>>>XCSSA-HOME > Archives > 2002-11-16 Meeting Minutes



                Xotic Computer Systems of San Antonio
                 \_____\________\__________\___\______X
                        \________\__________\___\_____C
                                  \__________\___\____S
                                              \___\___S
                                                   \__A
 
                            http://xcssa.org
 

        October 16, 2000 XCCSA meeting notes

Hello all!

Sorry it took me so long to get these minutes out for the October
meeting.  A lot of people were asking about getting a copy of them since
it was such a great and informative meeting.

Kudos to Daniel Villarreal for taking such good notes!

We started out by introducing ourselves to new people to the group.  We
had a good sized turn out (~12-13 or so) with a lot of people coming
over form the SATLUG (http://satlug.org/) group!


Networking, Ping and Traceroute:
--------------------------------
The networking presentations were to be done by a guest speaker, but
they had to cancel so Tom Weeks covered them for us.  We first went over
ping and traceroute, and reasons for using these tools.  We also touched
on nslookup and whois.  to use whois to find out who owns a domain name
(this is from the Linux/UN*X command line) you use:

        # whois domainname.com@whois.geektools.com

and this will show you who owns a given domain name or IP address.
This is very useful for troubleshooting internet networking issues and
contacting the owners of other networks. 

Also discussed was the use of the host command for getting DNS zone
transfer dumps to see all servers in a particular domain's name space. 
For example, to get a zone transfer/dump of satx.rr.com, just do a:

        # host -a -l -t any satx.rr.com > satx.rr.com.txt

and it will stick RoadRunner of San Antonio's entire domain listing (all
FQDNs) in the text file satx.rr.com.txt.

For more information, please see man pages for the host command.


Tom then got more into traceroute, and how to use it to diagnose network
congestion, bottle necks, latency problems, and the like.  Used in
conjunction with the whois tools, you can even contact backbone
providers and tell them where you thinking that their problems are, and
show them the traceroute data to prove it.  Also, we went over various
information resources for visual traceroute tools and even had a few
handouts on related networking material.

VisualRoute(For UN*X):
        http://www.visualroute.com/ (free download!)
        http://visualroute1.datametrics.com/ (online demo!!)
        http://visualroute.datametrics.com/ (in the US)

Neotrace, for visual traceroutes(for Win)
        http://www.neoworx.com/products/neotrace/default.asp

Ping Plotter(for Win):
        http://www.pingplotter.com/features.html

Tom's Network Tools...
        http://www.sdsc.edu/~hutton/Tools.html

Daryl's TCP/IP Primer ...
        http://ipprimer.windsorcs.com/section.cfm



Other Useful Links:
-------------------

The One Page Linux Manual  ...
        http://www.powerup.com.au/~squadron/

Pinging can be used to track the behavior of a site and diagnose
problems with not only connectivity (latency, packet loss), but it can
be used to check WHEN a site is available by sending a steady stream of
pings. Tom discussed the -f and -s switches --be very careful with
this!--.  Then, while Tom was out getting the Pizza, someone else
briefly discussed BGP (Border Gateway Protocol) and CIDR (Classless
Inter-Domain Routing, 

        http://madhaus.utcs.utoronto.ca/gated/config_guide/bgp_stmt.html
        http://www.freesoft.org/CIE/Topics/25.htm



Road Runner Tricks:
-------------------
Then, with regards to using Linux with the Road Runner and other DHCP
based network access methods;  Tom also reviewed a way to lockdown the
/etc/resolv.conf file so that not even the system can modify it when
your ISP tries to force your DHCP IP address and change where your
machine resolves DNS from.  I don't want them tracking MY DNS queries...
Do You?!  To fix your resolv.conf from being changed... you set
immutable bit on the file:

        # chattr +i /etc/resolv.conf

or to undo the fix:

        # chattr -r /etc/resolv.conf

Plus, by running a simple OTS firewall in a box, or making your own, you
can host as many computers on your single IP as you want.  All it takes
is a $100 firewall, and a small hub. :)


Tangents:
---------
Also thrown out were some semi-related tricks and tips:

To check for signs of a hacker on your system (as root):

        # lsattr /etc | grep ".*-i-.*" 
        # lsattr /bin | grep ".*-i-.*" 
        # lsattr /sbin | grep ".*-i-.*" 
        # lsattr -R /usr/ | grep ".*-i-.*" 

Which looks for ext2 file system "immutable bits" set on files in your
system.  You should get no files returned.  If you see something like
this:

        ----i--- /bin/ls
        ----i--- /bin/ps
        ----i--- /bin/login        
        ----i--- /sbin/ifconfig   

or the lsattr binary (a part of the RPM e2fsprogs) comes up missing,
then you may have been compromised.

We also covered other ways for checking for signs of an intruder.



Internet Domain Ownership & Registration:
-----------------------------------------
For doing domain name registration checks (who owns what names), you use
use nslookup and whois to see who owns a given domain name.  You can
either do this via the command line, or via a site like:

        http://www.webmagic.com/whois/index.html
or
        http://whois.geektools.com/cgi-bin/proxy.cgi

This allows you to track the owner of either a given domain name, or
sometimes even who owns an IP address!

If you want to register you own domain name, just go our to either:

        http://networksolutions.com/
or
        http://register.com/

and you can reserved you OWN domain name!



The Next Box Demonstration:
---------------------------
Between a couple of the networking presentations, Charles Peterson gave
a real live demo of his new (to him) Next-station (very nice).

Here is some more info on these cool little super-stations:

        http://www.non.com/news.answers/NeXT-FAQ.html
        http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=500991929
        
The system uses the Motorola 68040, sports dual AT&T (or TI ?) DSP's,
and does all OS GUI screen graphics using postscript (?!?!)! hehe..

These systems originally started for around $5,000 back in the late 80's
to early 90's; but can now be found on eBay for ~$100US!



PIZZA-n-COKE!
-------------
Of course, we had excellent pizza! 


Check the web site for details on the next group meeting:

        http://xcssa.org/
        

Hope to see ya there!


                                Tom Weeks
                    Xotic Computer Systems of San Antonio
              
                            http://xcssa.org/