Updated: 2014-04-03 05:10 EDT

1 College Network Down

2 Readings, Assignments, Labs, and ToDo

2.1 Assignments and Lab work this week

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant.

The worksheets are available in four formats: Open Office, PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing and searching online.

2.1.1 Optional Bonus Assignments – extra marks

  • Assignment #03 HTMLOptional BONUS VIM Text Editor Practice
    • this is an optional worksheet for a BONUS assignment using vim
    • Optional Reading: The VI (VIM) Text Editor
    • Worksheet #06 HTMLOptional VIM Text Editor Practice
    • this is an optional worksheet for a BONUS assignment using vim
    • Optional command-line VIM tutorial: the vimtutor program on the CLS.
  • Assignment #09 HTML – BONUS assignment to review second midterm test
    • this is an optional BONUS assignment worth extra credit
    • there is a checking script available to verify the format of your file

4 From the Classroom Whiteboard/Chalkboard

5 Real Sysadmin Work

5.1 Awesome License Plate

Bye Bye Data

Bye Bye Data

5.2 Locally Authored Linux Security Document

Mike Gifford runs OpenConcept Consulting here in town: “Open source web development for social change”. He works with Drupal, an open source web content management system (CMS).

He wrote:

We’ve been working on a best practices document for Drupal security that is geared specifically at government clients. […] We wrote this for a federal government department in town that had their site compromised earlier in the year. Figured it was a good time to write up a general document to help guide folks in the public sector. Security is certainly a complex issue, and most government departments just don’t seem to get it. For instance CSEC provides security information for Windows 2003, but not Windows 2008.

We are releasing this document because we believe that most government departments simply do not have the resources to put into properly setting up and maintaining the security of their servers. Our hope is that we will be able to build a community of people behind this process who can help build on and maintain a set of best practices. I’m also hoping that it helps to reach up into management a bit and be more approachable for folks who already with IT security.

I do hope that folks […] heard the recent court case with the 12 year old boy who is on trial for hacking into government computer systems in 3 different jurisdictions. To some extent that’s a reflection the rise of hacker culture on the Internet, but it should also be an indication of how far government security practices have fallen short. If a kid can hack away at government sites for fun, and get away with this much information, what are more politically or crime motivated hackers capable of? There is far too much security theatre and not enough collaboration within government about how to raise the lowest common denominator for security. I’ve blogged about this here:

http://openconcept.ca/blog/mgifford/when-even-our-kids-can-hack-government-site

We’ve released the initial security guide here for review here (we are asking for people to submit their name & email so that we can track who is making use of this PDF):

http://openconcept.ca/drupal-security-guide

We’d like to get feedback on this document, and our hope is that this starts an open conversation about security best practices. I would like to thank the people who have contributed to this document, but generally I have decided what is or is not listed in this release. There will be errors that I likely introduced and they will be addressed as they are raised.

There’s a GoogleDoc too for folks who are interested in adding comments directly to that version of the document.

Mike Gifford, President, OpenConcept Consulting Inc.
Drupal 8 Core Accessibility Maintainer –> http://drupal.org/user/27930
http://twitter.com/mgifford | http://linkedin.com/in/mgifford

Open source web development for social change – http://openconcept.ca

5.3 College network failure on Saturday:

Algonquin had a massive network failure around 3pm on Saturday, but ITS has said nothing about it other than “we had some issues; everything is fine now; have a good weekend”. (I still don’t have off-campus connectivity to my Course Linux Server as of 02:45am Monday.)

From a friend who is a student at Carleton:

“Students, faculty and staff are advised that at approximately 3 p.m. on Saturday, March 15, the university experienced a severe network failure that impacted some Internet access and some internal network services.” - Apparently it was some kind of DDOS attack (SYN flood?) and it’s still ongoing. Seems that services are intermittent (for my Carleton friends, CULearn is not accessible - it’s hitting the authentication services, it seems…)"

Seems too much of a coincidence that I lost connectivity to Algonquin at just after 3pm on the same Saturday, and still don’t have it back.

