Monthly Archives: July 2009

Cygwin terminals!

Posted on by

I use Cygwin both at work and home to give me a quick to access unix-like environment, where I can use tools that I use everyday in my sysadmin role.  I find it a lot easier to wc -l something than load it into OpenOffice and do a word count.  I’m happier with awk and grep and find than Windows GUI tools.

My only real pain was that the terminals under Cygwin were awkward.  The default terminal is terrible (essentially the windows command prompt).  I eventually configured rxvt and got it working pretty much to my liking, but the X-Windows style never really fit well with my other windows and some of the features annoyed me.

However, today I found the MinTTY package within Cygwin and I’m finally very pleased with my Cygwin terminal.  It looks and feels just like a PuTTY window (which it should, being based on the same code) which is handy since I use or used to use PuTTY all the time for remote access to the stuff I support.  It’s configurable (easy) and fast.  Very pleased, give MinTTY a shot if you’re a Cygwin user and didn’t know it was there.

Random ssh attacks

Posted on by

Somewhere on the internet there’s a machine I have access to, which is running an ssh daemon.  That machine has a public internet address.  Between the 26th of April 2009 at 8:55am and the 19th of July 2009 at 1:37pm there have been 105,043 failed ssh login attempts.  That’s over 84 days (roughly).  So that works out at 1250’ish failed login attempts per day.  Which is about 52 per hour which isn’t a million miles away from 1 failed login attempt every minute on that server (it’s actually 0.86 attempts per minute).

The attempts come in batches, so every few hours there’ll be a few hundred from the same source.  Sometimes they try hundreds of passwords against root and othertimes they’ll try hundreds of different user ID’s.

In those 84 days there have been attacks from around 259 different source IP addresses.  As for usernames attacked, there are 17,532 different ones attempted in that period.

The most popular day was the 2nd July with 7387 attacks in one day, from 8 different sources.  Two specific IP addresses accounted for 3173 and 2826 of those attacks.  One source tried 728 user ID’s in 2826 attempts and the other 1615 different user ID’s in 3173 attempts.

The root user ID has been attacked 27,210 time throughout the whole period.  The most popular non-root user ID to be attacked is admin with 2392 attempts, then test with 1330 attempts and in the next slot is guest at 627 attempts.  Application based ID’s were popular with oracle (623), mysql (399), postgres (311), ftp (251) and teamspeak (165).  Amusingly, the most popular regular names attempted were paul (211) then john (201) and michael (180).

There doesn’t seem to be a preferred hour to attack servers, here’s the breakdown by hour,

  • 01 – 5696
  • 02 – 6249
  • 03 – 7387
  • 04 – 4127
  • 05 – 4388
  • 06 – 3457
  • 07 – 4809
  • 08 – 3920
  • 09 – 3481
  • 10 – 4708
  • 11 – 3894
  • 12 – 3062
  • 13 – 3542
  • 14 – 2805
  • 15 – 4481
  • 16 – 5823
  • 17 – 4198
  • 18 – 2160
  • 19 – 2496
  • 20 – 3949
  • 21 – 7980
  • 22 – 4823
  • 23 – 3418
  • 00 – 4187

I could do some analysis of the source addresses, but I’m not really sure how useful it would be, many of them are likely to be compromised workstations or forged address.

Harry Potter and the Half Blood Prince

Posted on by

First off, all my cards on the table.  I’ve read the first few books of the Potter series, I think it was the first 4.  They were okay, but I usually don’t enjoy reading about the tortured love lives of teenagers so I didn’t make it to book 5 or beyond.  I’ve seen all the movies.  My wife loves the books and the movies, so I know what happens in each book, and I knew what was going to happen in this film.

There are spoilers in this review.  You have been warned.

Continue reading

Firefox, progress

Posted on by

So, I used procmon to see what Firefox was doing when it was taking 60 seconds to start up, and it was reading a lot of files from a lot of different locations.  The one that caught my eye was C:\Documents and Settings\me\Local Settings\Temporary Internet Files, and a quick check revealed I had over 7000 files in there.  Not from Firefox, but from programmes which use the IE engine to display web pages and html content (like, XFire).  I removed them all, and the startup times for Firefox dropped to about 15-20 seconds.

Then a friend sent me this link from LifeHacker.

So, not only do I now know what is causing the slowdown, I know why, and I know it’s classed as a bug.

False positive …

Posted on by

Firefox is still slow, it wasn’t (just) Adblock plus.  I’ve even tried with a totally clean profile and it can still take 60 seconds to launch.  If Firefox was the last thing I shut down (say last thing at night) then it opens instantly even if it’s 12 hours later (like first thing in the morning).  However, if anything else (reasonably significant) is run in-between then it takes an age.

Investigation continues.

Firefox start-up slow?

Posted on by

Firefox had been getting slower and slower to start up.  It was getting stupid, 30 seconds, 50 seconds, longer.  If I started Firefox (and made a cup of tea while it was launching), closed it and restarted it, it would only take a few moments, maybe 5-10 seconds.  I turned off Firefox’s check for updates option, maybe it was causing issues, but to no avail.

It was really frustrating.  A search of the web turned up a million posts about Firefox startup being slow but nothing really useful.  One suggestion to turn off session restores, but I was sure this wasn’t an issue with disk writes, it didn’t seem to be doing anything in the seconds it was taking to start, no churning, not much CPU.

I check my add-ons, and I was only running four.  British dictionary, Xmarks, Web Developer and Adblock Plus.  At which point I had some kind of epiphany, and disabled Adblock plus.  Then I went to bed.  No point in just starting Firefox straight away, it was always pretty quick until some period of time had passed, so I figured being asleep should lull it back into a slow start.

Double clicked the icon this morning and 0.5 seconds before I could start browsing.

I’m pretty sure FF3 was slow and not just FF3.5, but maybe it’s worse with Adblock plus and FF3.5.  Maybe I was doing something wrong with Adblock plus in Firefox, who knows.  All I know is that without ABP it now takes under a second to launch Firefox and with it, over 50.

I’m just pleased it’s all working again and I’ll pay the price by manually ignoring adverts (and just hope Firefox avoids issues when adverts from Evil Sources [tm] attempt to install malware by just viewing the ad).

Moon!

Posted on by

Something about the moon looked really beautiful tonight.  I tried to take some shots but this is exactly the kind of thing the low price camera ranges don’t deal with very well.  They either ended up too saturated or too dark and I couldn’t get a sharp shot.

P1060894

P1060910

Snails!

Posted on by

This is our lawn this morning.  Yesterday was red hot, then it rained overnight at some stage, and the snails came out in force.  This is a tiny selection of the army that was covering our lawn.  Sometimes if we go to the car at night it sounds like we’re walking on eggshells.

IMG_0209 IMG_0207 IMG_0208