Category Archives: Talk!

Ehab Elbalawi…… OMG…

Posted on by
Reply

 어느날…무심코 열어본 g-mail 스팸박스.

 한가지 특이한 메일을 발견했다. 그것은 바로 “GREETINGS” 라는 제목의 영문 이메일이었다.

 얼필봐서는 스팸인것처럼 보였지만… 메일 내용의 처음부분으로 보아 단순한 스팸은 아닌것 같았다. 그래서 호기심에 열어보았다. 내용은 다음과 같다.

From:     Ehab Elbalawi <ehab.elbalawi1@live.co.uk>
Reply-To:     ehab.elbalawi@live.co.uk
To:     undisclosed-recipients : ;
Subject:     GREETINGS
Date:     Wed, 16 Sep 2009 22:23:38 +0300 (Thu, 04:23 KST)

Top of the day,

Goodday to you and your family, i am sorry to disturb you but i felt deeply in
my heart that you are that individual that i have been looking for and 
so i can
contact you for a blessing that you are about to receive and also share with
people that need it, my name is Mr. Ehab Elbalawi a merchant in Dubai, in the
U.A.E. I have been diagnosed with esophageal cancer, which was discovered very
late, due to my laxity in caring for my health. This sickness has defiled all
forms of medicine, and right now I have only a few months to live, 
according to
medical experts. I have since lost my power of speech and can only manage to
write now, as that has been the only way I am able to communicate. I have not
particularly lived my life so well, as I never really cared for anyone (not
even myself) but my business. Though I am very rich, I was never Generous, I
was always hostile to people and only focused on my business as that was the
only thing I cared for. But now I regret all this as I now know that there is
more to life than just wanting to have or make all the money in the world. I
believe when i am given a second chance to come to this world I would live my
life a different way from how i have lived it. Now that i have been called, I
have willed and given most of my property and assets to my immediate and
extended family members as well as a few close friends.

I want the almighty to be merciful to me and accept my soul, so i have decided
to give alms to charity organizations, as I want this to be one of the last
good deeds I do on earth. I want to believe that you will be capable of
handling this task for me. I will wait to hear from you to know if you are
capable of doing this favour for me, You will be bless as you have decided to
do this, I will wait for your urgent response to my mail address:
ehab_elbalawi14@yahoo.com , thank you for deciding to actualize this task for
humanity sake.

Regards,
Ehab Elbalawi.

 아니, 이게 무슨 소리인가… 솔직히, 영어라 이해하기 힘든면이 있었지만 겨우겨우 사전을 살펴보며 대충이나마 메일의 내용을 알 수 있었다.

 내용인즉슨… 죽을 병에 걸린 자신이 그동안의 죄를 뉘우치고 자선사업을 하려는데 도움을 달라는 내용이었다.

 오호… 굉장히 중요한 메일인 것이었다. 이런 메일을 내가 그동안 스팸함에 내버려뒀다니… 솔직히 미안했다.

 냉큼 답장을 적어, 건강의 안녕과 자선사업을 하기로 한 결심에 박수를 보낸다는 내용의 답장을 적어 보냈다..

 그랬더니.. 바로 다음날.. 또 한통의 답신 메일을 받았다. 물론, 스팸함에서..

 내용은 다음과 같았다…

 

보낸사람 Ehab Elbalawi <ehab_elbalawi14@yahoo.com>
받는사람
날짜 2009년 10월 1일오전 12:23
제목 Thanks/Contact My Lawyer
보낸사람 yahoo.com
인증기관 yahoo.com
세부정보 숨기기 0:23 (15시간 전)
Thank
you very much for your mail and your wiliness to help a dying man and
humanity, and i know God has a hand in this, because reading your mail,
it gave me a very big relief, knowing that i have found the right
person that i can Trust to carry out my wishes, and i Pray that God
should give you the strength to carry out this work.
 
My close
family members are however not happy with the way I have disbursed
everything of mine to the motherless babies and the less
privileged.That was why they failed to help me actualize my dream of
supporting charity.  They held for themselves the funds I made
available for charity and went as far as even trying to terminate my
life when the hour (though very short) has not come. All relationship
with me has been severed, and they are of the opinion that the last of
my fortune has been spent.
 
Incidentally, the sum of $10,000,000,00 ten million dollars (United States) lies in a security company in Europe,
and well packaged in a consignment, that is the last I have here on
earth after my medical bills have been estimated and all expenses paid
pending when I shall be no more. These funds I wish to entrust to you,
to help propagate the works of charity where ever your location is. By
so doing, I would need your utmost sincerity and honesty to carry the
venture along successfully.
I need you to get in contact with both my lawyer and the security company in London, and please you must understand that the security company does not know the actual content of the consignment,
which i deposited with them, all they were told is that it contains personal belongings, please take note.
 
I
am sending you their contact details to enable you establish
communication with them, i would also like to inform you of the need to
send the following information’s to my lawyer to enable him prepare the
necessary document; A scanned copy of either your driver’s license or
the first page of your International Passport, Your Full Names, Mailing Address, And Your Full Contact Details:
 
         LAWYER DETAILS:
         Bar. Johnson Watson(Esq.)
         Email:jwatson45_esq@yahoo.co.uk
         esq_watsonj@uk2.net
 
 
              SECURITY COMPANY DETAILS:
              ACCESS SECURITY VAULTS AND SERVICES
              Tel; +447035971580
  Email:access_seccs_vaults@yahoo.co.uk
               access_secc_vaults@yahoo.com
               Contact person: Dr. Cletus Williams (PhD)
               Director of Operations (D.O.P)
               14 York Road, Ilford Essex,
               IG1 3AD London, England.
 
Please
see that you contact them as the beneficiary ASAP, and let them know
that you are the beneficiary of the consignments that is under their
custody and that was deposited with them by Mr Ehab Elbalawi and also
they should let you know what will be required of you in order to
secure the consignments/Funds or get it delivered to you at your
hometown.
 
I
really do not have a long time to stay, as my doctors have notified me,
that i only have a few mouth to spend here on earth, and it will be my
greatest joy to see you make great progress with the security company,
and i also need to release the Unlock Codes to you, in order for you to
be able to gain access to the boxes.
 
Please get back asap.
 
Regards,
Ehab Elbalawi.

 와우!!! 세상에나..!!! 나에게 천만 달러를? 이런 행운이?? 가능한 빨리 변호사와 비밀 회사에 연락을 주라고?? 운전 면허증이나 여권의 첫장만 복사를 하면 되는 것인가..? 헐…천만 달러…라.. 그걸로 뭘하지??? >>ㅑ!!

 ………….. 솔직히…5초쯤 행복했다.;; 5초가 지난뒤에는…에효.. 낚였구나 싶었다.

 너무나 급한 진전… 답장 메일을 보낼때는 정말로 순수한 마음이었는데, 한순간에 뭉개졌다. 돈얘기와 변호사, 보안 회사 얘기만 없었더라면… 끝까지 좋게 생각했을텐데.

 구글에다가 보낸이의 이름을 검색도 안해봤을텐데…에휴..

 짓밟힌 나의 순수함을 돌려줘….T^T

 

존 포스텔(Jonathan B. Postel, Jon Postel) – 인터넷 선구자

Posted on by
Reply
 IANA(Internet Assigned Numbers Authority) 는 모든 IP 주소, 최상위 도메인, 인터넷 프로토콜 포트 할당을 책임지는 기관이다. 1998년까지 이 기관은 엔지니어이자 컴퓨터 과학자인 포스텔(Jonathan B. Postel, Jon Postel) 단 1명이 운영했다. 포스텔은 실질적으로 인터넷의 동작 방식을 정의한 RFC(Requests for Comment) 문서 시리즈의 편집자로 유명하다. 그의 인터넷에 대한 공헌도가 너무 대단해 그의 업적을 기리기 위한 RFC(RFC 2468)가 따로 제정될 정도다. 이 RFC는 www.ietf.org/rfc/rfc2468.txt 에서 확인할 수 있다.

 아래는 그 RFC의 전문이다.





Network Working Group                                          V. Cerf
Request for Comments: 2468                                         MCI
Category: Informational                                   October 1998


                            I REMEMBER IANA

                            October 17, 1998


Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Remembrance

   A long time ago, in a network, far far away, a great adventure took
   place!

