book.

This quiz is based on the 302 practice Midterm Test #1 questions that are posted in the Class Notes. The quiz is 10 questions long and you see the answers right after you submit the quiz. You can take the quiz as many times as you like. Every time you take the quiz, you get a different random set of ten questions. This quiz closes just before the Final Exam in this course; after the Final Exam begins you will not be able to submit any more quiz attempts.

Your mark for this quiz is the average of your five best quiz scores. Examples:

Your score will be taken from the five best scores. The more times you do the quiz, the more likely you are to have a set of excellent best scores. You must have five perfect quiz scores to get a perfect averaged quiz mark. Missing quizzes (fewer than five) count as zeroes. Only the five best scores are averaged.

This quiz closes just before the Final Exam in this course; after the Final Exam begins you will not be able to submit any more quiz attempts.

See the “Quizzes” section in the Blackboard left side-bar for CST8207.

Note: Blackboard averages the marks of all your quiz attempts. Your quiz mark is actually the average of your five best attempts, not all the attempts.

1.3 Assignments this week

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant.

1.4 Lab work this week

3 From the Classroom Whiteboard/Chalkboard

4 Real Sysadmin Work

Here is a command pipeline that does real-time monitoring of who is trying to attack the Course Linux Server (requires privileged read permission on the log files):

# fgrep 'refused connect' /var/log/auth.log | awk '{print $NF}' \
    | sort | uniq -c | sort -nr | head -n 5
 26 (202.83.48.3)
 23 (70.54.33.42)
  8 (183.232.32.24)
  8 (114.255.20.157)
  7 (82.221.103.161)

The top listed attacker is from India. They tried to log in as root, and the denyhosts intrusion protection package quickly blocked that IP address:

# host 202.83.48.3
3.48.83.202.in-addr.arpa domain name pointer 3.48.83.202.asianet.co.in.

# fgrep '202.83.48.3' /var/log/auth.log   # (output edited slightly)
Oct 2 00:03:35 Failed password for root from 202.83.48.3 port 33957 ssh2
Oct 2 00:03:37 Failed password for root from 202.83.48.3 port 33957 ssh2
Oct 2 00:23:54 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 00:44:04 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 01:04:12 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 01:24:15 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 01:44:29 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 02:04:51 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 02:25:11 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 02:45:39 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 03:06:05 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 03:26:24 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 03:47:02 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 04:07:22 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 04:27:31 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 04:47:52 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 05:08:29 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 05:28:45 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 05:49:32 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 06:10:14 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 06:30:38 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 06:50:38 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 07:11:03 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 07:31:20 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 07:51:51 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 08:12:17 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 08:32:33 refused connect from 202.83.48.3 (202.83.48.3)
Oct 2 08:53:29 refused connect from 202.83.48.3 (202.83.48.3)

The next “attacker” is a student who forgot his password:

# host 70.54.33.42
42.33.54.70.in-addr.arpa domain name pointer bas5-ottawa23-1177952554.dsl.bell.ca.

The third attacker is in China:

# host 183.232.32.24
Host 24.32.232.183.in-addr.arpa not found: 2(SERVFAIL)

# whois 183.232.32.24 | fgrep address
address: 29,Jinrong Ave, Xicheng district,beijing,100032
address: 29 jinrong ave. xicheng district, beijing China

 Take Notes in Class

Author: 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format


Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen