| View previous topic :: View next topic |
| Author |
Message |
StuR
Joined: 10 May 2007
Posts: 36
Location: Provo, UT
|
 Posted: Thu May 10, 2007 8:52 pm Post subject: |
  |
|
| Dante wrote: |
| Themagician wrote: |
| It seems like it did. I talked to someone on the hosting company earlier and they said they noticed something weird was going on themselves. They were actually about to contact me and another poor soul that's hosting on the same server when I called them. They said they are looking into it and will call me with updates later. Apparently the other guy is not very pleased either. |
Who's the other guy? |
I'm going to take a wild stab in the dark and say... me. Better be. It'd really suck if there were three people having problems.
So, Themagician - you're Bryce, right? Have you figured out what's shaking up your part of the box?
_________________
My parents missed Woodstock, and I've been making up for it since. |
|
| Back to top |
|
 |
Konamouse
Joined: 20 Apr 2007
Posts: 142
Location: Las Vegas
|
| Posted: Thu May 10, 2007 9:35 pm Post subject: |
|
|
| Dante wrote: |
| Who's the other guy? |
Isn't BSeeingU.com on the same server?
_________________
'squeek' |
|
| Back to top |
|
|
Rorschach
Joined: 23 Apr 2007
Posts: 12
Location: Salt Lake City, UT
|
| Posted: Fri May 11, 2007 12:11 am Post subject: |
|
|
| StuR wrote: |
I'm going to take a wild stab in the dark and say... me. |
Not used to seeing other Utards online. How's it going StuR? Is your name for Stu R? or for St. uR? Not trying to be nosy, but kind of a striking coincidence to a little problem we are trying to solve.
_________________
My better half, if you ask me. |
|
| Back to top |
|
|
Themagician
Site Admin
Joined: 07 Jan 2007
Posts: 73
Location: Server room
|
| Posted: Fri May 11, 2007 12:19 am Post subject: |
|
|
| StuR wrote: |
| So, Themagician - you're Bryce, right? Have you figured out what's shaking up your part of the box? |
Yup. I am Bryce. "Another one of our valued clients" I assume?
So I have set up some traces and I was trying to get them to let me run a tcpdump on the box but not having complete root is annoying as hell.
I'd be highly suprised if you can get more out of their support system.
_________________
$ PATH=pretending! /usr/ucb/which sense |
|
| Back to top |
|
|
Unfictionrose
Joined: 22 Apr 2007
Posts: 357
|
| Posted: Fri May 11, 2007 8:50 am Post subject: |
|
|
Welcome StuR. I hope you and the Magician get the server problem resolved. No way either of you should have to pay that ridiculous bill.
Rorschach ( I like that you are only half evil) writes:
| Quote: |
| Not used to seeing other Utards online. |
Is that what people from Utah call each other? I didn't know that.
While you guys are working on the server problem, would you mind helping with a geography problem? Specifically cities between Reno, Nev. and Boise, Idaho... that have lakes and mountains I'm a geography idiot and I'm not sure that Salt Lake fits there. (yes I've skied at Alta and I watched the Olympics so I have a general sense of the Rocky Mountains in Utah) Maybe Provo does?
But I do love Utah, what an extraordinary state.
_________________
Servers aren't part of the collective unconscious. ~HPHack
DC had us give B.A. the finger. I don't think you can get much more explicit than that! ~Y2K |
|
| Back to top |
|
|
Rorschach
Joined: 23 Apr 2007
Posts: 12
Location: Salt Lake City, UT
|
| Posted: Fri May 11, 2007 10:13 am Post subject: |
|
|
| Unfictionrose wrote: |
Is that what people from Utah call each other? I didn't know that.
While you guys are working on the server problem, would you mind helping with a geography problem? Specifically cities between Reno, Nev. and Boise, Idaho... that have lakes and mountains I'm a geography idiot and I'm not sure that Salt Lake fits there. (yes I've skied at Alta and I watched the Olympics so I have a general sense of the Rocky Mountains in Utah) Maybe Provo does?
But I do love Utah, what an extraordinary state. |
I only learned of that term from a friend of mine that lives in Las Vegas, but I like it. Eggnog is correct that SLC is only tangentially between Boise and Reno. If you travel down I-84 till you come to I-15, you go through SLC then to I-80 West through the salt flats and the Salt lake basin, through Wendover, Battle Mountain, Fernley/Fallon, then onto Reno. One lake that isn't SLC just before Reno is Pyramid lake. Utah lake borders Provo to the West, and Sundance Ski resort is in the mountains to the East.
_________________
My better half, if you ask me. |
|
| Back to top |
|
|
Unfictionrose
Joined: 22 Apr 2007
Posts: 357
|
| Posted: Fri May 11, 2007 10:27 am Post subject: |
|
|
Pyramid Lake looks beautiful. Maybe that is the place. I certainly would love to visit.
By the way, StuR, someone pointed out your website to me. I somehow missed lookng at your profile earlier. Nice!
_________________
Servers aren't part of the collective unconscious. ~HPHack
DC had us give B.A. the finger. I don't think you can get much more explicit than that! ~Y2K |
|
| Back to top |
|
|
Themagician
Site Admin
Joined: 07 Jan 2007
Posts: 73
Location: Server room
|
| Posted: Fri May 11, 2007 11:04 am Post subject: |
|
|
| Unfictionrose wrote: |
| By the way, StuR, someone pointed out your website to me. I somehow missed lookng at your profile earlier. Nice! |
LOL. Doesn't he have interesting ideas?
