[GNHLUG] MerriLUG Nashua, Thur 15 Jan, Help!!! Org Meeting at MerriLUG
Who : The friendly, suave, intelligent, knowledgeable MerriLUG group What : New program coordinator and speaker list Where: Martha's Exchange Day : Thur 15 Jan **Next Week** Time : 6:00 PM for grub, 7:30 PM for discussion (usually upstairs) :: Overview Our long-serving coordinator, Heather Brodeur, has requested a break from duty so she might concentrate more effort on her paying work. Both those of us who have worked with Heather and the many of you who have benefited from her leadership wish to thank her for doing a fine job for many years. Thank you, Heather! Now the baton is in Heather's outstretched hand, hoping for a smooth pass to a relay partner who will carry it forward. Could that be you? The MerriLUG coordinator develops a list of potential presentation topics from member suggestions or an Ouija Board that we have at the ready. Next, a suitable and willing volunteer speaker is contacted. The name of the consenting volunteer speaker is given to the announcement publicist, and that is it for the month. Oh yes, the coordinator gets to tell jokes to the crowd before introducing the speaker. Please join us at Martha's to select a new coordinator and get them off to a good start with a long list of topics and speaker suggestions. RSVP to Jim Kuzdrall for dinner to assure adequate seating. !!! If you are not a Regular Attendee (50%), please let me know. !!! Driving directions: http://wiki.gnhlug.org/twiki2/bin/view/Www/PlaceMarthasExchange Thanks, Jim Kuzdrall gnh...@intrel.com ___ gnhlug-announce mailing list gnhlug-annou...@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: On portable C programming
yes. I may have used some of your stuff at Digital or HP. On 01/09/2009 10:52 AM, Jim Kuzdrall wrote: Yes, it has been quite a problem over the years. I have been designing and programming computers since 1960, mostly at the ALU and binary data level, where format is critical. The functions I created addressed, in a very elegant way, the very problems you speak of. They have been republished a number of times. They are extremely fast. The algorithm is elegant in that the C code for these functions is exactly the same regardless of what computer or compiler is used. There are no header entries or #ifdef telling the code that the host is big endian, or BCD, or 1's compliment, or IEEE float. No knowledge about the host system's numeric format need be known. None at all. Yet, the functions always compile and do their job correctly, whether storing the data or fetching the data. I was well aware of ASCII transfer and the algorithms for converting one stored format to another when I wrote the functions in the 1980's. I wanted code that my programmers didn't have to fiddle with when porting to one of the many new processors and systems emerging. It also had to be lightning fast, because the data libraries were large and the processor MIPS were low. As with most programs that dig down so far into bit-wise formats, this one requires some background to understand. It has been tested on many processors and operating systems, but it never had a big company behind it to push for more universal application. To late now. (Incidently, the pointer array I mentioned in an earlier post is not needed. The programs can read and write data directly to the host's structs.) -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846 signature.asc Description: OpenPGP digital signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Bots don't honor 301 :(
My httpd logs have been bombarded, lately, with probes by crackbots (mostly for roundcube webmail and mantis bugtracker exploits). This got me wondering, What can I do to keep these buggers off my server? Of course, the iptables -j TARPIT approach came to mind, but that didn't quite seem creative enough. Besides, what if one of the compromised hosts legitimately wants to browse one of my sites? So I got the idea to use status code 301 to redirect these bots to something fun, like: http://cybercrime.fbi.gov/complaints/submit_complaint.php?message=i+am+a+script+kidde+or+robot+attempting+to+compromise+a+computer+at+IP+address,+the+URL+i+am+using+to+do+this+is+$1 So, I set up my servers to trap exploit URLs and 301 them to another server that I control. However, the bots didn't respect the 301, and seemed to treat the 301 much like a 404. :( So, what if I use a fastcgi program to send the bot a 200 response with a new Location: header, I wonder. Has anyone on this list found any fun ways to burn these bots? (BTW, legitimate bots, like googlebot, *do* honor status code 301.) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Inspiron Mini 9?
