Need to script this: Parsing IP addresses from Emails

 Posted by at 4:46 pm  Problem Queue, Problems  Comments Off on Need to script this: Parsing IP addresses from Emails
Mar 242010
 

I have been working on an idea to parse IP addresses from emails that I receive and save them in a database for security analysis.� I have a process where 404.html hits on several of my websites send me an email notification containing the source IP and the message agent, and what page they were trying to load.� For the most part I know what pages I have programmed or coded and can tell by looking at the email whether someone tried to back their way into my website or not. What I do now is copy the IP address and then do a whois to find out where they come from.� Then I do an RBL check to see if the IP has been blacklisted, and if it has, I add it to the IP Deny list in my .htaccess utility.

I want to automate the harvesting of the IP addresses, message agent and page name the visitor tried to load, but haven’t yet found a suitable solution yet.

Mail on OS X 10.6 is my mail client, so Applescript is the scripting tool.

EMC Retrospect 7.5 Execution Incomplete

 Posted by at 7:13 pm  Problem Queue, Problems  Comments Off on EMC Retrospect 7.5 Execution Incomplete
Feb 252010
 

Another EMC Retrospect issue is plaguing me again, this time the disk to tape backups fail to complete, throwing “error -645, Chunk File Damaged During Save”.� The disk to disk backups continue without issue, but the disk to tape backups fail.

I find only one meaningful post on the internet regarding this matter at forums.dantz.com but research is ongoing.

Retrospect 7.6 after a Power Outage

 Posted by at 6:55 pm  Problem Queue, Problems  Comments Off on Retrospect 7.6 after a Power Outage
Oct 132009
 

Today at 10:15am there was a power outage, it came back and went out and came back again. The Breece-Hill server went into power-off mode, apparently the UPS failed too? Need to check that! Worse yet, upon reboot Retrospect is asking for the registration key as if this is the first time it has ever run?! That sucks! I’ve had similar issues with this hardware and software before, usually any sort of update and the server forgets either is media-changer or the 2.7TB disk array.� The media changer being the tape drive and library, and the only solution then is to hard-boot the server and unplug the power supplies, but several processes terminate on the disk array, so there is no hard-booting during production hours, and thus no tape backup during production either, defeating the purpose of the disk-to-disk and disk-to-tape design. The other common problem is that the disk array vannishes sometimes, at least then we can reboot because production is impacted. This time the OS sees the media changer and the disk array, but Retrospect has forgotten the prior configuration?

From a prior incident my notes (contained in my “Backup manifest.doc” document) indicate a trick that can be used to recover the configuration file. The trick is to wait and not start entering lincese codes, because as soon as you do the last known good configuration is overwritten.� Stop Retrosptect, and then look in the C:Documents and SettingsAll UsersApplication DataRetrospect directory for two files: config75.dat and config75.bak.� The .bak will likely have a larger size and a time-date stamp of the system when it last worked properly.� Make a copy of the .bak file for posterity, then rename-to-eliminate the .dat file. Finally rename the .bak file as the .dat file and retart Retrspect. As soon as I restarted Retrospect the scripts kicked off and backups stated as previously configured.

whew!

Mozilla Thunderbird fix

 Posted by at 6:53 pm  Problem Queue, Problems  Comments Off on Mozilla Thunderbird fix
Oct 072009
 

Today I decided to do some maintenance on my collected email that I have spent meticulously tagging for the year, but the exercise has left Thunderbird “Not Responding.” I tried restarting Thunderbird several times, then rebooted, and still no change.� Finally I searched for a solution on the net, and viola! The solution is from a Mozillazine KB article and involves deleting the Mail Summary files.

Since my mail reorganizing efforts were on two mailboxes, I had to find the local folders for both and select the *.msf files for the current date. The article says to delete them, but I cut and pasted them elsewhere because you never know when you want to undo something.

The Mozillazine KB article: http://kb.mozillazine.org/Application_not_responding

Network Traffic, VOIP, and problem isolation

 Posted by at 6:34 pm  Problem Queue, Problems  Comments Off on Network Traffic, VOIP, and problem isolation
Aug 032009
 

So this morning there was a problem the new Voice-over-IP system that was installed in the IT department.� We, the IT staff, was excluded from the decision to procure and implement that system.� It was purely cost mostivated.� We have enjoyed–code for suffered–problems ever since.� Today, the CIO began getting cell calls from branch managers in Sacramento and Glendale that their staff could not reach the Help Desk.� I visited the Voip.com website, and checked the forum, and banner announced that they were aware of the issues and that we should stand by.� That was 10:30 am.

The Help Desk isn’t very helpful when the clients cannot reach you.

At about 10:45am the voip.com webstie forum banner announced that the service causing the outage was isolated and the incoming and outgoing service had been restored.� But I still cannot reach Glendale…

So my main desire with this post is to remind myself that I need a better set of links, perhaps, to see if there is anything to see in terms of traffic which would give me more information about the problem… I guess I’m asking if I can tracert the voip.com connections? is that possible?

======

Some research on this item led me to several off-the mark threads, but tracing a voip connections remains unanswered. First there is a brief blog about using Wireshark to analyze a voip connection; I meandered through a comparison of H.323 and SIP; and then there is an interesting article from the� Ethical Hacker about VOIP exploits.

I thought I had it when the search results showed “Tracerts don’t use the same packet type as the VOIP session(pings/tracerts use ICMP, VOIP session uses UDP)” butthe linked page contained no such content. But the blurb does shed some light on my original question, and help me to refine my search… I’ll need a UDP Ping rather than a standard TCP Ping common to tracert.� Search results there led to hping, and a page from Network Uptime on pu also known as UDP Ping.

So get the IP of the VOIP provider and start tracing!