Hey Stu, I actually worked on some of the ideas that were still a concept when I hit the send button. Let me switch to my laptop and I'll show you what I came up with.
_________________
$ PATH=pretending! /usr/ucb/which sense |
|
| Back to top |
|
|
StuR
Joined: 10 May 2007
Posts: 36
Location: Provo, UT
|
| Posted: Fri May 11, 2007 12:02 pm Post subject: |
|
|
| Rorschach wrote: |
| Not used to seeing other Utards online. How's it going StuR? Is your name for Stu R? or for St. uR? Not trying to be nosy, but kind of a striking coincidence to a little problem we are trying to solve. |
Well, let's see. My bologna has a first name, it's S-T-U. My bologna has a second name, it's R-O-N-O-M-I. When I make a sandwich outta my bologna, I get StuR. That's it. Nothing special, magnificent or insightful. Not even close to imaginative. Does that help?
| unfictionrose wrote: |
| While you guys are working on the server problem, would you mind helping with a geography problem? Specifically cities between Reno, Nev. and Boise, Idaho... that have lakes and mountains I'm a geography idiot and I'm not sure that Salt Lake fits there. (yes I've skied at Alta and I watched the Olympics so I have a general sense of the Rocky Mountains in Utah) Maybe Provo does? |
I'm usually not paying attention to scenery when I'm out and about - which is why "Utard" applies well. I know the Vegas side of Utah is more fun than the part up here around Provo, and then there's some salt piles, deserts, ski resorts, and some Mormons spread about the state. But specifics between Reno and Boise? Yeah, none that I can think of. Glad you like my website, though, even if I can't help you with the lay of the land.
What ideas are you talking about, Bryce? Let me know what you think you're working on so I don't waste my time hammering on the same nail.
_________________
My parents missed Woodstock, and I've been making up for it since. |
|
| Back to top |
|
|
Occultus
Joined: 28 Apr 2007
Posts: 56
Location: UK
|
| Posted: Fri May 11, 2007 1:00 pm Post subject: |
|
|
My thoughts on the problem were that either your server was being used to share something illicit, or maybe the Sentry Outpost was a DDoS victim.
After reading StuR's blog and his mention of going after bot-herders - the DDoS is looking more likely. Maybe one of the herders has pointed his network in this direction and Sentry Outpost is getting hit in the cross-fire rather than being the main target.
Maybe that's something to look into. |
|
| Back to top |
|
|
Themagician
Site Admin
Joined: 07 Jan 2007
Posts: 73
Location: Server room
|
| Posted: Fri May 11, 2007 3:03 pm Post subject: |
|
|
| StuR wrote: |
| What ideas are you talking about, Bryce? Let me know what you think you're working on so I don't waste my time hammering on the same nail. |
Well here's the deal: Without root I can't put the nic on the server on promisc mode. But I bet the hosting provider is now also looking. Which means there is a network card out there, broadcasting on promisc mode. I bet I can find it, then use that to setup my sniffer, and get towards the bottom of this.
I had some other ideas which are still on my whiteboard. So I'll start with that one for now and move forward.
_________________
$ PATH=pretending! /usr/ucb/which sense |
|
| Back to top |
|
|
Themagician
Site Admin
Joined: 07 Jan 2007
Posts: 73
Location: Server room
|
| Posted: Fri May 11, 2007 4:05 pm Post subject: |
|
|
Um...I'm not a genius but...
I just stumbled upon something. I don't remember putting it there nor does it seem to be anything that belongs.
From top, a process screamer.c seems to be listening on 5217.
WTF???
_________________
$ PATH=pretending! /usr/ucb/which sense |
|
| Back to top |
|
|
StuR
Joined: 10 May 2007
Posts: 36
Location: Provo, UT
|
| Posted: Fri May 11, 2007 4:09 pm Post subject: |
|
|
| Themagician wrote: |
Um...I'm not a genius but...
I just stumbled upon something. I don't remember putting it there nor does it seem to be anything that belongs.
From top, a process screamer.c seems to be listening on 5217.
WTF??? |
No one ever said you were, dude.
Checked top on my machine. I don't have any screamer.c running, but I've got a live one named boil.c ticking along. I don't know what port it's on though - can you got a lead on it?
_________________
My parents missed Woodstock, and I've been making up for it since. |
|
| Back to top |
|
|
Y2Kveteran
Joined: 11 Jan 2007
Posts: 105
Location: Boulder, CO
|
| Posted: Fri May 11, 2007 4:14 pm Post subject: |
|
|
| Themagician wrote: |
Um...I'm not a genius but...
From top, a process screamer.c seems to be listening on 5217.
|
Strange. Definitely the signs of an intrusion though. Does grep find that file for you, Bryce, or is that some kind of sandbox file from the server end? Otherwise, safe to assume now that the server didn't just "crash".
Edit: is the gobblygook more Arabic?
Art
_________________
----
Art Lydney
Security Consultant
"The price of freedom is eternal vigilance."
-- Thomas Jefferson |
|
| Back to top |
|
|
Sidtheduck
Site Admin
Joined: 07 May 2007
Posts: 239
Location: Seattle, WA
|
| Posted: Fri May 11, 2007 4:21 pm Post subject: |
|
|
| Y2Kveteran wrote: |
| Edit: is the gobblygook more Arabic? |
What is this "gobblygook" you speak of? (besides all the tech-speak goings on  )
_________________
If MUDs had reality altering powers we'd be tits deep in elves by now.
~Exu |
|
| Back to top |
|
|
|
