Google Wave
It’s still in its early stages, and it won’t become ubiquitous immediately, but with Google’s promised federation and Open Source licensing, it may revolutionize the way we communicate in the near future. Keep an eye on this one folks.
Dynamic iptables – “Flexible (and fun)”
Have you ever said to yourself that there should be a tool to do x, start building a tool to do it, then about halfway through your little project, somebody glances over your shoulder and says to you “hey, I use a tool like that, it’s called y, you should check it out,” so you do, and that tool is far more comprehensive and well built than the one you were working on?
Well this isn’t one of those times, because this tool hit me from left field while I was researching ways to mitigate a DDoS attack. Though there are many, many ways to do it, if all you have is a Linux box facing the world with nothing to hide its private parts except iptables, then this “flexible (and fun)” toolset is another weapon you can deploy when you get that 2:30AM call saying “our website’s down and I think it’s being DDoS’d.”
The tool is a simple set of scripts that make adding and removing specific IP’s quick and simple. The main site of the author is at http://www.ibm.com/developerworks/library/l-fw/, or is available (hosted locally) here.
Once installed, you can simply ban/unban an IP by typing ipdrop {IP ADDRESS} {on|off}
While perusing this thread at webhostingtalk.com, member dynamicnet mentioned grep-ing for ridiculous levels of SYN_RECV ‘d connections (this is indicative of a TCP SYN Flood attack) and generating ipdrop commands for quick banning of a SYN Flood-ing IP’s. Though you may accidentally drop one or two legitimate IP’s (have a rule already in place so you don’t ban yourself out of a remote box), you’ll likely get the bulk of the attacking IP’s.
Use netstat -n -p|grep SYN_REC | wc -l to count how many SYN_RECV connections you have.
Use netstat -n -p | grep SYN_REC | awk '{print $5}' | sort -u | awk -F: '{print "ipdrop "$1 " on"}' to generate code to ban IP’s in SYN_RECV status.
Use cat /root/.dynfw-ipdrop |awk -F: '{print "ipdrop "$1" off"}' to generates code to “undrop” those IP’s.
Downgrading Plesk
Wipe. Reload. Restore.
That’s about it, AFAIK. Downgrading Plesk is a real doozie, so do your research before upgrading away compatibility. On that note, Tomcat 4 != compatible with anything past 8.0.0. I’m just saying. =P
Best bet: do your upgrades on a test box first, like your supposed to. Even better, do it on a virtual machine and take a snapshot beforehand. And as far as upgrading Plesk goes, not doing it one step at a time also tends to break it.
Conficker Update Part Deuce
UPDATE 11 Jun 2009: Locally hosted bdtools removal tools (availabe at downadup.org for single computers and network. Cheers =D
Our favorite worm got an update 8 April according to Network World. Read more here…
And of course, at downadup.org.
Rackspace Delves into Cloud Computing Marketplace
Rackspace recently delved into the cloud computing arena with it’s Mosso division. Mosso delivers online presence in an application-as-a-service model and mimics Amazon Web Services and Microsoft Azure in delivering high-availabilty platforms on which to run services. With Amazon and Microsoft however, shell access remains limited and system-level access takes a back seat to stability. Mosso, in contrast, also offers provider-provisioned virtual server instances, which doesn’t require tackling a new learning curve. One can surmise that as the cloud marketplace matures, more providers will adopt this model. Ultimately, cloud computing will provide the availability and performance we want, without sacrificing the control we need.
Join the discussion at the Open Cloud Manifesto site.
