The Story of the PING Utility

Since it's the time of gifts, one of the greatest gifts to the I.T. community is the PING utility. If you're not familiar with the true story of its creation, here it is as told by its creator, the late Mike Muuss. Story of PING

Dealing with a simple DOS attack

It's been an interesting past few days. Sometimes I feel like I'm living in a Rube Goldberg contraption! One of our servers got hit with a DOS attack last Friday night. It wasn't too bad and I was able to use several commands to figure out what was happening and deal with it. I thought I'd share them with you:

• I first used "netstat -lan grep -c :80" to check the number of connections to port 80. It was about three times normal.
• I then used "netstat -atun awk '{print $5}' cut -d: -f1 sed -e '/^$/d' sort uniq -c sort -n" to identify which IP addresses had the most connections open. I found a large number of connections from three unique IP addresses.
• I then created static blackhole routes for those three IP addresses to block the source of the attack and my server was back up. Here's the command: "ip route add blackhole w.x.y.z/32" (where w.x.y.z is the address I wanted to block and /32 is the mask)

I'm not including explanations of all the options here. Use man, info, or Google to look 'em up.
This is not a permanent solution and it won't work for a Distributed DOS attack, but it did allow my server to begin answering HTTP requests again. A more permanent solution (perhaps it would be better described as a "less temporary" solution, since there probably is no permanent solution other than disconnecting from the Internet) will be to create a set of firewall rules to identify an attack (say, an accelerated number of connection requests within a set time frame) and drop the packets from that source. There is a fair amount of complexity involved in getting it right, but I'll blog on it and let you know what I find.

Installing Gnome or KDE after initial setup

I've seen a lot of forum posts with questions about installing desktop managers such as Gnome and KDE after you perform the initial installation of Linux. Many of the issues seem to be related to installing the desktop environment without installing the X server. The thing to remember is that X provides the foundation for graphics in Linux/Unix. If you don't have X, you don't have graphics, so you have to install X before you can use the desktop environment. If you don't, you'll get errors such as "no server "X" in PATH" or "xinit: Server error"

Here's how to do it (two steps) on Red Hat-based systems (Red Hat, Fedora, CentOS):

1. $ su -
2. # yum groupinstall "X Window System"
3. # yum groupinstall "GNOME Desktop Environment" or
4. # yum groupinstall "KDE (K Desktop Environment)"

Presumably, it's similar on Debian systems, but you would use apt-get instead of yum.

If you want to go crazy with graphics, install beryl as well. Falco Timme as an excellent tutorial (all of his tutorials are excellent) at HowToForge.com.

Hidden Gems

One of the things I always teach in our Cisco ASA workshops is how to preview commands in the Adaptive Security Device Manager (ASDM) before sending them to the appliance. It's easy and it's also a great way to familiarize yourself with the command-line interface (CLI). Here's how to do it: In the ASDM, click on Tools>>Preferences. On the General tab, in the Communications section, check the box to "Preview commands before sending them to the device".

Here's another handy learning tool for the Cisco ASA: You can run the ASDM in demo mode. You must first download the ASDM demo software from Cisco using your Cisco login. Make sure to download the appropriate demo version for the version of ASDM software you're running. For example, I recently downloaded and installed asdm-demo-621.msi. Once the demo software is installed, you can run it by starting the ASDM launcher and checking the box to "Run in demo mode". ASDM demo mode provides a great way to explore the ASDM and familiarize yourself with its extensive capabilities.

Email Notification of Event Viewer Events

In a recent onsite seminar about Windows Server and Group Policy, a student asked about ways to receive email notification of Event Viewer events. I found this article on Daniel Petri's website about how to do that: http://www.petri.co.il/forums/showthread.php?t=32283

My Top 10 Favorite Websites for I.T. People

Last month, I shared my top ten favorite tools for I.T. pros. This month, I'm sharing my top ten favorite websites for I.T. pros. This would have been a fairly easy list to compile, but then I decided to filter sites by six criteria as follows:

1. It had to be a site that provides information I need
2. It had to be a site that offers good stuff for free. It's okay if they charge for premium services, but there just had to be a lot of good stuff for fee. That eliminated sites like Experts-Exchange.
3. It had to be a site that is substantially about I.T. That eliminated sites like Wikipedia and Google.
4. It couldn't be a vendor site. As good as they are, I just didn't want to include Cisco, Microsoft, Sun, etc. on my list. Hey, it's my list; I get to choose!
5. It couldn't be a tools site such as Solar Winds. As helpful as those types of sites are, I wanted sites that were primarily about information.
6. It could be a site that I don't necessarily visit often, but one where I subscribe to their RSS feed such as Paul Thurott's WinSuperSite.

After I created the six criteria, I realized that there are really only about five sites I use regularly (other than vendor sites and, of course, Google and Wikipedia). So, here are my top five, plus five more sites that I don't use often but which are helpful.

The five that I use regularly:

• http://www.techrepublic.com/ (General knowledge)
• http://www.linuxquestions.org/ (Linux knowledge)
• http://www.howtoforge.com/ (Linux configs)
• http://www.rfc-editor.org/ (Look up RFCs)
• http://www.winsupersite.com/ (Windows knowledge)

Five more that are definitely worth a look:

• http://www.webopedia.com/ (General knowledge)
• http://whatis.techtarget.com/ (General knowledge)
• http://www.tomshardware.com/ (General knowledge)
• http://www.computerperformance.co.uk/ (Windows scripting)
• http://www.computerhope.com/ (General knowledge)

I'm sure you've got favorites of your own. Leave a comment and let me know what they are.

My Top 10 Favorite Tools

I've been building a new desktop computer for my office. (When I say "build", I'm speaking of installing an operating system and software.) As I've gone through the process, I've been thinking of all the tools I install and use. Lots of tech writers like to share their favorite tools list and I thought I'd do likewise. Here are my top ten, in alphabetical order:

HashTab: This very handy shell extension provides a great way to validate hashes for downloaded files. Download it at http://beeblebrox.org/

Inssider: This utility scans for wireless access points and displays MAC addresses, SSIDs, channels, signal strength, security, and speed. Download it at http://www.metageek.net/products/inssider

IrfanView: IrfanView is a must-have tool for viewing and performing basic manipulation of graphical images. It's a very fast, lightweight tool that allows you to crop and resize images and save them in different file formats. Get it at http://www.irfanview.com/

nmap: nmap is the king of port scanners. 'nuff said? Get it at http://nmap.org/

Notepad++: This is a replacement for Notepad on your Windows computer. I mentioned it last month. Get it for line numbering, if nothing else, but it offers a lot more than that. Download it at http://notepad-plus.sourceforge.net/

psTools: This is a suite of tools developed by Mark Russinovich of Sysinternals fame. They allow you to manipulate many aspects of remote Windows systems from the command line (subject, of course, to authentication). Unix/Linux admins especially will appreciate them. http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

PuTTY: PuTTY is the must-have terminal emulator for Windows. Anyone who administers network devices or servers from the command-line needs this. It can be downloaded as part of an installation package that includes key generation and management tools. http://www.chiark.greenend.org.uk/~sgtatham/putty/

Tftpd32: This is a lightweight, yet powerful TFTP server which also includes a DHCP server and a Syslog Server. http://tftpd32.jounin.net/

WinSCP: For transferring files securely between your laptop and your web server (You don't actually use FTP, do you???), this is a great piece of software. I love the drag-and-drop capability of the Explorer-like interface and the seemless support for public/private keypairs is great. http://winscp.net/

Wireshark: Formerly known as Ethereal, this is Gerald Combs masterpiece. If you're really serious about understanding what's happening on your network, you've already used Wireshark. If you're a newbie, Wireshark is one of the fastest and best ways to elevate yourself past the "newbie" stage. http://www.wireshark.org/

Five New Free Articles Available

We've created a new area on our website with free articles on various technical and workplace skills topics. You find the article you want and we'll send it to you for free. Many of the articles are lessons taken from our various workshops and seminars. The URL is www.soundtraining.net/free-docs.

I just uploaded the following articles:

• Most Important Weblinks for I.T. Pros
• Building a Site-to-Site VPN between Cisco Routers
• vim Quick Reference Guide
• Ten Ways to Delight Your User
• Configuring SSH (Secure Shell) for Remote Login on a Cisco Router

I'm going to try to upload a significant number of articles regularly (subject, of course, to income-producing activities). Let me know what you think.

Thanks for your support

We're in a time of tremendous change right now. (Please forgive the understatement.) The reality is that, in good times and bad, there's always a need for quality products and services. You have my firm commitment to continue providing high quality learning solutions at fair prices, delivering great value. That's what we expect from our vendors and that's what you can expect from us.

We're Growing!

Please welcome a new addition to the soundtraining.net family. Jeff Martin joins us as National Accounts Manager. Jeff has been a trainer, content developer, and even a paramedic. He most recently was manager of content development at SkillPath Seminars. Jeff brings a wealth of experience in technical training (he has been certified as both MCSE and CCNA), content development, and customer relations. Jeff is responsible for developing onsite training opportunities nationwide. Jeff will be in the office starting this coming Monday and he'll be getting in touch with you over the next few weeks to introduce himself.

Week of Geek

Our onsite customers often ask us to customize the training for their particular needs. That makes sense, of course. You get focused training that targets your particular areas of interest and needs. Now, we've created a program to help you customize the training and we've even priced it to make a great value. We call it "Week of Geek". You select your choice of up to 30 modules from nearly 100 available and we deliver the training for your group of up to 14 over a period of five days. Each of the learners gets a customized workbook and you get a staff that's more knowledgeable and more motivated in just one week's time. You can find out more about "Week of Geek" here: www.soundtraining.net/weekofgeek. Please let me know what you think.

Blocking dictionary attacks against SSH

If you've ever looked at /etc/log/secure on your Internet-connected Linux box, you've probably been shocked at the number of logon attempts (hopefully failed attempts) from IP addresses you've never heard of. Of course, it's just some bad guy attempting a dictionary attack using common usernames and random passwords. One of the things you can do that's helpful is to use DenyHosts. It's a daemon that will create entries in /etc/hosts.deny after a pre-determined number of failed logon attempts. It's open source and available at www.denyhosts.net.

Windows 7 Beta

I'm not sure what got into me. I'm not usually interested in beta software for the sake of beta software. Maybe it's just the incredible amount of hype surrounding it, but I decided to install the beta of Windows 7 on my desktop system. (My laptop is my main computer...my desktop system is for testing, but it's usually some version of Linux that I'm playing with or maybe an application.) Anyway, I went ahead and installed Windows 7 on it. It's nothing special...3.40GHz P4 with 2GB of RAM and a 160GB hard drive. Cool eye candy, but that's expected on any modern O.S. What surprised me was how quickly pages load in I.E. 8. Admittedly, I just finished the installation, so there hasn't been time for any browser bloat to creep in, but still, it's noticeably faster. I'll add more comments as I run it for a while.