Networking

Effect of the McColo shutdown

Submitted by jeremyc on Thu, 2008-11-13 15:44.MAIL

A colleague here at LISA told me yesterday that he had observed approximately a 50% drop in traffic on his E-mail servers. Naturally, this was first a cause for concern, but then he learned about the disconnection of McColo - a major botnet command and control hosting site in Northern California, USA. Their two up-stream ISPs pulled their plugs on Tuesday afternoon. See the story in the Washington Post.

Naturally, I experienced an immediate urge to check $employer's anti-spam system for its observation on the situation.

LinuxFest 2008 Recap.

Submitted by mhalligan on Sat, 2008-05-03 19:04.Mentoring | Networking

IMG_1359

Last weekend we went to LinuxFest NorthWest 2008 in Bellingham, WA. It was a great time, we handed out a bunch of Tee-Shirts, met a lot of good people, and saw some interesting presentations. I even spoke with around half a dozen potential summer interns.

Script to check SSL Cert Expiration via nagios

Submitted by arr on Thu, 2007-11-29 07:50.WWW

Someone on the sage-members mailing list asked about checking SSL expiration dates. We use the following script to check them via nagios (actually, we use a slightly older version that takes hostname and port instead of URL, but this is the next version we plan to roll out). I thought I'd post it here (with the permission of the author, who is no longer at Tufts) for others to use:

#!/usr/local/bin/perl
###########################################################################
#####                                                                     #
#####     check_cert.pl -- check  HTTPS,  IMAPS,  LDAPS or SMTP (with     #


  

Towards a resilient NTP configuration in NTP4

Submitted by doug on Thu, 2007-07-12 06:15.Network | Protocols

NTP 4 introduces some interesting new things that few people seem to know about, are sparsely documented, and are difficult to setup correctly, however they can help with synchronization in the event of total external network failure (even if you don't have a reference time source).

Now, some reference time sources aren't expensive (others are), but sometimes you care more about node-to-node synchronization than you do about absolute time accuracy. One example might be a large computational cluster where, if the network is disconnected from the Internet for a while, or if the primary time source is down, you don't want the individual nodes to drift apart.

tcpdrop

Submitted by jm on Thu, 2007-07-05 15:14.Networking | Networking

A Tool to Drop TCP Sessions for the Solaris OS

Mon, 2006-12-04 15:00

Stable

There are occasions during an administrator's work when it is necessary to forcibly disconnect an established TCP session. However, no easy way exists for an administrator to drop an established TCP session without doing something heavy-handed, such as null routing all traffic from the client, adding an ipfilter rule (which, again, likely blocks more traffic than is strictly necessary), or taking the last resort of killing the associated server-side process.

Ceri Davies ported tcpdrop from the BSD projects, which allows an administrator to easily drop any TCP connection without harmful effects elsewhere.

Asking for Comments: Samba Server Setup Experience Under Fedora Core 6

Submitted by ant on Wed, 2007-05-23 12:43.Applications | Filesystems | Linux | Networking | Windows

Solved -- The box didn't retain my permissiable SELinux environment after a yum update. With a 'sudo setsebool -P samba_enable_home_dirs=1' there was a mighty noise and it started allowing public read-only access to the share.

Someone liked my work (that they help me do) so well, that recently they requested I share the file with everyone on the LAN. I set out to create a publicly readable Samba share for the file. As a user, I issued a 'sudo yum install samba' and soon after started working on the default config file in /etc/samba/smb.conf.

Here's the mix I came up with (which, keep in mind, doesn't work; I could use some help!)

Carnegie Mellon NetReg

Submitted by vitroth on Wed, 2007-03-07 22:18.Configuration Mgmt | DNS | Naming | Networking | Networking

Enterprise class IP Address, DNS & DHCP management system.

Wed, 2002-01-30 22:00

Stable

The Carnegie Mellon NetReg package is a scalable and flexible Web-based system for managing networks. It consolidates information about DNS zones, subnets, machine registrations, and DHCP configuration, and provides tools for easy management. The system exports ISC BIND configuration and zones, and can update them via either static zone files or TSIG signed dynamic DNS updates. It also exports ISC DHCP configurations, and has a SOAP API for integration with other systems.

Anthony Spina blogs on tagging

Submitted by doug on Fri, 2007-02-09 12:39.Naming | Networking

Anthony Spina writes an interesting article on the Splunk blog (here). Using network databases like this can make distributed operations much easier. How do you tag your machines?

Django

Submitted by eadmund on Mon, 2007-01-22 14:08.Applications | Database | Linux | Software Development | Unix | Windows | WWW

Excellent Python web development framework

Fri, 2005-07-15 14:00

Stable

I like to use this to throw together nice web frontends for the PHBs to look at stats & stuff. It's pretty simple to use, interfaces easily to a database--very useful for the sorts of sysadmin-plus stuff I tend to do.

NMAP


Fast enumeration of network services

insecure.org/nmap

Sun, 2007-01-14 10:00

Active

Nmap is a powerful tool for discovering hosts on a network and enumerating what service they are offering. This can be used to find vulnerable systems, to locate rogue services on your network or simply for a first step in troubleshooting.