From kwanseng at yahoo.com Mon Oct 1 13:08:35 2007 From: kwanseng at yahoo.com (Kwan Low) Date: Mon, 1 Oct 2007 13:08:35 -0700 (PDT) Subject: looking for Cisco IPP 7940 software upgrade service? Message-ID: <952153.70348.qm@web52808.mail.re2.yahoo.com> I've a hung Cisco 7940 ip phone (earlier attempt to upgrade it from factory default to SIP version 7.5 failed). I've try everything to revive it, including factory reset but no luck. It stucked at Application Invalid state. Is there any Cisco 7940 software upgrade service here in south bay area (MV/PA/Sunnyvale) can help me revive it? regards, Kwan ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/ From pmui at groundworkopensource.com Tue Oct 2 11:03:01 2007 From: pmui at groundworkopensource.com (Peter Mui) Date: Tue, 2 Oct 2007 11:03:01 -0700 Subject: BayLISA Monitoring SIG, Weds Oct 10, 7PM Message-ID: <140CFE4E-58DA-4581-89D5-69E627FF0CE3@groundworkopensource.com> (Hi: You're invited to the BayLISA Monitoring SIG, Weds Oct 10, 7PM. See the meeting announcement pasted below: feel free to post it and/ or forward it along to anyone else who might be interested. Many thanks, and hope to see you there! -Peter) ================================================= Oct. 2007 BayLISA Monitoring SIG: What Doesn't Work We'll discuss monitoring tools and strategies you've tried, and maybe still use, and what their limitations are. Come ready to share your grandest monitoring experiments and failures, or be prepared to ask probing questions about why someone else's well-laid plans went awry. Or bring the requirements for your proposed monitoring deployment and we'll peruse it for obvious and not-so-obvious gotchas. What: BayLISA Monitoring SIG XI: What Doesn't Work Who: Anyone interested in IT monitoring issues and tools (newbies particularly welcome!) When: Wednesday, Oct 10 2007, 7PM Where: GroundWork Open Source, 139 Townsend St., San Francisco How: 139 Townsend St. is very near AT&T Ballpark. It is one and a half blocks from the CalTrain Depot. Take the MUNI N, T or J trolley to 2nd and King (ballpark stop) or take the 30 or 45 bus (among others) crosstown. Free evening street parking can probably be found, but there are also several fee-based parking garages around in case of parking difficulty. Cost: Free!! Fine dining provided by GroundWork: pizza, pop, and snacks. We'll open up the doors at 6:30 or so and start the formal part of the meeting promptly at 7PM. RSVP (not necessary, but helpful): Peter Mui, pmui at groundworkopensource.com, 415 992 4573 ================================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: From pmui at groundworkopensource.com Tue Oct 9 10:45:27 2007 From: pmui at groundworkopensource.com (Peter Mui) Date: Tue, 9 Oct 2007 10:45:27 -0700 Subject: Reminder: Tomorrow: BayLISA Monitoring SIG (Weds Oct 10, 7PM) Message-ID: <5274D8E5-A726-4381-B1AE-6FB128FA2F26@groundworkopensource.com> (Hi: Just a friendly reminder of tomorrow's Monitoring SIG, Weds Oct 10, 7PM. See the meeting announcement pasted below: feel free to post it and/or forward it along to anyone else who might be interested. Many thanks, and hope to see you there! -Peter) ================================================= Oct. 2007 BayLISA Monitoring SIG: What Doesn't Work We'll discuss monitoring tools and strategies you've tried, and maybe still use, and what their limitations are. Come ready to share your grandest monitoring experiments and failures, or be prepared to ask probing questions about why someone else's well-laid plans went awry. Or bring the requirements for your proposed monitoring deployment and we'll peruse it for obvious and not-so-obvious gotchas. What: BayLISA Monitoring SIG XI: What Doesn't Work Who: Anyone interested in IT monitoring issues and tools (newbies particularly welcome!) When: Wednesday, Oct 10 2007, 7PM Where: GroundWork Open Source, 139 Townsend St., San Francisco How: 139 Townsend St. is very near AT&T Ballpark. It is one and a half blocks from the CalTrain Depot. MUNI: take the N or T light rail to 2nd and King (ballpark stop) or take the 30 or 45 bus (among others) crosstown. Free evening street parking can probably be found, but there are also several fee-based garages around in case of parking difficulty. Cost: Free!! Fine dining provided by GroundWork: pizza, pop, and snacks. We'll open up the doors at 6:30 or so and start the formal part of the meeting promptly at 7PM. RSVP (not necessary, but helpful): Peter Mui, pmui at groundworkopensource.com, 415 992 4573 ================================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at catwhisker.org Wed Oct 17 05:31:43 2007 From: david at catwhisker.org (David Wolfskill) Date: Wed, 17 Oct 2007 05:31:43 -0700 Subject: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700 Message-ID: <20071017123143.GE7827@bunrab.catwhisker.org> I'm seeing some rather peculiar-looking thing in my Apache logs: 65.55.209.221 - - [16/Oct/2007:21:43:52 -0700] "GET /~david/FreeBSD/pccard/ HTTP/1.0" 200 529 "-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)" 71.158.175.242 - - [16/Oct/2007:22:25:27 -0700] "" 501 - "-" "-" 71.193.127.74 - - [16/Oct/2007:22:26:12 -0700] "" 501 - "-" "-" 76.21.135.124 - - [16/Oct/2007:22:26:41 -0700] "" 501 - "-" "-" ... many -- maybe hundreds -- more of the last few, from a variety of addresses: probably at least one botnet, I'd guess... 222.114.43.32 - - [16/Oct/2007:23:14:47 -0700] "" 501 - "-" "-" 124.28.48.99 - - [16/Oct/2007:23:14:47 -0700] "" 501 - "-" "-" 85.155.21.249 - - [16/Oct/2007:23:14:57 -0700] "" 501 - "-" "-" 87.12.2.203 - - [16/Oct/2007:23:14:57 -0700] "GET /~david/FreeBSD/laptop.html HTTP/1.1" 200 15424 "-" "Opera/9.23 (Windows NT 5.0; U; en)" 82.253.23.91 - - [16/Oct/2007:23:14:59 -0700] "" 501 - "-" "-" 87.12.2.203 - - [16/Oct/2007:23:15:01 -0700] "GET /favicon.ico HTTP/1.1" 404 292 "http://www.catwhisker.org/~david/FreeBSD/laptop.html" "Opera/9.23 (Windows NT 5.0; U; en)" 86.107.63.71 - - [16/Oct/2007:23:15:11 -0700] "" 501 - "-" "-" 85.155.21.249 - - [16/Oct/2007:23:15:13 -0700] "" 501 - "-" "-" The error log entries corresponding to the "peculiar" ones each look like: [Tue Oct 16 22:25:27 2007] [error] [client 71.158.175.242] Invalid method in request [Tue Oct 16 22:26:12 2007] [error] [client 71.193.127.74] Invalid method in request [Tue Oct 16 22:26:41 2007] [error] [client 76.21.135.124] Invalid method in request It's not as if my Web server (sitting at the end of a residential DSL with a static /32) has high visibility or anything.... Is there a (pointer to a) recommended course of action? Any clue what the perps are up to? Thanks. Peace, david -- David H. Wolfskill david at catwhisker.org Proprietary data formats obfuscate, rather than disseminate, information. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From ames at montebellopartners.com Wed Oct 17 09:25:09 2007 From: ames at montebellopartners.com (Ames) Date: Wed, 17 Oct 2007 09:25:09 -0700 Subject: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700 In-Reply-To: <20071017123143.GE7827@bunrab.catwhisker.org> References: <20071017123143.GE7827@bunrab.catwhisker.org> Message-ID: <1192638309.26922.2.camel@inspiron.box.montebellopartners.com> On Wed, 2007-10-17 at 05:31 -0700, David Wolfskill wrote: > I'm seeing some rather peculiar-looking thing in my Apache logs: > > > [Tue Oct 16 22:25:27 2007] [error] [client 71.158.175.242] Invalid method in request > [Tue Oct 16 22:26:12 2007] [error] [client 71.193.127.74] Invalid method in request > [Tue Oct 16 22:26:41 2007] [error] [client 76.21.135.124] Invalid method in request > David, I'd guess someone with a botnet wants your box. These look like they are searching for Apache vulnerabilities in unusual request methods (e.g. TRACE instead of GET). It also looks like your Apache is configured to reject these (good!). Make sure you're staying on top of security patches. At least one of the IP's you list is on the SpamHaus PBL. You might consider blocking some of those. Regards, - Ames -- Ames Cornish ~ http://montebellopartners.com/ 650-331-1402 ~ ames at montebellopartners.com From ahorn at deorth.org Wed Oct 17 10:34:19 2007 From: ahorn at deorth.org (Alan Horn) Date: Wed, 17 Oct 2007 10:34:19 -0700 (PDT) Subject: BayLISA Meeting 10/18/2007 - Adrian Cockcroft Message-ID: <20071017103322.M63359@slick.sigje.org> This promises to be a great talk, so all come down for the fun :) BayLISA October General Meeting Date: Thursday, Oct 18, 2007, 7:30pm start Location : Yahoo, Bldg E, classroom 9. Directions to Yahoo at http://yhoo.client.shareholder.com/press/address.cfm, Turn left for blgd E instead of right for bldg D. Utilization is Virtually Useless as a Metric! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adrian Cockcroft - Director of Engineering, Netflix We have all been conditioned over the years to use utilization or %busy as the primary metric for capacity planning. Unfortunately, with increasing use of CPU virtualization and sophisticated CPU optimization techniques such as hyper-threading and power management the measurements we get from the systems are "virtually useless". This paper will explain many of the ways in which the data we depend upon is distorted, and proposes that we turn to direct measurement of the fundamental alternatives, and express capacity in terms of headroom, in units of throughput within a response time limit. About Adrian Cockcroft: As a Sun Distinguished Engineer Adrian is best known as the author of four books including Sun Performance and Tuning (2 editions); Resource Management; and Capacity Planning for Internet Services. In his 16 years at Sun he worked in technical sales and marketing, led creation of the BluePrints best practice publishing program, tested very complex integrated systems, was a leader of Sun's Six Sigma program and was the Chief Architect and Product Boss for Sun's High Performance Technical Computing business unit. In this time he gave many training classes and consulted with a wide range of customers, most notably as the on-site capacity planning consultant for the Salt Lake 2002 and Athens 2004 Olympic Games. Joining eBay in 2004, he initially worked for Operations Architecture, investigating new platforms and providing guidance to the capacity planning groups at eBay and PayPal. As a founding member of eBay Research Labs in 2005, Adrian helped define the initial strategy for the Labs and an Innovation Forum. In 2007 Adrian joined Netflix as a Director of Web Engineering, directing a team responsible for research and development of scalable personalized web architectures. Adrian has a blog at http://perfcap.blogspot.com where he discusses capacity planning techniques, new computer technology, and how markets and innovation interact. He is also a member of the Homebrew Mobile Phone Club, and several local classic car clubs. Details also on http://www.baylisa.org From david at catwhisker.org Thu Oct 18 05:36:08 2007 From: david at catwhisker.org (David Wolfskill) Date: Thu, 18 Oct 2007 05:36:08 -0700 Subject: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700 In-Reply-To: <20071017123143.GE7827@bunrab.catwhisker.org> References: <20071017123143.GE7827@bunrab.catwhisker.org> Message-ID: <20071018123608.GV7827@bunrab.catwhisker.org> Well, after seeing a bunch more of these "Invalid method in request" log entries yesterday, I decided that the novelty had worn off, and I was a bit tired of it. And I noticed that there was a fair amount of repetition (in source IP addresses). I already use a couple of IPFW tables for blocking certain traffic from collections of netblocks: I block all traffic in either direction for table 1 (that's reserved for netblocks whose custodians are insufficiently responsive to abuse reports); I block all SSH requests from table 2. So I created a "table 3" for netblocks from which I now block 80/tcp and 443/tcp, and populated it with a list of the 45 unique /32s I found from yesterday's log. This appears to have reduced the impact on my Web server somewhat. :-} (For those unfamiliar with the approach, IPFW tables in FreeBSD are accessed in a way that is similar to the way routing tables are, so it's more efficient to use them for large numbers of entries than it is to use a simple list of separate packet-filtering rules.) Peace, david -- David H. Wolfskill david at catwhisker.org Proprietary data formats obfuscate, rather than disseminate, information. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: