Wikipedia:Reference desk/Archives/Computing/2013 January 21

Computing desk
< January 20	<< Dec | January | Feb >>	January 22 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

January 21

Help with iptables and blocking repeated SSH attempts

Hello! I'm trying to block IPs with repeated failed attempts on SSH on a Debian Squeeze box (and learn a bit about iptables too). With a fresh, nothing-added iptables config, I added this line (which I adapted from a thread online):

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 120 --hitcount 3 --name SSH --rsource -j DROP

This is what iptables -L prints:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh recent:     UPDATE seconds: 120  hit_count: 2 name: SSH side: source

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

But I'm still seeing this in logs:

Jan 20 20:40:41 debian sshd[3416]: Failed password for root from XX.XX.XX.XX p    ort 55234 ssh2
Jan 20 20:40:43 debian sshd[3418]: pam_unix(sshd:auth): authentication failure;     logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX  user=root
Jan 20 20:40:44 debian sshd[3418]: Failed password for root from XX.XX.XX.XX p    ort 55642 ssh2
Jan 20 20:40:46 debian sshd[3420]: pam_unix(sshd:auth): authentication failure;     logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX  user=root
Jan 20 20:40:48 debian sshd[3420]: Failed password for root from XX.XX.XX.XX p    ort 55994 ssh2
Jan 20 20:40:49 debian sshd[3422]: pam_unix(sshd:auth): authentication failure;     logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX  user=root
Jan 20 20:40:51 debian sshd[3422]: Failed password for root from XX.XX.XX.XX p    ort 56434 ssh2
Jan 20 20:40:52 debian sshd[3424]: pam_unix(sshd:auth): authentication failure;     logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX  user=root

And there are hundreds of these, all violating the 2-minute update-period imposed by the iptables rule. The contents of /proc/net/xt_recent/SSH was empty. I even tried adding the IP via echo +XX.XX.XX.XX >/proc/net/xt_recent/SSH, per the iptables man page, while the attack was going on, and it didn't stop it. The proc file didn't even update; it was unchanged as (time never changed):

src=XX.XX.XX.XX ttl: 0 last_seen: 20691667 oldest_pkt: 1 20691667

The /etc/ssh/sshd_config file contains:

MaxAuthTries 3
LoginGraceTime 50

(plus default settings). Why isn't iptables stopping this now? Thank you for any advice. I know there are other tools like fail2ban, and better ways to prevent ssh login attacks, but I'm interested in iptables because I want to learn how to use it, and since this server has no important data, I'm not concerned that it allows password login. Also feel free to reformat my log data into collapsible boxes if it's not appropriate as such. Thank you!--el Aprel (^facta-_facienda) 02:02, 21 January 2013 (UTC)

Maybe I'm misreading it, but it looks the like attacks are on port 55234, 55642, 55994, and 56434, and you have set up the rule on port 22. RudolfRed (talk) 02:56, 21 January 2013 (UTC)

I think the 50000 ports are the ports on the attacker's computer, connected to port 22 on my box. SSHD is definitely running on port 22. I think the rule is specified to apply on my port 22 with the --dport switch, right? (Please don't infer any sarcasm. I'm really lost here.)--el Aprel (^facta-_facienda) 03:01, 21 January 2013 (UTC)

No idea about the iptables, but did you consider disabling root login in sshd_config (PermitRootLogin)? bamse (talk) 21:09, 21 January 2013 (UTC)

Yes, thank you. I have already disabled root login, which is why these attacks don't concern me. I ask more out of curiosity of iptables than security.--el Aprel (^facta-_facienda) 21:21, 21 January 2013 (UTC)

What is a better desktop utility software than Google Desktop?

Google Desktop's support stopped over a year ago, and slowly, its apps would stop working. All that remains that still work are the Clock, RSS Newsfeed, and a few others I don't use, and they're placed on the right of the desktop.

I'd rather use a desktop utility much like Google Desktop, but that is still supported, worked on, and updated. What are your best suggestions, and has there been an update on it in the past 6 months? Thanks. --70.179.161.230 (talk) 09:07, 21 January 2013 (UTC)

Isn't this like the fourth or fifth time you're asked more or less the same thing? If all the previous suggestions haven't done it for you, do you really expect to get something that will this time? Nil Einne (talk) 11:44, 21 January 2013 (UTC)

Help with Blaze Xplorer FX Cartridge

I recently bought a Blaze Xplorer FX Cartridge but when I try to play Shadow Man with it all I get is a black screen & the intro music going funny (as in not playing properly). And when I try it with the cartridge just turned on without any codes activated the same thing happens. I can get past all the 'Loading' screens but when I get to the 'Press Start' screen I get that black screen with the intro music that doesnt play right. Any help ?80.254.146.140 (talk) 12:25, 21 January 2013 (UTC)

I think some more details may be needed to help you here. What is a Blaze Xplorer FX Cartridge? It doesn't seem to have any mentions on Wikipedia. Possibly it has something to do with the Nintendo 64, this being one of the systems Shadow man was released for. - 220 of ^Borg 14:20, 21 January 2013 (UTC)

Perhaps it's actually for the Playsation, see Blaze-Xplorer-Cheat-Cartridge - 220 of ^Borg 14:20, 21 January 2013 (UTC)

Yes it is the Blaze Xplorer Cheat Cartridge for the Playstation & the Shadow Man that I am trying to use is the Playstation(PAL) version. 80.254.146.140 (talk) 14:09, 23 January 2013 (UTC)

Any help anyone ? 80.254.146.140 (talk) 14:09, 23 January 2013 (UTC)

Fax

How would a fax machine work when a person is using the Internet or using the landline phone, assuming that there is only one phone line attached to the household? If a person is using dial-up connection to the Internet, then that would probably use the phone line. If person is talking on the phone, that is also using up the phone line. Right? So, can a fax machine only be used when the hours are free from "noise"? 75.185.79.52 (talk) 17:43, 21 January 2013 (UTC)

A land-line telephone connection can be thought of as split into two different frequency bands - the "audible" band, and a high-frequency band (that's not really audible to people). That high band is used for Asymmetric digital subscriber line digital communications, if that's enabled. The audible band handles everything else - dial tones, DTFM dialling signals, voice calls, fax calls, dialup modem calls, and caller-id data. Only one use of that audible band can happen at a time (and there are sensible technical precautions which usually mean they don't interfere with one another accidentally). Things are quite different with all-digital telephony systems such as some office phones, ISDN connections, and GSM mobile phones. -- Finlay McWalterჷTalk 18:01, 21 January 2013 (UTC)

To put a purist mathematical spin on Finlay's (perfectly-understandable) answer, we formally say that different frequencies are orthogonal to each other. What this means in practice is that we can use one single wire to send n distinct signals at different frequencies; and we can build circuits that are totally unaffected by the other signals on the line. Of course, there are many engineering practicalities and imperfections that are introduced by the Real World; so in practice we build circuits that are almost totally unaffected by other signals on the line. Engineers use the concept of bandwidth to describe the signals, (according to the formal definition, "the width of the frequency spectrum of the signal" - and not the wishy-washy, watered-down "internet-ese" version, where "bandwidth" is roughly used to describe "anything related to perceived speed of data transfer"). When two signals are in mutually-exclusive bands, they can share the communication channel without interference. Nimur (talk) 18:37, 21 January 2013 (UTC)

Therefore, a "bigger" bandwidth may be "faster", because the two signals are in two mutually-exclusive bands, and thus they can share a communication channel without interference like a 2-lane road instead of a 1-lane road. If there are 5 lanes and the speed limit is 65 miles per hour, then a lot more cars can run during one hour than a case where the speed limit is 35 and only one lane. I can definitely see how this may lead to the watered down version of bandwidth. 75.185.79.52 (talk) 19:48, 21 January 2013 (UTC)

The short answer to the OPs question is yes, only one thing (voice, data, fax) can go on with a phone line at once. In the days where there was dial-up I remember when someone else would pick up the phone and it would drop your connection (fax included). Shadowjams (talk) 19:39, 21 January 2013 (UTC)

That would imply an unsophisticated bandwidth? 75.185.79.52 (talk) 19:48, 21 January 2013 (UTC)

Normal fax machines operate over the same channel as voice, so you can't talk on the phone and fax at the same time. Shadowjams (talk) 20:06, 21 January 2013 (UTC)

Faxing has to use lower (audible) frequencies because higher frequencies don't make it through the phone network to the fax machine at the other end. According to POTS the network traditionally only supported frequencies up to 3.4kHz, though I've heard higher numbers like 8 kHz before. Either way, it's astonishing that analog modems got as fast as they did. DSL (digital subscriber line) signals only travel the length of the subscriber line, which can transmit much higher frequencies. -- BenRG (talk) 20:47, 22 January 2013 (UTC)

The original poster does not say how much he/she knows about the telephone hookup of the place where simultaneous fax and voice activity might have occurred. Residences in the US that were wired in the last several decades have two twisted pairs coming in. Both twisted pairs would be contained in the same cable. (Businesses often have more.) So the owner or tenant may have paid for a second phone number which is used for fax on the second twisted pair. Jc3s5h (talk) 20:46, 21 January 2013 (UTC)

Residences in the UK also have the same arrangement of a spare twisted pair. Sometimes, these were utilised as a separate fax line, but this was worth the cost only for people who received or sent many faxes. As mentioned above, fax machines normally work using the low-frequency band used by voice calls, so would be independent of internet usage where a DSL filter is fitted. Where the internet connection is via a Voice frequency modem (— I still have one, it runs at a maximum of 56kb so I don't use it!), only one of the three can be used at any one time. In theory, there is no reason why faxes could not use the high frequency band (so that a voice call could be made at the same time), but I haven't seen any fax machines designed for this. Do they exist? How would they differ from a computer + printer? (I think it's possible to have a voice-frequency modulator attached to the internet to generate a signal for an ordinary fax machine, but I don't see any advantage in this. In practice, it would be more logical to send an e-mail or PDF over the internet than to use the bandwidth to send a fax! Dbfirs 09:08, 22 January 2013 (UTC)

System services required to share printer in Vista SP 2

Does anyone know what services need to be enabled on both host and client machines in order to share a printer in Vista SP2?

Failing that, is there a resource that can restore default services on both machines, since sharing should be easy to enable from there? --El Santo103 (talk) 18:29, 21 January 2013 (UTC)

http://www.blackviper.com/service-configurations/black-vipers-windows-vista-service-pack-2-service-configurations/ has much info on services, including what's enabled by default. It might help. Mitch Ames (talk) 08:00, 26 January 2013 (UTC)