Blinking Lights. On the way out the door this morning I noticed the receive LED on my Road Runner cable modem blinking at a pretty fast rate - maybe two times a second. Usually, when we aren't on the 'net, the light blinks only occasionally as some script kiddy does a scan. But this morning, it was positively lit up. I don't know for sure what or who was banging on the door but I decided to power down the router to create an even bigger black hole for them to fall in to. I'll bring it back up when I get home.
For my next project, for my firewall, I may try to install PortSentry for logging of intrusion attempts. CoyoteLinux has a logging capability, which I need to take a look at first. But if that doesn't work that well, I'll try PortSentry. Unfortunately, I don't have a lot of time to fool around with it so this may have to stay on the back burner for awhile.
On the home front. The carpenters are scheduled to start work on replacing the main support beam in our living room ceiling today. As you may remember, this is the one that the ground termites had breakfast, lunch, and dinner on.
The workers will also have to open the ceiling to see if the termites had branched out to the joists that the beam supported. I'm crossing my fingers but, as usual, if I didn't have bad luck, I wouldn't have any luck at all. So I've resigned myself, when I get home, to seeing the ceiling completely torn up and the carpenters smiling as the add up the cost of replacing everything.
Speaking of after work. I have my semi-annual dentist appointment this afternoon. It usually isn't that bad a thing, although I can think of less painful trials to go through (a sharp stick to the eye comes to mind). So I will be a very good mood when I get home <G>.
I hope your Monday is better than mine is looking to be...
Aloha!
Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday
Tuesday - 07 August 2001
Deadline? What Deadline? Who said Microsoft was the only one to push back release dates? KDE has, once again, delayed the introduction of KDE 2.2. As you may remember, they said by the end of July. Then 6 August. Well, both came and went and no release. If you believe anything they say at this point, the real, final, cross our fingers we mean it this time don't cross that line in the sand release date is 13 August.
Speaking of Late. The latest version (0.9.13) of the Mozilla browser was released last week (see it here). Don't even get me started on this one. Years late, I say. Years late, full of bugs, lacking in features and direction.
What's the point guys? I used to be full of hope about this one since it could have been a contender to MSIE. And having a choice is what it's all about. But at this point, maybe they should just let it die a dignified death because it's no longer relevant. Others, like Opera have taken up the torch. The King is dead. Long live the King.
Topless. Well, the carpenters took off about a quarter of the roof in our living room yesterday. They are hunting the elusive ground termite and trying to identify all its hiding places. So our house is a mess and a cousin of SWMBO is coming in from San Diego to visit for a week starting on Saturday. It will be a race to see if the carpenters will finish before then. Personally, I don't think they'll be done but we will see.
Benny and the Mets. Benny Agbayani, out-fielder for the New York Mets, and Son of Hawai'i, has had a hard time of it lately. What with being put on waivers and not knowing if he was to stay with the Mets or get traded to either the San Diego Padres or the San Francisco Giants. The latest word this morning (HST) is that he will stay with New York after all. One wonders what power plays are going on over there.
Blinking Lights II. I guess I'm not the only to have their cable modem bombarded with scans from the Code Red II worm. What is interesting is that when I turn off the Linux-based router/firewall, the scans stop. And as soon as I hit the power button on the router, the scans start again. Strange. Especially since the router is not even booted yet and the inbound lights on the cable modem start blinking. What the heck is going on? Feel free to send those cards and letters in because I'm stumped.
Aloha! (and thanks Don Armstrong)
Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday
Hump Day Wednesday - 08 August 2001
Blinking Lights III. Remember all those people, just a week ago, saying the Code Red worm was dead and that anyone who said otherwise was being hysterical? Well, my service provider, Oceanic Cable/Road Runner, issued an email yesterday warning of imminent and/or ongoing delays caused by this worm and its variations. Affected are all forms of access, including but not limited to, email and web surfing. Imagine what might happen when all of the hundreds of thousands of infected systems, on the same day and time, begin transmitting.
Oceanic Cable is scanning its networks (don't ask me how they do this) for servers that may have been affected. On Monday, they found six and contacted, by phone, the admins. for these servers. They will continue scanning as an effort to ensure no infections. I am happy to see some people are taking this seriously and taking proactive action, rather than sticking their heads in the sand.