   Out of the chaos of new ideas for communication, the experiments, the
   tentative designs, and crucible of testing, there emerged a
   cornucopia of networks.  Beginning with the ARPANET, an endless
   stream of networks evolved, and ultimately were interlinked to become
   the Internet.  Someone had to keep track of all the protocols, the
   identifiers, networks and addresses and ultimately the names of all
   the things in the networked universe.  And someone had to keep track
   of all the information that erupted with volcanic force from the
   intensity of the debates and discussions and endless invention that
   has continued unabated for 30 years.  That someone was Jonathan B.
   Postel, our Internet Assigned Numbers Authority, friend, engineer,
   confidant, leader, icon, and now, first of the giants to depart from
   our midst.

   Jon, our beloved IANA, is gone.  Even as I write these words I cannot
   quite grasp this stark fact.  We had almost lost him once before in
   1991.  Surely we knew he was at risk as are we all.  But he had been
   our rock, the foundation on which our every web search and email was
   built, always there to mediate the random dispute, to remind us when
   our documentation did not do justice to its subject, to make
   difficult decisions with apparent ease, and to consult when careful
   consideration was needed.  We will survive our loss and we will
   remember.  He has left a monumental legacy for all Internauts to



Cerf                         Informational                      [Page 1]

RFC 2468                    I REMEMBER IANA                 October 1998


   contemplate.  Steadfast service for decades, moving when others
   seemed paralyzed, always finding the right course in a complex
   minefield of technical and sometimes political obstacles.

   Jon and I went to the same high school, Van Nuys High, in the San
   Fernando Valley north of Los Angeles.  But we were in different
   classes and I really didn't know him then.  Our real meeting came at
   UCLA when we became a part of a group of graduate students working
   for Professor Leonard Kleinrock on the ARPANET project.  Steve
   Crocker was another of the Van Nuys crowd who was part of the team
   and led the development of the first host-host protocols for the
   ARPANET.  When Steve invented the idea of the Request for Comments
   series, Jon became the instant editor.  When we needed to keep track
   of all the hosts and protocol identifiers, Jon volunteered to be the
   Numbers Czar and later the IANA once the Internet was in place.

   Jon was a founding member of the Internet Architecture Board and
   served continuously from its founding to the present.  He was the
   FIRST individual member of the Internet Society I know, because he
   and Steve Wolff raced to see who could fill out the application forms
   and make payment first and Jon won.  He served as a trustee of the
   Internet Society.  He was the custodian of the .US domain, a founder
   of the Los Nettos Internet service, and, by the way, managed the
   networking research division of USC Information Sciences Institute.

   Jon loved the outdoors.  I know he used to enjoy backpacking in the
   high Sierras around Yosemite.  Bearded and sandaled, Jon was our
   resident hippie-patriarch at UCLA.  He was a private person but fully
   capable of engaging photon torpedoes and going to battle stations in
   a good engineering argument.  And he could be stubborn beyond all
   expectation.  He could have outwaited the Sphinx in a staring
   contest, I think.

   Jon inspired loyalty and steadfast devotion among his friends and his
   colleagues.  For me, he personified the words "selfless service".
   For nearly 30 years, Jon has served us all, taken little in return,
   indeed sometimes receiving abuse when he should have received our
   deepest appreciation.  It was particularly gratifying at the last
   Internet Society meeting in Geneva to see Jon receive the Silver
   Medal of the International Telecommunications Union.  It is an award
   generally reserved for Heads of State, but I can think of no one more
   deserving of global recognition for his contributions.

   While it seems almost impossible to avoid feeling an enormous sense
   of loss, as if a yawning gap in our networked universe had opened up
   and swallowed our friend, I must tell you that I am comforted as I
   contemplate what Jon has wrought.  He leaves a legacy of edited
   documents that tell our collective Internet story, including not only



Cerf                         Informational                      [Page 2]

RFC 2468                    I REMEMBER IANA                 October 1998


   the technical but also the poetic and whimsical as well.  He
   completed the incorporation of a successor to his service as IANA and
   leaves a lasting legacy of service to the community in that role.
   His memory is rich and vibrant and will not fade from our collective
   consciousness.  "What would Jon have done?", we will think, as we
   wrestle in the days ahead with the problems Jon kept so well tamed
   for so many years.