                             My traceroute  [v0.80]
idallen-ubuntu (0.0.0.0)                               Sat Mar 15 18:55:44 2014
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 205.211.50.2                      0.0%    68    2.7   4.0   1.1  76.7   9.3
 2. wsp05974301wss.cr.net.cable.roge  0.0%    68    2.4   2.5   2.4   4.5   0.3
 3. 24.153.31.217                     0.0%    68    3.0   5.6   2.4  97.3  15.5
 4. te4-0-0.gw01.rchrd.phub.net.cabl 58.2%    68    7.4   7.5   5.7   9.8   1.2
 5. gi-1-1-3.gw01.grnsbr.phub.net.ca 85.1%    68   14.3  13.0  11.7  14.3   0.9
 6. 24.156.144.178                   92.5%    68   22.3  25.6  21.8  39.6   7.8
 7. te0-4-0-14.ccr21.ord03.atlas.cog 86.6%    68   22.6  22.7  22.4  22.9   0.1
 8. be2006.mpd21.ord01.atlas.cogentc 76.5%    68   23.0  23.1  22.8  24.3   0.4
    be2005.ccr21.ord01.atlas.cogentco.com
    be2003.ccr22.ord01.atlas.cogentco.com
    be2004.mpd22.ord01.atlas.cogentco.com
 9. be2080.ccr22.yyz02.atlas.cogentc 85.1%    68   24.2  24.5  24.0  25.4   0.5
    be2079.ccr21.yyz02.atlas.cogentco.com
    be2081.ccr21.yyz02.atlas.cogentco.com
    be2082.ccr22.yyz02.atlas.cogentco.com
10. te4-1.mag01.yyz02.atlas.cogentco 64.2%    68  208.3  39.5  21.3 208.3  45.3
    te4-1.mag02.yyz02.atlas.cogentco.com
    te7-1.mag01.yyz02.atlas.cogentco.com
11. te3-1.ccr01.yyz03.atlas.cogentco 85.1%    68   24.7  77.6  24.0 182.6  69.4
    te4-1.ccr01.yyz03.atlas.cogentco.com
12. 38.122.70.210                    84.8%    67   24.2  24.5  24.0  25.5   0.5
13. 208.85.223.218                   89.4%    67   24.2  24.8  24.2  25.6   0.5
14. host-208-79-60-218.static.295.ca 74.2%    67   28.4  28.2  27.6  29.3   0.5
15. pc-1.rowswitch3.kit.rackanddata. 89.1%    65   28.7  28.5  28.1  28.8   0.3
16. 162.219.1.148                    71.9%    65   28.2  28.0  26.2  28.9   0.6
17. idallen-cloud.idallen.ca         82.8%    65   29.2  48.9  28.6 189.8  47.0
                             My traceroute  [v0.80]
idallen-oak.home.idallen.ca (0.0.0.0)                  Sat Mar 15 19:02:11 2014
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.2.1                       0.0%   112    0.8   0.9   0.7   1.3   0.1
 2. lo-100.lns02.tor.man.teksavvy.co  0.0%   112   20.5  15.8  10.9 182.9  17.5
 3. 69.196.136.132                    0.0%   112   10.7  13.5  10.4  43.6   6.3
 4. 69.196.136.41                     0.0%   112   10.7  13.3  10.2  58.6   7.1
 5. igw01.front.net.cable.rogers.com  0.0%   112   11.0  15.5  10.5  93.6  13.3
 6. 69.63.251.145                     0.0%   112   14.5  14.6  11.4  24.8   2.9
 7. 24.153.7.2                        0.0%   112   20.0  20.5  17.1  30.3   2.7
 8. te-3-0-0.agw01.phub.net.cable.ro  0.0%   112   17.1  19.9  16.4  76.2   9.5
 9. 24.153.31.218                    87.4%   112   21.4  22.9  21.1  31.6   3.1
10. wsp05974302wss.cr.net.cable.roge 95.5%   111   21.9  23.3  21.4  25.1   1.7
11. 205.211.77.51                    93.6%   111   21.2  21.6  21.2  21.9   0.3

