BigAdmins

A group of researchers from the U.S. Naval Academy has developed a technique for analyzing email traffic in real-time to identify spam messages as they come across the wire, simply using information from the TCP (Transmission Control Protocol) packets that carry the messages.

This approach could be a useful addition to the arsenal of today’s spam-fighting techniques, observers argue, in that, unlike other typical spam fighting approaches, the content of the email does not have to be scanned.

The work “advanced both the science of spam fighting and … worked through all the engineering challenges of getting these techniques built into the most popular open-source spam filter,” said Massachusetts Institute of Technology computer science research affiliate Steve Bauer, who was not involved with the work. “So this is both a clever bit of research and genuinely practical contribution to the persistent problem of fighting spam.”

In the paper that accompanied the presentation, the researchers showed that spam email blasts have certain characteristics at the networking transport layer. Signal analysis of factors such as timing, packet reordering, congestion and flow control can reveal the work of a spam-spewing botnet. “A lot of spam comes from spambots, which are sending as fast as they can and congesting their local uplink,” Beverly said. “So you can detect them by looking really hard at the TCP stream.”

Thus far, earlier techniques developed for analyzing spam at the network transport layer have been offline, which is to say, the email traffic is analyzed as a batch, and the results can be used later. The naval researchers have developed an architecture for analyzing network traffic as it comes over the wire.

For the implementation, they used the the SpamAssassin email filter. SpamAssassin has a plug-in architecture for incorporate new filtering techniques. “We have a daemon that captures all the packets and looks timing and other congestion characteristics of the traffic stream,” Beverly said. The plug-in can learn to identify and detect spam without human intervention. In tests, SpamFlow was able to correctly identify spam over 95 percent of the time, after a reception of 1,000 emails.

The ability to detect a spam message without actually examining the contents of the message would be handy in a number of situations, noted Bruce Davie, a Cisco fellow and visiting lecturer at MIT. Davie is familiar with though not involved in the work. An Internet service provider could apply the detection algorithm without violating users’ privacy. It can be used to detect messages that are encrypted, such as those traveling over an encrypted link. It can also be used to detect other forms of malicious traffic, such as port scans from botnet hosts.

“Overall, I see it as a generally useful tool in the fight against malicious traffic,” Davie said. “You can combine it with traditional anti-spam techniques to improve accuracy.”

Currently, the team is beta testing the software at a number of locations. They plan to release it as open-source software afterward.

The U.S. National Science Foundation funded part of this work, under the Software Development for Cyberinfrastructure (SDCI) program.

Source: ITWorld

Its not a big deal to get the open solaris CD live image and install it in a PC. But what will happen if your cd drive is not working?. Thats happend with my not so old Sony Vaio VGN laptop. The interesting fact is that I could manage to boot an XP CD or anything related to Windows. But its so strange that my laptop is not in a mood to boot if i keep a Ubuntu or opensolaris live CD ! . So strange, i tried googling but no clue.  Just to keep it aside there is always another way to get out of the jungle !

The only option is to create an opensolaris live usb. There are couple of ways you can install make ubs live stick but the procedure here i am going to explain is simple and its work with windows. There are other methods like ./usbcopy from opensolaris it self.

There  is a windows tool that will allow Windows users to put a copy of OpenSolaris media on a usb stick. Download it from

http://devzone.sites.pid0.org/OpenSolaris/opensolaris-liveusb-creator

Download the open solaris image from here

http://genunix.org/distributions/indiana/osol-0906-111-x86.usb

Run the usb creator and select the image and thats it, you have a working live bootable usb stick. You can install opensolaris without a CD.

In Unix sticky bit is permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or super user. This prevents a user from deleting other users’ files from public directories. A t or T in the access permissions column of a directory listing indicates that the sticky bit has been set, as shown here:

drwxrwxrwt 5 root sys 458 Oct 21 17:04 /public

Sticky bit cab be set by chmod command. You need to assign the octal value 1 as the first number in a series of four octal values.

# chmod 1777 public

A disk lable is a special area for storing information about the disk’s controller, geometry, and slices (or partitions). This information is called the disk’s label and in Unix its called volume table of contents (VTOC). Writing slice information onto disk is called labeling a disk. Before label a disk you have to define its slices.VTOC is widely used in Solaris and it support less than 1TB of data. EFI ( Extensible Firmware Interface) is a new type of disk label which support disk that are larger than 1TB and cannot be converted back to VTOC.

Solaris supports both types VTOC disk label and the EFI disk label. Solaris 10 (and later versions of Solaris 9) provides support for disks that are larger than 1 TB on systems that run a 64-bit Solaris kernel. The EFI label provides support for physical disks and virtual disk volumes. The UFS file system is compatible with the EFI disk label, and you can create a UFS file system greater than 1 terabyte.

The traditional VTOC label is still available for disks less than 1 terabyte in size. You can use the format-e command to label a disk less than 1TB with an EFI label.

The advantages of the EFI disk label over the VTOC disk label are as follows:

• Provides support for disks greater than 1 TB in size.
• Provides usable slices 06, where slice 2 is just another slice.
• Slices cannot overlap with the primary or backup label, nor with any other partitions. The size of the EFI label is usually 34 sectors, so partitions start at sector 34. This feature means that no partition can start at sector zero.
• Sizes are reported in blocks. No cylinder, head, or sector information is stored in the EFI label.
• Information that was stored in the alternate cylinders area, the last two cylinders of the disk, is now stored in slice 8.
• If you use the format utility to change partition sizes, the unassigned partition tag is assigned to partitions with sizes equal to zero. By default, the format utility assigns the usr partition tag to any partition with a size greater than zero. You can use the partition change menu to reassign partition tags after the partitions are changed.
• Solaris ZFS  uses EFI labels by default.

But there some restrictions with EFI disk labels and those are:

• You cannot boot from a disk with an EFI disk label.
• The EFI disk label is not supported on IDE disks.
• The EFI specification prohibits overlapping slices. The entire disk is represented by c#t#d#.
• The SCSI driver, ssd or sd, currently supports only up to 2 terabytes. If you need greater disk capacity than 2 terabytes, use a disk and storage management product such as Solaris Volume Manager to create a larger device.
• Layered software products intended for systems with EFI-labeled disks might be incapable of accessing a disk without an EFI disk label.
• You cannot use the fdisk command on a disk with an EFI label that is greater than 1 terabyte in size.
• A disk with an EFI label is not recognized on systems running previous Solaris releases.
• You cannot use the Solaris Management Console’s Disk Manager tool to manage disks with EFI labels. Use the format utility to partition disks with EFI labels. Then, you can use the Solaris Management Console’s Enhanced Storage Tool to manage volumes and disk sets with EFI-labeled disks.
• The EFI disk label provides information about disk or partition sizes in sectors and blocks, but not in cylinders and heads.
• The following format options are either not supported or are not applicable on disks with EFI labels:
  • The save option is not supported because disks with EFI labels do not need an entry in the format.dat file.
  • The backup option is not applicable because the disk driver finds the primary label and writes it back to the disk.

  If you have volume manger VxVM EFI disks wont work under Solaris 9. But Solaris 10 supports. Its in fact VxVM is not supporting as you could label, create ufs filesystems on these disks and so on. But when you do vxdisksetup you will get errors.

Ref : Sun Docs, Veritas Docs

Changing the ip address in Solaris is straight forward. But its not a one or two click methods like in Windows. There is one important advantage in solaris 10 is that there is no need of reboot of the server against its predecessor solaris 9 where you need to reboot to make the changes permemnant. In order to change the IP temperorily in both Solaris 9 and 10 is

# ifconfig <interface> <ip_address> <netmasks> <broadcast address>

You can figure out the interface name by using ifconfig command. Now to change the IP under solaris 9 and older version, just open /etc/hosts file and add or edit the entry for the IP address and the hostname. You need to reboot the server so that the changes will take place.

In Solaris 10 there is one more file you need to edit which is /etc/inet/ipnodes (ipnodes file is for IPv6, without adding an entry to the file, the IP address (IPv4) will not active but SUN has fixed this issue).  Next restart the network services and the changes will take place

#svcadm restart newtork/physical

No reboot, no downtime. Cool !

After the acquisition of SUN, Oracle indicated its first ever release of Solaris Operating systems. But the release will be in 2011. John Fowler (an Oracle Executive VP) announced company’s plan for the first ever release of Solaris under Oracle. View his webcast for more details. http://www.oracle.com/dm/11h1corp/53947_systems_strategy_webcast.html. We need to wait for some time to get more details on the upcoming Solaris 11

Here is the detailed configuration guide to set up ipmp, with the inputs from Sun docs, Summary of typical IPMP Configurations

1.  Production and test interfaces in the same IP subnet
1.1  With defaultrouter
1.2  Without defaultrouter
1.3  With dedicated hosts acting as test targets with “host-routes”
1.4  Configuration example for 1.1, 1.2 and 1.3

Read more…

Here is how to check the Oracle Solaris Version you are running

	$ uname -a
	SunOS mysunserver 5.10 Generic_125100-06 sun4v sparc SUNW,Sun-Fire-T1000 Solaris
	$

	Solaris 10 uses the SunOS 5.10 kernel, Solaris 9 uses the SunOS 5.9 kernel...
 Read more...

Whether you’re unsatisfied with your Solaris system performance or just want to get the most out of what the machine is capable of, there is a cyclical process to improve it, which consists of determining where the processing slow-down is occuring (the bottleneck), fixing it, then repeating the process, until the most significant bottlenecks are reduced.

First, we should learn about some tools to help us monitor system performance. SAR (the system activity reporter) is the time-honored (and very cryptic) standard UNIX performance monitoring tool. How do we use SAR to see what the Sun server has been doing?

Read more…