   There will almost surely be many memorials to Jon's monumental
   service to the Internet Community.  As current chairman of the
   Internet Society, I pledge to establish an award in Jon's name to
   recognize long-standing service to the community, the Jonathan B.
   Postel Service Award, which will be awarded to Jon posthumously as
   its first recipient.

   If Jon were here, I am sure he would urge us not to mourn his passing
   but to celebrate his life and his contributions.  He would remind us
   that there is still much work to be done and that we now have the
   responsibility and the opportunity to do our part.  I doubt that
   anyone could possibly duplicate his record, but it stands as a
   measure of one man's astonishing contribution to a community he knew
   and loved.

Security Considerations

   Security issues are not relevant to this Remembrance.

Author's Address

   Vinton G. Cerf
   MCI

   EMail: vcerf@mci.net


















Cerf                         Informational                      [Page 3]

RFC 2468                    I REMEMBER IANA                 October 1998


Full Copyright Statement

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
























Cerf                         Informational                      [Page 4]


iptables 방화벽 설정 관련…

Posted on by
Reply

 요즘 공부하고 있는 iptables 를 이용한 방화벽 구축 관련하여…

 한가지 문제가 되는 부분이 있었다.

 그것은 바로 방화벽을 설정하게 되면 이상하게 네임서버 질의가 안되는 것.

 문제의 발단은 다음의 스크립트를 이용하여 방화벽을 설정하는 것 부터 시작이었다.

#!/bin/sh

IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe

### 기존 규칙을 제거하고 체인 정책을 DROP으로 설정한다.
echo “[+] Flushing existing iptables rules…”
$IPTABLES -F
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
### load connection-tracking modules
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp

###### INPUT 체인 ######
echo “[+] Setting up INPUT chain…”
### 상태 추적 규칙
$IPTABLES -A INPUT -m state –state INVALID -j LOG –log-prefix “DROP INVALID ” –log-ip-options –log-tcp-options
$IPTABLES -A INPUT -m state –state INVALID -j DROP
$IPTABLES -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

### ACCEPT 규칙
#ftp
$IPTABLES -A INPUT -i eth0 -p tcp –dport 20 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp –dport 21 –syn -m state –state NEW -j ACCEPT
#ssh
$IPTABLES -A INPUT -i eth0 -p tcp –dport 22 –syn -m state –state NEW -j ACCEPT
#whois
$IPTABLES -A INPUT -i eth0 -p tcp –dport 43 –syn -m state –state NEW -j ACCEPT
#domain
$IPTABLES -A INPUT -i eth0 -p tcp –dport 53 –syn -m state –state NEW -j ACCEPT
#http
$IPTABLES -A INPUT -i eth0 -p tcp –dport 80 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp –dport 80 -m state –state NEW -j ACCEPT
#https
$IPTABLES -A INPUT -i eth0 -p tcp –dport 443 –syn -m state –state NEW -j ACCEPT
#rsync
$IPTABLES -A INPUT -i eth0 -p tcp –dport 873 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp –dport 873 -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
$IPTABLES -A INPUT -i ! lo -j LOG –log-prefix “DROP ” –log-ip-options –log-tcp-options

###### OUTPUT 체인 ######
echo “[+] Setting up OUTPUT chain…”

### 상태 추적 규칙
$IPTABLES -A OUTPUT -m state –state INVALID -j LOG –log-prefix “DROP INVALID ” –log-ip-options –log-tcp-options
$IPTABLES -A OUTPUT -m state –state INVALID -j DROP
$IPTABLES -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

### 외부로 나가는 연결을 허용하기 위한 ACCEPT 규칙
#ftp
$IPTABLES -A OUTPUT -p tcp –dport 20 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp –dport 21 –syn -m state –state NEW -j ACCEPT
#ssh
$IPTABLES -A OUTPUT -p tcp –dport 22 –syn -m state –state NEW -j ACCEPT
#whois
$IPTABLES -A OUTPUT -p tcp –dport 43 –syn -m state –state NEW -j ACCEPT
#domain
$IPTABLES -A OUTPUT -p tcp –dport 53 –syn -m state –state NEW -j ACCEPT
#http
$IPTABLES -A OUTPUT -p tcp –dport 80 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 80 -m state –state NEW -j ACCEPT
#https
$IPTABLES -A OUTPUT -p tcp –dport 443 –syn -m state –state NEW -j ACCEPT
#rsync
$IPTABLES -A OUTPUT -p tcp –dport 873 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 873 -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp –icmp-type echo-request -j ACCEPT

### 기본 OUTPUT LOG 규칙
$IPTABLES -A OUTPUT -o ! lo -j LOG –log-prefix “DROP ” –log-ip-options –log-tcp-options

 보기에는 별 문제가 없는 방화벽 스크립트이다.

