Thursday, December 24, 2009

The Story of the PING Utility

Since it's the time of gifts, one of the greatest gifts to the I.T. community is the PING utility. If you're not familiar with the true story of its creation, here it is as told by its creator, the late Mike Muuss. Story of PING

Monday, December 21, 2009

Dealing with a simple DOS attack

It's been an interesting past few days. Sometimes I feel like I'm living in a Rube Goldberg contraption! One of our servers got hit with a DOS attack last Friday night. It wasn't too bad and I was able to use several commands to figure out what was happening and deal with it. I thought I'd share them with you:

  • I first used "netstat -lan grep -c :80" to check the number of connections to port 80. It was about three times normal.
  • I then used "netstat -atun awk '{print $5}' cut -d: -f1 sed -e '/^$/d' sort uniq -c sort -n" to identify which IP addresses had the most connections open. I found a large number of connections from three unique IP addresses.
  • I then created static blackhole routes for those three IP addresses to block the source of the attack and my server was back up. Here's the command: "ip route add blackhole w.x.y.z/32" (where w.x.y.z is the address I wanted to block and /32 is the mask)

I'm not including explanations of all the options here. Use man, info, or Google to look 'em up.
This is not a permanent solution and it won't work for a Distributed DOS attack, but it did allow my server to begin answering HTTP requests again. A more permanent solution (perhaps it would be better described as a "less temporary" solution, since there probably is no permanent solution other than disconnecting from the Internet) will be to create a set of firewall rules to identify an attack (say, an accelerated number of connection requests within a set time frame) and drop the packets from that source. There is a fair amount of complexity involved in getting it right, but I'll blog on it and let you know what I find.

Thursday, December 10, 2009

Installing Gnome or KDE after initial setup

I've seen a lot of forum posts with questions about installing desktop managers such as Gnome and KDE after you perform the initial installation of Linux. Many of the issues seem to be related to installing the desktop environment without installing the X server. The thing to remember is that X provides the foundation for graphics in Linux/Unix. If you don't have X, you don't have graphics, so you have to install X before you can use the desktop environment. If you don't, you'll get errors such as "no server "X" in PATH" or "xinit: Server error"

Here's how to do it (two steps) on Red Hat-based systems (Red Hat, Fedora, CentOS):

  1. $ su -
  2. # yum groupinstall "X Window System"
  3. # yum groupinstall "GNOME Desktop Environment" or
  4. # yum groupinstall "KDE (K Desktop Environment)"

Presumably, it's similar on Debian systems, but you would use apt-get instead of yum.

If you want to go crazy with graphics, install beryl as well. Falco Timme as an excellent tutorial (all of his tutorials are excellent) at