On Fri, 2009-01-09 at 22:44 -0500, Jarod Wilson wrote: I rather like the AAO, but if I were getting a netbook today, I'd probably go with a Lenovo IdeaPad S10. I just received mine this week (after having ordered it in early December). So far, thumbs up. Ubuntu installed without a problem and the restricted broadcom driver had the wireless working in minutes. Keyboard is ok - it's my first netbook so I'm still trying to get used to the smaller keyboard. I got the default battery offering (not sure what's available for alternatives) and battery life seems a *little* low, but not horrible. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on Usenet and in e-mail? Cole Tuininga co...@code-energy.com http://www.code-energy.com/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Inspiron Mini 9?
We have about 40 HP 2133 subnotebooks. The keyboard is almost normal sized. No special keystrokes needed to reach common keys, at least none I've noticed. The Lenovo Thinkpad X series is very small, though arguably not a subnotebook. Close to normal sized and laid out keyboard as well. Linux (System Rescue, which is Gentoo based) seemed to recognize all the hardware on the HP. We've had Mandriva on the Lenovo. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Bots don't honor 301 :(
On Sat, Jan 10, 2009 at 10:27 AM, virgins...@vfemail.net wrote: However, the bots didn't respect the 301 ... Why should they? They're looking for vulnerable systems to exploit. If they don't get the reaction they want from their probe, they've established you're not vulnerable, and they move on to the next probe. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Bots don't honor 301 :(
What about a perl (or python, ruby etc) script that will tail your error_log, watching for multiple 404's coming from the same IP within a given timeframe. If the IP is tripping too many 404's for things that don't exist, add them to the DROP chain. I solved a similar problem using iptables rate limiting feature. Just slows down the attempts from hundreds/night to about ~8/night. Just a thought.. ~kurth On Sat, 2009-01-10 at 15:27 +, virgins...@vfemail.net wrote: My httpd logs have been bombarded, lately, with probes by crackbots (mostly for roundcube webmail and mantis bugtracker exploits). This got me wondering, What can I do to keep these buggers off my server? Of course, the iptables -j TARPIT approach came to mind, but that didn't quite seem creative enough. Besides, what if one of the compromised hosts legitimately wants to browse one of my sites? So I got the idea to use status code 301 to redirect these bots to something fun, like: http://cybercrime.fbi.gov/complaints/submit_complaint.php?message=i+am+a+script+kidde+or+robot+attempting+to+compromise+a+computer+at+IP+address,+the+URL+i+am+using+to+do+this+is+$1 So, I set up my servers to trap exploit URLs and 301 them to another server that I control. However, the bots didn't respect the 301, and seemed to treat the 301 much like a 404. :( So, what if I use a fastcgi program to send the bot a 200 response with a new Location: header, I wonder. Has anyone on this list found any fun ways to burn these bots? (BTW, legitimate bots, like googlebot, *do* honor status code 301.) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Bots don't honor 301 :(
From: H. Kurth Bemis ku...@kurthbemis.com Date: Sat, 10 Jan 2009 15:51:50 -0500 Cc: gnhlug-discuss@mail.gnhlug.org I solved a similar problem using iptables rate limiting feature. Just slows down the attempts from hundreds/night to about ~8/night. I was thinking about accepting the connection, maybe sending out a few headers, and then the stalling the connection. But it's easy to set connect/read timeouts, even on windows. That's something the bot writer is likely to have accounted for. I could return 200 OK, and send an infinite stream of 0xFF at the bot. That might overflow its receive buffer or ehxaust its memory. No one on this list would happen to know if spambots bounds check their reads, would they? (; I might be able to test for it, if there was a way to detect when the client socket is closed. Do win32 clients send a FIN/ACK pair when an app with an open TCP socket unceremoniously crashes? If not, I could interperet a FIN packet to mean that the bot's immune to being drowned with 0xFFs. I can't spend a whole lot of time on this though. If there's something quick and dirty I can put in place that'll take the bots down, I'll use it. I'm just not willing to build a full blown honeypot to do so. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