 기본적으로 모든 입력에 대해 DROP 정책을 고수하고 서비스하는 특정 포트들에 대해 접근을 허가하는 내용인데… 특이점으로 ftp에 대한 포트와 rsync를 위한 포트를 개방한 부분에 있다.

 이는 동아리에서 서비스 중인 미러링 사이트 유지를 위해 필요한 부분이었기 때문에 특별히 신경썼던 부분이었다.

 해당 스크립트를 적용시킨 후, ssh 접속 및 ftp, http 접속이 정상적으로 이루어지는 것을 확인하여 아무런 문제가 없는 줄 알았다.

 하지만… 미러링을 위한 rsync 스크립트를 돌리자마자 다음의 오류를 발생하며 프로세스가 정지가 되는 것이었다.
 

rsync: getaddrinfo: releases.ubuntu.com 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(122) [receiver=3.0.3]

 에러 발생 메시지가 늘 그렇듯이 처음보는 에러메시지였다. 하지만 에러 메시지 중 익숙한 부분이 눈에 들어왔다. 바로 “getaddrinfo” 라는 부분과 “socket IO” 부분.

 그렇다. 네트워크 프로그래밍에서 주소를 받아오는 함수부분인 것이다. 다른곳도 아니고 주소를 알아내는 모듈이 실패를 했다는 메시지가 나오니 그래서..설마하는 마음으로 dig 명령어를 이용한 IP 질의를 해보았다.

 역시나였다. dig, nslookup 등등의 명령어가 먹히지 않는다. 이상했다.

 resolve 질의를 위한 부분 역시 스크립트에서는 명백히 명시를 해놓았기 때문이다. 무엇이 문제일까. 구글링 및 kldp를 비롯하여 여러곳을 뒤져보아도 속시원한 답을 찾을 수 없었다.

 단 하나, 똑같은 상황이 있었는데 네임서버 설정이 잘못되있는 경우 그런 에러가 발생한다는 것만 알 수 있었다.

 하지만 이미 네임서버는 설정이 정상적으로 되어 있는 상황이었고, 같은 네임서버를 설정해놓은 다른 보통의 서버(위의 스크립트를 적용시키지 않은)들은 아무 문제없이 질의가 이루어지는 상황이었다.

 한참….을 헤멘후에야 그 해답을 알 수 있었는데..

 그 정답은 바로 다음의 라인이었다.

$IPTABLES -A INPUT -p udp –dport 53 -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 53 -m state –state NEW -j ACCEPT

 차이를 알겠는가? 바로 프로토콜 설정부분이었다. 기존의 스크립트는 -p tcp 만을 옵션으로 하였기 때문에 udp의 경우는 방화벽에 차단당했던 것이었다.

 늘 그렇다. 알고나면 별것아닌것. 에효… 진즉에 service 파일좀 살펴볼껄… 별것아닌 에러에 이렇게 곤란을 느낀것이 부끄럽기만 하다.

두번째 미러링 사이트…

Posted on by
1

 여기에는 포스팅을 하지 않았지만 동아리 FTP 사이트를 꾸며 우분투 리눅스 미러링 서비스를 시작했었다.

 그리고 이번에는 두번째 서비스로 아파치 미러링을 시작하게 되었다… 얏호! 🙂

케이스 왔다~~

Posted on by
Reply

 바로 요놈!
 
 RC500!!

User image

 한 두시간쯤 걸렸다.. 처음이라 그런지 오래 걸린듯..

 두개를 신청해서 하나는 조립을 완료했고, 나머지 하나는 다른 후배들이 오면 같이 해야겠다.

 에고 허리야…

온종일 이거에만 신경을 쓰다보니 오늘하루 한끼도 못먹었다. 에고고… 어서가서 밥먹어야지. 🙂

User image

User image

 뿌듯하네~.