Call Volume Issues
Due to unprecedented and unforeseen congestion being experienced across carrier voice networks throughout Australia, many networks are experiencing unexpected congestion which is resulting in some Outbound and Inbound calls failing. We are load balancing outbound calls to different carriers. If your having issues please email support@screwlooseit.com.au and we move your outbound call routes to different providers.
Close

Blog

Archive for March, 2015

Cisco Router Secuirty

Cisco Routers are cool but i have been finding a few issues with DDOS attacks of late. Mainly DNS and NTP.

DNS DDOS

access-list 153 remark Block DOS DNS
access-list 153 permit ip host 202.62.147.50 any – Replace this with the DNS server your using
access-list 153 deny tcp any any eq domain
access-list 153 deny udp any any eq domain
access-list 153 permit ip any any

Then add

!
interface Dialer0 – your dialer interface
ip access-group 153 in

 

NTP DDOS

 

! Core NTP configuration
ntp update-calendar             ! update hardware clock (certain hardware only, i.e. 6509s)
ntp server 192.0.2.1            ! a time server you sync with
ntp peer   192.0.2.2            ! a time server you sync with and allow to sync to you
ntp source Loopback0            ! we recommend using a loopback interface for sending NTP messages if possible
!
! NTP access control
ntp access-group query-only 1   ! deny all NTP control queries
ntp access-group serve 1        ! deny all NTP time and control queries by default
ntp access-group peer 10        ! permit time sync to configured peer(s)/server(s) only
ntp access-group serve-only 20  ! permit NTP time sync requests from a select set of clients
!
! access control lists (ACLs)
access-list 1 remark utility ACL to block everything
access-list 1 deny any
!
access-list 10 remark NTP peers/servers we sync to/with
access-list 10 permit 192.0.2.1
access-list 10 permit 192.0.2.2
access-list 10 deny any
!
access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any

Taken from http://www.team-cymru.org/secure-ntp-template.html


                            

Posted in: Blog, Technical

Leave a Comment (0) →

Xenserver tapdisk experienced an error

Hi After upgrading a few of our Xenservers to 6.5 i moved a few hard drives from some troublesome servers. I found that after they were remounted i would get a error saying “tapdisk experienced an error” after a bit of digging around in the logs i found Server_helpers.exec exception_handler: Got exception SR_BACKEND_FAILURE_449: [ ; tapdisk experienced an error [opterr=No medium found]; ]

I checked the VDI’s and i could access them via a live CD i mount in the VM. After i rebooted and ejected the CD i found the VM would now boot. I try the same thing on the 2 other servers that would boot and now they are all happy. It seems that when you create a VM for the first time it needs to boot from the CD drive at least once to fix this error.

 

Hopefully this saves some one some time i spent a few hours on this and couldn’t find any real useful info on it.

 

Posted in: Blog, Technical

Leave a Comment (4) →

Xenserver Import XVA from Network Share

I was updating our servers to Xenserver 6.5 the other night and i was trying to work out the fastest way of importing some machines i exported. And it seems that xe vm-import is the way to do it.

 

1) do a xe sr-list and note the UUID of the SR you wish to import the VM in to.

2) Make a mount point your goint to mount to mkdir /tmp/cifsmount

3) mount –t cifs //<IP or FQDN of target machine>/share /tmp/cifsmount –o username=user,password=<password>

4) Check you did it right with a ls /tmp/cifsmount

You should see something with the file name you want to import.

[root@xenserver5 ~]# ls /tmp/cifmount
New Text Document.txt SL-MEL-RMM.xva

5) then start the import like so

xe vm-import filename=/tmp/cifmount/SL-MEL-RMM.xva sr-uuid=
da491968-b6c2-00fa-1e8c-84e48f4d6114 

This was using 450mbps of the NIC when i check it. 

This imported a 43.7 GB files in 14:20

 

Posted in: Blog, Technical

Leave a Comment (0) →