Blog

Archive for March, 2015

Cisco Router Secuirty

Cisco Routers are cool but i have been finding a few issues with DDOS attacks of late. Mainly DNS and NTP.

DNS DDOS

access-list 153 remark Block DOS DNS
access-list 153 permit ip host 202.62.147.50 any – Replace this with the DNS server your using
access-list 153 deny tcp any any eq domain
access-list 153 deny udp any any eq domain
access-list 153 permit ip any any

Then add

!
interface Dialer0 – your dialer interface
ip access-group 153 in

 

NTP DDOS

 

! Core NTP configuration
ntp update-calendar             ! update hardware clock (certain hardware only, i.e. 6509s)
ntp server 192.0.2.1            ! a time server you sync with
ntp peer   192.0.2.2            ! a time server you sync with and allow to sync to you
ntp source Loopback0            ! we recommend using a loopback interface for sending NTP messages if possible
!
! NTP access control
ntp access-group query-only 1   ! deny all NTP control queries
ntp access-group serve 1        ! deny all NTP time and control queries by default
ntp access-group peer 10        ! permit time sync to configured peer(s)/server(s) only
ntp access-group serve-only 20  ! permit NTP time sync requests from a select set of clients
!
! access control lists (ACLs)
access-list 1 remark utility ACL to block everything
access-list 1 deny any
!
access-list 10 remark NTP peers/servers we sync to/with
access-list 10 permit 192.0.2.1
access-list 10 permit 192.0.2.2
access-list 10 deny any
!
access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any

Taken from http://www.team-cymru.org/secure-ntp-template.html


                            

Posted in: Blog, Technical

Leave a Comment (0) →

Xenserver tapdisk experienced an error

Hi After upgrading a few of our Xenservers to 6.5 i moved a few hard drives from some troublesome servers. I found that after they were remounted i would get a error saying “tapdisk experienced an error” after a bit of digging around in the logs i found Server_helpers.exec exception_handler: Got exception SR_BACKEND_FAILURE_449: [ ; tapdisk experienced an error [opterr=No medium found]; ]

I checked the VDI’s and i could access them via a live CD i mount in the VM. After i rebooted and ejected the CD i found the VM would now boot. I try the same thing on the 2 other servers that would boot and now they are all happy. It seems that when you create a VM for the first time it needs to boot from the CD drive at least once to fix this error.

 

Hopefully this saves some one some time i spent a few hours on this and couldn’t find any real useful info on it.

 

Posted in: Blog, Technical

Leave a Comment (4) →

Xenserver Import XVA from Network Share

I was updating our servers to Xenserver 6.5 the other night and i was trying to work out the fastest way of importing some machines i exported. And it seems that xe vm-import is the way to do it.

 

1) do a xe sr-list and note the UUID of the SR you wish to import the VM in to.

2) Make a mount point your goint to mount to mkdir /tmp/cifsmount

3) mount –t cifs //<IP or FQDN of target machine>/share /tmp/cifsmount –o username=user,password=<password>

4) Check you did it right with a ls /tmp/cifsmount

You should see something with the file name you want to import.

[root@xenserver5 ~]# ls /tmp/cifmount
New Text Document.txt SL-MEL-RMM.xva

5) then start the import like so

xe vm-import filename=/tmp/cifmount/SL-MEL-RMM.xva sr-uuid=
da491968-b6c2-00fa-1e8c-84e48f4d6114 

This was using 450mbps of the NIC when i check it. 

This imported a 43.7 GB files in 14:20

 

Posted in: Blog, Technical

Leave a Comment (0) →