Anyway, I head off to class, and as I'm walking around campus and sleeping through a very boring intro to CS lecture, the network administrator pays my room a little visit. Not finding me in, he knocks on my suitemate's door and demands to see me, scaring the you-know-what out of my suitemate... who is very linux-savvy himself and knows I've had run-ins with sed network admin before. The network admin tells my suitemate that I'm "in big trouble" and he needs to speak with me right away.
I return from class hoping the net will be back up, but to my dismay find that it is not. The suitemate of mine who mat the network admin was now gone, but I used his computer to find out if his computer was able to access the net. It was. Confused, I run an ethernet cable to his room and plug myself in.
Not two minutes later, the phone rings. It's the network administrator.
Apparently (and don't ask me how or why) CUPS on my system had brought the entire campus network to it's knees. (Or so I was told). One of my NICs was sending out broadcast packets as fast as it possibly could, and the second NIC was answering. Both interfaces had their own IP, and somehow all this traffic was disturbing the campus network. To solve the problem, the network administrator had first isolated the network in my building from the rest of the world, and then cut off access to the port in my room. Of course now I had plugged in to my roomate's port and was continuing to broadcast. As the admin was explaining this to me, I unplugged the cable so fast I almost ripped the jack out of the wall!
Anyway, after that long winded story, I don't know what caused the problem. I logged into my box and executed "top", and found the CUPS was using 99.9% of both my CPUs. I simply removed CUPs and reinstalled a newer version from an RPM. Haven't had the problem since.
This probably doesn't help, but maybe it was at least interesting :)
-Josh
-----------
Due to the recent increase in spam and falsely sent email, I now PGP Sign all of my outgoing mail to prove my identity. This means that you will see an attachment called "PGP.sig" with this message. This attachment can be used to prove that I am who I say I am. If you are not familiar with PGP, you can safely ignore it. For more information, please visit http://www.pgp.com/ or http://www.gnupg.org/
On Jun 3, 2004, at 5:14 PM, Byarlay, Wayne A. wrote:
Could anybody tell me why a RH9 machine is constantly attempting to contact our other RH9 machine with CUPS on it?
yes, the non-CUPS server is hammering away on the CUPS one (or trying to, not getting through firewall) through port 631 (which is IPP).
Perhaps some old print job that just can't escape or something?? If so where would I look to delete it?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of stan briggs Sent: Thursday, June 03, 2004 2:13 PM To: [EMAIL PROTECTED] Subject: RE: [TriLUG] destructive spam?
a technique like described below certainly works. there are many ways to
get to the source to see what characters are there. the problem, though,
is that the cid: entry is followed by a whole bunch of ascii characters
that evidently mean more than just their random human readable letters.
they don't look like hex. i don't know what they are.
ideas, anyone?
stan
The technique for discovering where these references point depends on your email client.
You need to save the email to a file on hard disk, then view it with a
text reader. Then just read the html and you can spot the external references.
With most 'nixes, you could create a folder, move the questionable email into it (so that it's isolated from the other 5 megabytes in your Inbox folder), and navigate into it following your
.Mail or .mail or .Mailbox directory off your roothome (~). Then open it in vi or whatever.
If you use outlook by day, then create a new email addressed to yourself and use the "insert -> item" feature. Once it's in your inbox, then right click on the attachment, do a "Save As", name it whatever.txt. Examine it with with notepad.
Marty
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Turnpike Man Sent: Thursday, June 03, 2004 12:29 PM To: Triangle Linux Users Group discussion list Subject: Re: [TriLUG] destructive spam?
slightly better... but without clicking these links, is there any way to decipher where they are going to take us?
David M.
--- [EMAIL PROTECTED] wrote:ftp:)You are familiar with URL's that contain a protocol identifier (http:,followed by a host identifier (trilug.org, ftp.ics.uci.edu) followed by an object reference (index.html, pub/ietf/uri/rfc2111.txt).
Think of "cid" and "mid:"; as being the URL way to point to an object contained within the same MIME-encoded message.
I'd offer an example, but I refuse on principle to create a MIME- encoded message.
It tells the HTML-interpreter (which the would-be mark is using to read his mail...not that any of us would ever do that...) where to find the object it needs to correctly render the HTML page.
I presume that if said HTML-interpreter also has a tendency to execute objects it believes to be executable, such a construct could be used to cause the execution of code within the local context.
Any better? I swear it's all English...
-----Original Message----- From: Turnpike Man <[EMAIL PROTECTED]>
Even after reading, can someone put that in english? thanks! David M.
__________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
PGP.sig
Description: This is a digitally signed message part
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
