Posted on

19-Jan-2010

Bandwith management
My son has bought a laptop some weeks ago and now he’s consuming all bandwidth downloading. At some point the software he uses had over 4000 sessions open, causing a severe access problem – both from outrside as inside. Most of this traffic seems to be outgoing – synchronisaton, probably?.
First, I squeezed the number of sessions from his laptop to a max of 200 – that helped somewhat, but still the outgoing traffic took almost all available space on the 1Mb channel. So this evening, I limited his upload bandwidth to 200Kb – and that caused his download speed to be much lower as well.
This shows immediately in the traffic graph:

Drop in traffic when bandwidth filters set

Stupid program ….
Another side effect is that the SYSLOG files grows VERY FAST. Where it took a few days – or a week – to exceed 25000 blocks, now it took just severakl hours…Each day, the log grows to a 125.000 blocks. This squeezing may decrease the growth as well – less traffic means less entries.
Space is not a real issue, but I’ll have to keep a keen eye on the size…
Blocking abuser
Another ability the router / firewall offers is blocking access from specific addresses – or subnets. That allows me to block a complete subnet: 69.25.7.0. This network offers the possibility of DoS attacks over Trace_rt – that doe occur severely at tgimes, overfilling my mailbox by the number of alerts due tgo these attemps, from the network, ending by a number ending in a mulitple of 4. We’ll see what happens next. Of course, this blocking is logged.
BTW: The owner – according WHOIS – has been notified of the abuse. But I didn’t receive confirmation – yet.
Disk trouble – continued
I got a message from the recovering firm that the disk heads and platters are in such a state that with the current replacement of the head assembly, it was almost impossible to retrieve any real data…But not all is lost ; there still is a chance that data can be recovered. But it will take some time and effort. Luckily it is both fixed price and no-cure-no-pay. If they succeed, tke UK holiday report can be extended with the tracking data (meaning I may have to re-generate and ere-install the album, but that’s just a matter of a few minutes :).
The replacement disk – 320 Gb – has been installed and initialized, so I’m still better off in terms of storage space.
Spam decrease
A few days ago I learned that a server that was heavily used by spam-sending botnets, was taken offline last month. That explains the downfall of the numbers of spam messages. A decrease I have observed as well. But as expected, it gradually re-increases….

Posted on

12-Jun-2009

Access problems
Quite severe, to be honest.
Too busy on the job to find out, but yesterday it became emonent that access toall of the webs was troublesome; In fact, both the operator web and webmail were inaccessable, and even the basic homepage was slow. Retrieving mail using the POP protocol fails after some attempts (keeps waiting, and waiting…). I tried to get the webmail index, it took ages to load, at least: part of it; the page was incomplete in the end.

Diana itself showed no real problems looking at the system itself, but when examining the operator log, it became clear that there is a problem: the logfile is filled with messages like:
%%%%%%%%%%%  OPCOM  12-JUN-2009 18:59:03.49  %%%%%%%%%%%
Message from user SYSTEM on DIANA
Event: Frame Check Error from: Node LOCAL:.DIANA CSMA-CD Station CSMACD-0,
        at: 2009-06-12-19:59:03.490+02:00Iinf
        eventUid   18BA7200-5783-11DE-8929-0000F87653E2
        entityUid  EB004904-56DC-11DE-8293-AA0004000154
        streamUid  EE034380-56DC-11DE-8322-AA0004000154

These messages indicate a network problem – a severe one. Mostly related to hardware, like the network card, cable, switch port, or the swittch itself. Or some other machine on the network, pumping badly shaped data over the wire.

Access that doesn’t require the network hardware has no trouble at all. But all that goes ‘outside’ and is more than a few bytes in size, won’t get out. Or incomplete – triggering even more messages to appear. As it turned out, all HTTPS access was virtually blocked, as well as any access to larger files (photos!) from the public site would stall.

But what caused it?
It could be the NIC in the system – it’s over 10 years old so a breakdown could well be possible. But a second, more likely culprit, is the switch that links all systems together. Irene – the system in the living room – often marked a drop in network connctivity, that was restored shortly afterwards. Aphrodite – on which I use to listen to Internet Radio while working at the datacenter – does note drops as well. A collegue told me today that this behaviour often indicates the death of a router. And since this is a very cheap one, it woudln’t be a big surprise if NIC and router run out of sync. It could even happen to a single port.

Time to find out.
I do have a free port on the switch to I reconnected Diana to it. And behold: speed is as in the old days. Apart from the fact the connection is now set to half duplex, it works. There still are messages on frame check errors, only when a lot of data is sent at once: like images and large, encrypted pages like Soymail’s index. But at least, I’ll be able to download my mail 😉

Time to get a new router.

New kid on the block
Demeter, the company laptop, has reached it’s moment of retirement. That is: I have purchased it from the company, and got a new one in stead that I’ll use for company work and other usefull things, like studying Linux, for instance.
By request, the system should be called after it’s administrative name: VXLT090409 – I kept that in the description for the ease of system management at the office. I named the system Gudrun, a name from the Saxon mythology (if I’m well informed). Its operating system is Windows Vista Business – and I already have had the oppportunity to question what the hack it’s doing on disk…It’s still in the phase where I’m installing bits and pieces I miss on the system. Quite some of them…

Irene down again
Another problem occurred today: Irene, the system downstairs, started in the set-up screen, and fails to boot – without a warning. I’ll still have to define what’s wrong there, but it certainly doesn’t look good. Well, a replacement is now available: Demeter…..