Oh, the main symptom of the worm scans on the Road Runner network? Cable modem receive data (RD) lights blinking during periods of inactivity.
Speaking of Insects. The continuing saga of the fight against ground termites, ummm, continues. Our living room is now cut off from the hallway which is in turn cut off from our kitchen. Why? Because they've installed plastic sheeting from floor to ceiling to try to keep the dust and debris from spreading to the rest of the house while repairs are underway. While this does make for a cleaner house, it also makes it very difficult to live there.
For now, we will be eating out because the kitchen is too hard to reach. I still don't know what we are going to do with SWMBO's cousin, the cousin's boyfriend, and the cousin's son from a previous marriage, arrive from San Diego on Saturday. Sigh. Bother. Piffle. Dat's why hard, brah.
Aloha!
Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday
Thursday - 09 August 2001
The Builders from Hell. Well, it's not that bad but right now it almost falls to that level. When I got home yesterday we found the carpenters had put up more plastic sheeting. This time, they blocked off the hallway. The problem with this is that it cuts off access to half of the house. The half that has the kitchen and living room.
Even that would have been okay had they removed the termite eaten beam. But. They didn't. As far as I can see, all they did was put up the plastic and lay some plastic on the floor. And that's it.
Code Red Tidbits. You are probably bored out of your gourd by this stuff but bear with me for just a second. First, according to the Sans Institute, be aware that the operating systems affected include not only NT and Windows 2000, but also Windows XP. Yes, XP is still in beta. Yes, you are not supposed to run servers, in an operating environment, on beta software. But there you are.
And secondly, it is possible that IIS could be installed and running on your system without you knowing it (since it gets installed by some other software, don't ask me which). So, right now, I want all of you to get up out of your chairs. I want you to get up right now and go to Windows, open it, and stick your head out, and yell, 'I'm as mad as hell, and I'm not going to take this anymore!' Ooops. Sorry. Got carried away.
At the Windows desktop, press ctrl-alt-del to bring up the Task List. Choose the Processes tab and look for inetinfo.exe. This is the IIS executable. If it's there, and you need to keep running it, download the patch NOW from Microsoft and install that sucker. Otherwise, kill it, patch it, and figure out how it's initializing (I assume you know how to do this. If not, email me).
Finally, for now anyway. ARP floods, which have the effect of a Denial of Service attack, are being reported as a result of the worm scanning. One reporter has claimed to have logged 1,000 requests in a three second interval. Especially vulnerable to these floods are DSL and cable modem systems. Sans has a link to some advice for ISPs on how to set some filters in your Cisco routers which can stop this (see the link here).
Finally Number II. As of 7 August, the total number of unique IP addresses scanning (and therefore, by inference, probably infected) is 684,990. That's six hundred eighty-four thousand nine-hundred and ninety. Will we survive this? Yes, but at what cost - now, and in the future? As I've said before, I'm not optimistic.
Finally Number III. For you Zone Alarm users, there is an update. It's 2.76MB. Get it from C|Net here.
Alert One, Alert One, Action Message Follows
EVEN IF YOU PATCH IIS, your server is still vulnerable to CodeRed if you have enabled URL redirection. See the post here. Sheesh. Did I mention lately that I'm not optimistic. Note also that Sans is now at Info Con Orange (the highest peacetime level), one step below Condition Red.
Aloha!
Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday
Aloha Friday - 10 August 2001
It's Friday!
One Step Forward. Two steps back. The carpenters surprised me yesterday by actually doing some work. They removed the termite eaten main support beam in our living room. They weren't scheduled to do that until today. Unfortunately, they found additional infestations of termites so they will now have to open up one of the walls to see how much has been eaten. Sigh.
Two Steps Forward. The Sans Institute lowered their threat level indicator from Orange (level III of IV) to Yellow (level II). This reflects either the successful efforts to patch, filter, or the fact that most servers that could be infected, have been.
I also noticed the RD light on my Road Runner cable modem is not blinking as fast as it was a day or two ago so I guess things may be settling down.
Three Steps Forward. You may notice the look of this page appears a little different then it was yesterday. That's because I've been playing with the Cascading Style Sheet. I don't know if I'm going to leave it as is but all comments are welcome.
Have a Great Weekend Everyone - Aloha!
© 2001 Daniel K. Seto. All rights reserved.