In a previous post i explained how i run a server, etc. etc. Since i have absolutely nothing else to write about, i’m posting a part II of sorts for that post. This time its about the dns server i run. A few months ago i switched my internal network over to use my own locally hosted dns server. The following are the top queries its received from the internal hosts.
| 16527 |
|
time.apple.com |
| 16188 |
|
www.google.com |
| 4513 |
|
weather.wapp.wii.com |
| 4235 |
|
ad.yieldmanager.com |
| 2315 |
|
news.wapp.wii.com |
| 1907 |
|
www.symantec.com |
| 1852 |
|
ad.doubleclick.net |
| 1612 |
|
105.0.168.192.in-addr.arpa |
| 1347 |
|
cfh.wapp.wii.com |
| 1320 |
|
202-177-19-148.kdd.net.hk.jessecole.org |
Ok, we can see we have several very popular sites. The first is not quite what you’d expect, its time.apple.com. You don’t think about it but every computer and device you own likely keeps itself synchronized with a time server. Every time it goes to synchronize, it has to do a dns lookup. Actually this number is a tad distorted by the fact that my router decided it should update its time 10 or 11 times a day, (thank you Dlink). I actually got sick of it a made it use the ip address for time.apple.com instead of the hostname so hopefully that number won’t go up so much.
The next most popular query is for www.google.com. No surprise there. Every time you type in the website or use the search bar in your browser and possibly even just visiting certain websites will cause a query to be performed.
The most interesting out of all these though is the fact that, in my top 10 queries, 2 of them (ad.yieldmanager.com and ad.doubleclick.com) are well known ad servers. What a waste of time and bandwidth that is. In the future, i may start blocking queries to well known ad sites just to avoid giving them stats on us.
I forgot to mention before my last post but i have a new theme. You like? I feel it has a pirate type of feel to it. Anyway, its new. Leave suggestions in the comments.
So. I run a server. And by that i mean i have a computer with many different services running on it that are accessible over a network. One of these services is ssh. Over the past few months while my computer has been exposed to the internet, i have received thousands of automated ssh login attempts by people doing a dictionary attack trying common usernames and password. I have decided to post some of the ip address and some of the more common usernames attempted. The first column is number of attempts since Oct 28 06:47:05.
| 1319 |
202.177.19.148 |
|
692 |
root |
| 352 |
84.200.29.111 |
|
81 |
admin |
| 275 |
213.223.16.236 |
|
79 |
test |
| 168 |
211.53.78.104 |
|
41 |
guest |
| 156 |
208.100.6.172 |
|
34 |
user |
| 137 |
61.218.44.69 |
|
27 |
clark |
| 120 |
216.234.56.210 |
|
23 |
oracle |
| 105 |
205.206.124.18 |
|
21 |
smith |
| 104 |
209.189.91.8 |
|
21 |
anderson |
| 84 |
210.192.124.242 |
|
19 |
staff |
ps. For the love of god if you know how to format that so that both columns are next to each other, tell me! I’ll give you a treat. Really, it will happen.
*Update* I cheated and got a table to do what i want. If anyone can tell me a better way please do. The treat thing still stands.
*Update 2* Nevermind, i’ve decided i like the way looks. After looking around a bit, it appears that there really isn’t a more elegant solution so i’m going to stick with it.
There was a power outage today. Actually first there was a brown-out for several minutes, then the power went out. Kinda freaked me out because i know how damaging brown-outs are for hard drives and when i came to shut off my server the hard drive activity light was solid. Luckily, server came up just fine fsck didn’t find any problems on any partitions, all is good. I survived the 2 hour outage by watching some of my back log of video podcasts, namely Tekzilla. Tekzilla is basically The Screensavers of old…today! Well, thats it for today, bye.
Jesse.
