On Sat, 26 Apr 2008, Nico Kadel-Garcia wrote:
> Boyd Lynn Gerber wrote:
> > It is really annoying. The attacks on http are coming from various
> > linux browser/machines. Why are some linux zealots so... Some of us
> > try to provide support for all Linux/UNIX OS's. To attack us because
> > we support/assist others with SCO is really bad.

It is was coming from some of the same IP's that broke into my systems a
few years ago. I do not know if it is the same ones or not, because they
trashed 3 systems. They over wrote 650-750 GB with "DIE SCO DIE SCO DIE
SCO..."

> > It would be a lot easier to block and then allow IP addresses if SCO
> > had iptables for the OpenServer OS's. I use LKP for UnixWare 7.1.4.
> > Sadly, I maybe forced to stop access to my machines for the few people
> > that still keep their Open Source Packages on SCO OS's up to date,
> > because, they can not connect from the same IP addresses and these
> > attacks are effecting them as well. I guess the Linux Zealots are
> > winning because they are achiving what they want. Stopping people
> > from accessing anything SCO. It has been extremely difficult to work
> > over the internet because all my bandwidth is being exhausted by these
> > attacks.
>
> Can you put up a Squid proxy in front of your website, on a Linux box or
> other contemporary OS? I'd be happy to provide assistance in setting up
> such an instance. I've also been successfully using VMware to run
> OpenServer, and you could run the SCO OS in virtualization on a CentOS
> or RHEL host very easily.

I do have proxies for some things. My OS is openSUSE 10.3 for
virtualization. I also have a private Build Service. I am just upgrading
it to 0.9.1 released today.

> And this is NOT, NOT, NOT! typical of Linux zealots.

It is from what I have seen. I just finished moving my 900 GB ftp archive
to my OpenSUSE 10.3 box. My setup is as follows. 6 systems with various
Linux Distro's one each for development. 8 virtual Systems (OpenSUSE
factory, OpenServer 5.0.7, OpenServer 6, UnixWare 7.1.3, UnixWare 7.1.4,
FreeDBD, NetBSD, Test Linux Distro). 3 machines one for each SCO OS.
SlackWare, Fedora, CentOS, one of each of the Ubuntu, and 4 other linux
distro's. So yes I am already running things virtual-lized. I have my
own OpenSUSE BS. The are looing at changing the name. I do maintain a
few Open Source Software packages for Linux. I am a very active member of
the OpenSUSE community. So yes, I do know a bit about linux. I have been
using it since Linus first released it.

> > I understand why people post but that one post has caused me a ton of
> > greef. It some of the bad apples from the Linux Community would realize
> > they are doing more harm than good. What they are doing is showing how a
> > small minority really need to grow up and get a life.
> >
> > I know this probably will not stop, the attacks but I really needed to
> > vent. I have support Linux since it's very first internet/usenet release.
> > So what these idiots are doing is showing the people that get things from
> > my sites for linux as well are being hindered. When I explain to the
> > people emailing me that it is coming from their own communitity, they are
> > really assamed. I am too. I really dislike any group that does not have
> > tolerence for others and their choices.
>
> No problem. From the attack, it sounds like script kiddies. Can we be of
> further assistance in tracking the weasels? Do you have useful logs we can
> peruse for IP addresses near us, to help track the attacks back?

It is much more. They are using all bandwidth. It is crafted in such a
way allow just enough to flood and keep my bandwith tied up. Saddly, I
have had to suspend service to somethings at the momment. I have a lot of
it automated. Moving most things to where I have iptables has allowed
this, but the few people that use my machines for various Open Source
Software are getting really upset. My bandwidth is really being taken.
I have been forced to only allow 3 connections attempts per IP address per
minute for ftp. SSH access to my machines is only via ssh keys. I do not
allow any password logins. On the OS's that have IP tables, I use the
following where ethX is the externel interface.

iptables -A INPUT -p tcp --syn --dport 22 -i ethX -m recent --name
sshattack --set
iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 3 -j LOG --log-prefix 'SSH attack: '
iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 3 -j DROP

The above seems to get the script kiddies. It is interesting how they are
adapting their attack on my systems, based on my defenses and changing of
them.

If you look at my DNS records you can get an idea of what OS's are on what
IP address. Some machines are not available to the internet although I do
own the entire class C 198.60.105.0. I did have 2 other class C networks
but I allowed Xmission to take over them. I had at one time 3 class C
networks with OS's on each IP available to be used over the internet for
free. I now limit who has access for free.

I have 250 HD's with various OS's and versions that I switch in to support
the many UNIX and Linux OS's. I have online for use by request and
meeting certain standards.

So for final listing of what I have available. is as follows

2 BSDs (Virtualized)
6 Linux Distro's latest a machine each.
6 SCO machines with 2 each of OpenServer 6, OpenServer 5.0.7, UnixWare
7.1.4 (3 are virtualized)
4 other UNIXs

Virtualized OS's based on my customer needs. Saddly 3 MS machines with
no direct internet access from the outside all Natted. I keep 8-20
machine running daily for various development needs. Some machines
varry based on what people/customer needs/request for usuage.

You may say I am a big proponent of Open Source Software and it's usage.
I do have some of the users of the various OS's monitoring things. That
is why our current Black list is 8000 IP addresses, with dynamic IP's
being added/removed per Iptables where possible. I wish I had IP tables
for OpenServer 5.0.7 and OpenServer 6. I have not been able to get LKP to
work on OpenServer 6. I just do not have all the peices. I do host lxrun
ftp download. I just have not been able to get it to work with ipf to try
and simulate iptables. I really wish SCO would release LKP for OpenServer
6. Then this really would not be as big as an issue.

I just had to let off steam from the last 3 days of round the clock moving
tunning things.

Thanks,


--
Boyd Gerber <gerberb@zenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047