5.4 Attacks on CLS from inside College

$ fgrep 10.100.11.36 /var/log/apache2/error.log
[Thu Mar 13 17:18:10 2014] [error] [client 10.100.11.36] Invalid URI in request GET %2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5Cboot%2Eini HTTP/1.1
[Thu Mar 13 17:18:11 2014] [error] [client 10.100.11.36] Invalid URI in request GET %2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5C%2E%2E%5Cetc%5Cpasswd HTTP/1.1
[Thu Mar 13 17:18:11 2014] [error] [client 10.100.11.36] Invalid URI in request GET ..\\\\..\\\\..\\..\\\\..\\..\\\\..\\..\\\\\\boot.ini HTTP/1.1
[Thu Mar 13 17:18:11 2014] [error] [client 10.100.11.36] Invalid URI in request GET %c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./boot.ini HTTP/1.1
[Thu Mar 13 17:18:12 2014] [error] [client 10.100.11.36] Invalid URI in request GET %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/boot.ini HTTP/1.1
[Thu Mar 13 17:18:12 2014] [error] [client 10.100.11.36] Invalid URI in request GET index.html?../../../../../boot.ini HTTP/1.1
[Thu Mar 13 17:18:12 2014] [error] [client 10.100.11.36] Invalid URI in request GET index.html?..\\..\\..\\..\\..\\boot.ini HTTP/1.1
[Thu Mar 13 17:18:13 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/..\\..\\\\..\\..\\\\..\\..\\\\..\\..\\boot.ini
[Thu Mar 13 17:18:13 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/\xc0.\xc0.\\\xc0.\xc0.\\\xc0.\xc0.\\boot.ini
[Thu Mar 13 17:18:13 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/..\\
[Thu Mar 13 17:18:13 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/..\\
[Thu Mar 13 17:18:13 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/\\..
[Thu Mar 13 17:18:14 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/..\\..\\..\\boot.ini
[Thu Mar 13 17:18:14 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/..\\..\\..\\..\\\\..\\..\\\\..\\..\\\\\\boot.ini
[Thu Mar 13 17:18:14 2014] [error] [client 10.100.11.36] Invalid URI in request GET /../../../../../../../etc/passwd HTTP/1.1
[Thu Mar 13 17:18:14 2014] [error] [client 10.100.11.36] File does not exist: /var/www/html/\\..\\..\\..\\..\\..\\..\\..\\boot.ini
[Thu Mar 13 17:18:23 2014] [error] [client 10.100.11.36] Invalid method in request \x81u\x01\x03\x03\x01\\
[Thu Mar 13 17:18:23 2014] [error] [client 10.100.11.36] Invalid method in request \x16\x03\x01\x01v\x01
$ fgrep 10.100.11.36 /var/log/auth.log
[...]
Mar 13 17:19:25 idallen-ubuntu sshd[14483]: Bad protocol version identification 'GET /..\\/\\..\\/\\..\\/\\boot.ini HTTP/1.1' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14482]: Bad protocol version identification '\026\003\002' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14487]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14486]: Bad protocol version identification '\026\003\002' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14488]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14489]: Bad protocol version identification 'GET /\\../\\../\\../boot.ini HTTP/1.1' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14490]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14492]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14493]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14494]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14491]: Did not receive identification string from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14495]: Bad protocol version identification 'GET ////..\\..\\..\\boot.ini HTTP/1.1' from 10.100.11.36
Mar 13 17:19:25 idallen-ubuntu sshd[14496]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14497]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14498]: Bad protocol version identification 'GET /..\\..\\..\\..\\\\..\\..\\\\..\\..\\\\\\boot.ini HTTP/1.1' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14501]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14502]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14503]: Bad protocol version identification 'GET /../../../../../../../etc/passwd HTTP/1.1' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14505]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14507]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14508]: Bad protocol version identification 'GET /%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini HTTP/1.1' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14509]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:26 idallen-ubuntu sshd[14510]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14511]: Bad protocol version identification 'GET /%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc%2fpasswd HTTP/1.1' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14514]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14516]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14517]: Bad protocol version identification 'GET / HTTP/1.1' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14518]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14519]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14520]: Bad protocol version identification 'GET / HTTP/1.1' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14521]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:27 idallen-ubuntu sshd[14522]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:28 idallen-ubuntu sshd[14523]: Bad protocol version identification '\201u\001\003\003\001\\' from 10.100.11.36
Mar 13 17:19:28 idallen-ubuntu sshd[14524]: Bad protocol version identification '\026\003\001\001v\001' from 10.100.11.36
Mar 13 17:19:28 idallen-ubuntu sshd[14527]: Bad protocol version identification 'GET / HTTP/1.1' from 10.100.11.36
Mar 13 17:19:46 idallen-ubuntu sshd[14555]: Did not receive identification string from 10.100.11.36
Mar 13 17:19:51 idallen-ubuntu sshd[14566]: Did not receive identification string from 10.100.11.36
Mar 13 17:19:56 idallen-ubuntu sshd[14588]: Protocol major versions differ for 10.100.11.36: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 vs. SSH-1.5-NmapNSE_1.0
Mar 13 17:19:56 idallen-ubuntu sshd[14577]: Did not receive identification string from 10.100.11.36
Mar 13 17:19:57 idallen-ubuntu sshd[14592]: Bad protocol version identification '\026\003' from 10.100.11.36
Mar 13 17:19:57 idallen-ubuntu sshd[14593]: Bad protocol version identification '\026\003' from 10.100.11.36
Mar 13 17:20:02 idallen-ubuntu sshd[14594]: Did not receive identification string from 10.100.11.36
Author: 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format


Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen