SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Thursday, January 19

19-Jan-2006

Creating a VAMP
will be a future project after I finished the small introductory course at HP's leaning center - I'm halfway actualy: V(ms) and A(pache) already installed, up and running, where M(ySQL) and P(HP) are installed but not yet enabled. That will be, in a not so far away future.
Seti-BOINC
is stalled for the moment, I'm currently looking into required extra packages and builing these
Security
Just mail, two more blacklisted sites. tried to dump their message. One 17-Jan-2006 trying every 4-5 minutes or so, with some other ones in between - in total 73 messages, and one on 19-Jan-2006, once every 6-7 minutes, and there were about 24 of them. Besides a few others of course, blocked by their domains, and one that shows up almost every day.

17-JAN-2006 01:38:45.46 CLNTINRBL 211.211.65.123
...
17-JAN-2006 01:40:18.49 CLNTINRBL 211.211.65.123
17-JAN-2006 01:40:19.82 BADMF gore.sierra1ne0@gmail.com
17-JAN-2006 01:40:22.31 CLNTINRBL 211.211.65.123
...
17-JAN-2006 01:40:26.91 CLNTINRBL 211.211.65.123
17-JAN-2006 01:40:29.98 BADMF maccarrick.arkell9o3@gmail.com
17-JAN-2006 01:40:31.72 CLNTINRBL 211.211.65.123
...
17-JAN-2006 01:43:58.32 CLNTINRBL 211.211.65.123
18-JAN-2006 00:18:09.21 CLNTINRBL 69.175.36.149
18-JAN-2006 01:43:10.18 CLNTINRBL 218.17.251.185
18-JAN-2006 02:57:14.69 CLNTINRBL 66.67.189.166
18-JAN-2006 07:15:28.04 CLNTINRBL 70.115.182.153
19-JAN-2006 00:34:55.63 NOSPAMRLY 125.188.61.77 gjwns_22@daum.net
19-JAN-2006 01:33:53.79 CLNTINRBL 201.155.115.55
...
19-JAN-2006 01:41:16.97 CLNTINRBL 201.155.115.55
19-JAN-2006 02:07:42.49 CLNTINRBL 125.192.110.24
19-JAN-2006 15:58:09.77 BADMF philip@yahoo.com
19-JAN-2006 15:58:20.71 BADMF philip@yahoo.com
19-JAN-2006 15:58:30.93 BADMF philip@yahoo.com
19-JAN-2006 18:15:35.29 CLNTINRBL 62.159.137.36
19-JAN-2006 23:50:28.39 NOSPAMRLY 125.188.61.77 gjwns_44@daum.net

The first big one is from Korea:

IPv4 Address : 211.211.64.0-211.211.65.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Connect Date : 20010502
Registration Date : 20041014
Publishes : Y
[ Organization Information ]
Organization ID : ORG3930
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail address : 17-7 Asia One Bldg.
Zip Code : 150-874

and the second one seems Mexican:

inetnum: 201.152/14
status: reallocated
owner: Uninet S.A. de C.V.
ownerid: MX-USCV4-LACNIC
responsible: Arturo Zaldivar Mendez
address: Periferico Sur, 3190,
address: 01900 - Ciudad de México - DF
country: MX
phone: +52 5 54907049 []
owner-c: DCA
tech-c: SRU
inetrev: 201.152/16


(What would happen if I would allow the well known relay-attempt of 125.188.61.77 to gjwns_44@daum.net, just for once? Would that open a flood of messages, or break0in attempts from that address?)

Charon to be re-installed
at least - for some time. I have to set up a VPN, tried that before but for some reason, it did not succeed. Cerberus doesn't show blocked connections and that router is actually too small to handle our requiremenst: there is too little space for allowed traffic to be configured, and not showing blocked traffic is something I would like to see.
I'm also looking for ways to automate forensic research even more so lists as above might be generated automaticly from the logs....

0 Comments:

Post a Comment

<< Home