SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Wednesday, October 5

05-Oct-2005

SOAP (continued)
(Last day's review)
Missed some updates - nevertheless, could do some more on the project (which is on VMS as well, though on a different location) . Specified aURL to the "counterpart" to see if it works - basically.
It does.
Had some feedback, and could run all tests. again, and build the code - at least, almost everything. Next, since WSDL was present, created the webservices with skeleton again (as did at DIANA), but weird things happened.
(Current state)
Pushed the matter on ITRC - it came up with another blabla article that however proved the point: The track is right. Tried to build the application but no messages, and no resulting classes....
Tried to do the same on Diana, with a WSDL, it gave me the same files, but named all lowercase. Tried building it and it fails where on the project, no message was delivered:


/ApplicatieGegevens.java:11:
package com.microsoft.wsdl.types does not exist

private com.microsoft.wsdl.types.Guid parentLoggingID;

^


This is weird: com.microsoft.wsdl ???
I can imagine something's wrong, when on a VMS box!

So it might be that WSDL2Java has been executed against the wrong (.NET) WSDL? It explains the lowercase names, probably. Check against the project, some way....

(To be continued)

PC Trouble
Kim phoned -a friend said a Word document she received from Kim should contain a VIRUS. Well, Hotmail.com said so. Given the standard procedures not likely, nevertheless she scanned Hera and found no infections (to be expected with the rigorous update scheme) except for a number of questionable issues - malware and adware probably - and she had them removed.
(AV files have been updated yesterday evening, and she'd been busy yesterday morning. Infection is hardly possible since no mail is enetered directly on the machine, or it would be brought in by MSN)
Anyway, Hera is clean.
Scanned Aphrodite as well, no infections found.
Outlook troubles
Want to reach the company mailbox, set up Outlook but it seems there is a max of 3 internet services??? So added another profile for that account, and have Outlook ask for the profile.
NO WAY. No chnage in Outlook, it comes uop with the default settings as has been for years. The new profile is shown, but NEVER activated....Repaired - we'll see after reboot....
And for the rest:
CommunigatePro is working fine, the problem is that locally IO can only be accessed by address, since the webmail subdomain cannot be accessed from the intranet. http://io:8100 doesn't work either:



Will add " webmail" (without domain) as an alias to the nromal domain - for internal use.

Security issues:
No FTP break-in attempts since last one.
Spam attempts in October, as seen in consolidated log (it might be an idea to publish it on a daily basis, thinking of that):

1-OCT-2005 06:52:57.62 CLNTINRBL 12.219.254.126
2-OCT-2005 05:35:19.03 CLNTINRBL 213.98.39.93
2-OCT-2005 06:13:25.31 NOSPAMRLY 222.101.92.49 gjwns_44@daum.net
3-OCT-2005 03:28:17.09 CLNTINRBL 200.78.121.253
3-OCT-2005 12:08:19.03 BADMF whittledo@yahoo.com
3-OCT-2005 17:08:12.46 CLNTINRBL 83.17.58.19
3-OCT-2005 19:55:48.84 NOSPAMRLY 217.149.193.37 new_openrelay_test@internl.net

Ok, that's one I can understand - it's my ISP checking the mail server to be closed for relaying

3-OCT-2005 21:08:22.69 NOSPAMRLY 222.101.92.79 gjwns_44@daum.net
4-OCT-2005 15:22:02.55 NOSPAMRLY 222.156.4.147 sogiant.service@msa.hinet.net
4-OCT-2005 19:20:41.45 CLNTINRBL 202.86.205.3
4-OCT-2005 22:30:00.15 NOSPAMRLY 222.101.92.249 gjwns_44@daum.net

Some explanation:
CLNTINRBL: Client In RBL: This address is found in one of the references RBL's. An obvious one.
BADMF: Banned Domain Found: Client is found to be in a domain that is locally banned. I banned part of Yahoo except for some known senders because I have had very bad SPAM experieneces coming from YAHOO.
NOSPAMRLT: No SPAM Relay : the first (IP address) mentioned tries to relay to the second one. So the first one is the spammer. It's fun ti track them down:

$ dig -x 222.101.92.249
; <<>> DiG 9.2.1 <<>> -x 222.101.92.249
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45411
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;249.92.101.222.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
92.101.222.in-addr.arpa. 10800 IN SOA rev1.kornet.net. domain.rev1.kornet.net. 2001040300 43200 3600 604800 43200
;; Query time: 702 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Wed Oct 5 21:39:44 2005
;; MSG SIZE rcvd: 103

Who owns kornet.net:

$ whois kornet.net
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registeredwith many different competing registrars. Go to http://www.internic.net/for detailed information.


Domain Name: KORNET.NET
Registrar: INAMES CO., LTD.
Whois Server: whois.inames.co.kr
Referral URL: http://www.inames.co.kr
Name Server: NS.KORNET.NET
Name Server: NS2.KORNET.NET
Status: ACTIVE
Updated Date: 24-apr-2005
Creation Date: 08-jul-1998
Expiration Date: 07-jul-2008

www.kornet.net is a korean site - with an English entry. They lease lines, to Internet cafes, it seems.

I don't think it will have a chance to contact them for blocking these relay attempts.

posted by SYSMGR @ 11:45 PM 

0 Comments:

Post a Comment

<< Home