Updated: 2014-09-24 15:17 EDT

1 Readings, Assignments, Labs, and ToDo

1.1 Assignments and Lab work this week

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant.

1.1.1 Worksheets

The worksheets are available in four formats: Open Office (ODT), PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing online.

Do NOT open the ODT files using any Microsoft products; they will mangle the format and mis-number the questions. Use the free Libre Office or Open Office programs to open these ODT documents. On campus, you can download Libre Office here.

3 From the Classroom Whiteboard/Chalkboard

3.1 Errors logging in to CLS

I told you in class not to log in with a blank userid, but if you miss class, you don’t hear my warnings and you get locked out:

Sep 14 16:53:00 Failed password for invalid user  from
Sep 14 16:53:12 Failed password for invalid user  from
Sep 14 16:54:04 Failed password for invalid user  from
Sep 14 16:54:18 refused connect from (

Your lack of attendance in classes often results in course failures. The course has five lab periods every week; find one and show up.

3.2 Errors in submitted assignment01.txt

As of 10:15 Monday the following students have not Read All The Words in Assignment 1 and will not be getting marks:

xxxx0012: Bad file name: Assignment01.txt
xxxx0301: Bad file name: Assignment01.txt
xxxx0172: Bad file name: cal.txt
xxxx0004: Bad file name: Assigment 01.txt

Also, 27 out of 166 students did not label their paragraphs exactly according to the assignment specifications.

Read All The Words

3.3 Midterm Test #1

4 Real Sysadmin Work

4.1 Using parent directory chains to attack a server

Some crackers in Columbia and Hong Kong try to fetch account files from my machine using long strings of parent directories (..) in Web URLs:

2013-04-28_03:08:36 "GET /help/index.php?screen=../../../../../../../../etc/voipnow/voipnow.conf HTTP/1.1" 404 243 "-" "HTTP_Request2/2.1.1 (http://pear.php.net/package/http_request2) PHP/5.1.6" 332 451 "/var/www/html/help"
2013-02-18_20:46:30 "GET /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 200 541 "-" "curl/7.19.4 (i386-redhat-linux-gnu) libcurl/7.19.4 NSS/ zlib/1.2.3 libidn/0.6.14 libssh2/0.18" 385 826 "/var/www/html/index.html"

$ whois
owner:       Flywan S.A.
address:     000 - Medellin - CO
country:     CO

$ whois
descr:          Wharf T&T Limited
descr:          Kwun Tong, Kowloon
country:        HK

4.2 Linux in the News

Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, Web servers, databases and programming languages.

Problems which are rare, or specific to a domain may be best answered by using software as a service, or by installing proprietary software. In such cases, take care to mitigate the risk of lock-in to a single supplier by ensuring open standards are available for interfaces.

For unique needs and common problems which have yet to be solved well elsewhere, develop software by coding in the open and publish under an open source licence.


4.3 Internet Attacks on my machines

I log attacks on my machines. I compared some attack logs from home (TekSavvy – hit by 32 attack addresses) and my school desktop machine (Algonquin – hit by 50 attack addresses) and found three common attack addresses, two in China and one in India. These three addresses tried to use an SSH login to both my home and my Algonquin machines. Should I worry?

From China:

$ whois
netname:        CHINANET-JX
descr:          CHINANET Jiangxi province network
descr:          China Telecom
descr:          No.31,jingrong street
descr:          Beijing 100032

$ whois 163data.com.cn
Domain Status: inactive
Registrant: 中国电信集团公司
Registrant Contact Email: domain@chinatelecom.com.cn
Sponsoring Registrar: 北京万网志成科技有限公司
The Plans for your Career

The Plans for your Career

Read All The Words 2014

Read All The Words 2014

Read All The Words 2012

Read All The Words 2012

Take Notes in Class

Take Notes in Class

| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format

Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen