King of the Potato People

Want to limit the total bandwidth available to a Linux server, and don’t want to do it at the switch or router? Here’s how!

Read the rest of this entry »

The Spamhaus DROP list (Don’t Route or Peer) is still awaiting it’s BGP feed for network providers. So in the meantime, I’ve knocked up a little PHP script that downloads the DROP list from Spamhaus and spits out either a list of IPtables rules or a Cisco access control list.

View Source: http://www.potato-people.com/code/misctools/spamhausdrop.phps

Download: http://www.potato-people.com/code/misctools/spamhausdrop.tar.gz

MTR, also known as Matt’s Trace Route, is an enahanced traceroute utility which after making the initial run continues to rerun the traceroute and calculate hop-specific packet loss and latencies.

Unfortunately, virtually everytime someone calls me and mentions “packet loss” and “MTR” in the same breath, it’s because they do not understand the output.

Read the rest of this entry »

A few further thoughts on things that people forget to take into account when attempting to measure bandwidth:

• When measuring bandwidth, attempt to use a site or tool that is close to your ISP. If you’re in the UK and you try to test your connection using a site hosted in the US it’s never going to give you a decent idea of your speed. I recommend Speedtest.net, as it’s a single tool that can test to a multitude of different locations and will give you a much better idea of exactly how your line is performing.
• Remember to allow around 10% for overheads. An 8Mb ADSL line will top out at 7.2Mbps. This is due to overheads for the ADSL line itself: a certain amount of bandwidth is required to manage your packets that will not be visible on any web-based bandwidth test.
• Any download requires a certain amount of packets to be sent in the opposite direction. Usually these are acknowledgement packets to assure the server you are downloading from that everything is being received okay (or not, as the case may be). Again, that magic 10% figure is the one to watch out for. A 1Mbps download will roughly need a 100Kbps upload. If you are using up all your upload bandwidth, your download bandwidth will be poor.

As I work in a ISP, I (unfortunately) have to deal with the abuse mailbox. And unfortuantely, these means responding to DMCA notices from US companies. How do you deal with a copyright infringement happening on your network, but when the holder is in the US and trying to apply US law?

DISCLAIMER: I am not a solicitor.

Read the rest of this entry »

An issue that comes up for me at work time and time again is customers misunderstanding how bandwidth is measured.

Read the rest of this entry »

A common problem with ADSL in the UK is that most connections are still using PPPoA. This means that if you want a computer to have a public IP address on one of these connections, you need to either have a block of IP addresses routed by your ISP to your router (at extra) cost, or you use a USB modem. There’s no real option for those folks that want to connect something like a SonicWall or any other firewall device directly to the line.

Read the rest of this entry »

The most common attack vector on Linux web servers, is to get something uploaded onto the server that can then be executed. Most of these automated attacks try to put their payload into /tmp, which is universally writable by any user, and then execute it.

But what if they couldn’t execute it?

Read the rest of this entry »