Allan’s ZFS Server Build | TechSNAP 34

Allan’s ZFS Server Build | TechSNAP 34

Allan walks us through his epic ZFS server build, find out why he needs 48GBs of RAM!

Plus: The UN has suffered a user database leak, but the situation might not be as bad as it sounds, we’ll explain!

All that and more, on this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

 


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

   
Subscribe via RSS and iTunes:

   

Show Notes:

UN Site Compromised, Usernames and Passwords Exposed

  • Team Poison attacked and compromised one or more servers at the UN
  • The data exposed via pastebin mostly came from UNDP.org, the UN Development Program, but also included the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO) and the UK’s Office for National Statistics (ONS)
  • The UN responded saying “The server goes back to 2007. There are no active passwords listed for those accounts” and “Please note that UNDP.org was not compromised.”
  • Even though the UN claims the data is not current, it suggests that passwords are stored in plain text, without salting and hashing, and that no password requirements are enforced. Many of the passwords appeared to be overly short, and did not contain
  • Teampoison hackers have previously attacked the RIM/Blackberry website and published private information about former UK Prime Minister Tony Blair
  • Teampoison included a message with the pastebin, officially joining Anonymous in Operation Robinhood, against banks and financial institutions

Duqu Attackers Destroyed Their C&C Server, Covered Tracks

  • On October 20 at around 18:00 GMT, the root user logged in to a number of Duqu C&C servers and proceeded to destroy /root, /etc, /var/log and some other files
  • The attackers securely erased the log files so they could not be recovered
  • However, due to the nature of the ext3 file system, some fragments of the logs had been relocated to reduce fragmentation, and these bits were not securely erased. While brute force searching the slack space, Kaspersky Labs was able to find a fragment of sshd.log showing root logins and the source IP address from another server in Germany.
  • Researchers followed the trail back to Germany, and used the same technique to find more IP addresses. However the logs were from mid November (and were found in early November), and do not indicate which year. Based on other log files, this server may back been part of the Duqu C&C infrastructure as far back as 2009.
  • There is also evidence that the Duqu operators upgrading the OpenSSH that came with CentOS on the server, to the latest versions, 5.8p1 and 5.8p2 when they were released. The attackers also enabled GSSAPIAuthentication on all of their servers. The article below includes more evidence of a possible long lived 0-day exploit for OpenSSH 4.3
  • The Duqu C&C network was made up of hacked servers from all over the world, including: Vietnam, India, Germany, Singapore, Switzerland, the UK, the Netherlands, Belgium, and South Korea. Most if not all of the compromised machines were running CentOS
  • These servers were used as reverse proxies to the real C&C Mothership, which still has not been identified.
  • Very Detailed Analysis of the C&C Servers

Apache Vulnerability Could Expose Internal Systems, Trivial Island Hopping

  • A problem with the way Apache handles rewrite rules could allow an attacker to gain access to internal systems that they would not normally be able to reach
  • The problem was found while looking at a recent fix to the same vulnerability
  • In some specific cases it is still possible to exploit the vulnerability
  • The vulnerability only exists if you use mod_rewrite (almost everyone does) and mod_proxy (fewer people do)
  • You can work around the issue by changing your rewrite rules slighty

Feedback:

Allan finished the build of his ZFS server and shared the results with us:

Parts List

Photos

Q: What OS
A: FreeBSD 9.0-RC2, Will upgrade to 9.0-RELEASE when it comes out.

Q: What version of ZFS?
A: ZPool 28 and ZFS 5 (ZPool 21 introduces the deduplication system, which isn’t available in FreeBSD 8.2 which only has ZPool 15)

Q: What kind of throughput do you get?
A: Sequential read and write: 600+ megabytes/second. I write out a 16gb file in under 27 seconds. Reading it back took under 2.8 seconds (over 6 gigabytes/sec) because the entire file was stored in the ZFS ARC (Adaptive Replacement Cache)

Q: Power Supplies
A: Redundant 920watt Platinum Level (94%+) Efficient Power Supplies, fed from APC 7900 PDUs

Q: Do you suggest I build a server or buy a server?
A: I usually build, but I am a control freak. Buying can be a good option too

Q: What about the RAID Controller
A: Adaptec 6805, comes with FreeBSD drivers for 6.x, 7.x and 8.x, but not 9.x (because it is not out yet). Luckily, they include the source code, so I was able to compile the driver as a loadable module for 9.x. Adaptec has also submitted the changes to FreeBSD to be included in future releases.

Round-Up

11 Responses to “Allan’s ZFS Server Build | TechSNAP 34”

  1. Ey Says:

    I love all your shows, but please work on the audio the last sci-byte was really bad I had to keep my level really low or the sound was really distorted. This Techsnap has lots of nasty clicks. I think its from Alan’s mic or maybe his skype connection. Your voice also sound robotic and over-modulated.Maybe because I’m streaming I will try to download the HD feed I let you know if the sound is better. Keep up the good work guys! I be ordering all my amazon purchases from your website from now on. 

  2. Profeff Says:

    sound is bad picture is bad and around the half way point the sound and picture went weird thought it was my rig so paused it and loaded ~SToked and that was fine loaded fauxshow and that was fine  but still problems with techsnap.

    using chrome and vista

  3. STOFan Says:

    The picture’s great. It’s considerably better than it was a few weeks ago.

  4. Luichi Says:

    The iTunes audio download dies for me at 9:20 into it, it goes silent.

  5. user Says:

    Mine too.  I quit iTunes and replaced the MP3 in C:UsersuserMusiciTunesiTunes MediaPodcastsTechSNAP MP3 with the file linked here. I opened up iTunes and resumed playing without skipping a beat.

  6. Anonymous Says:

    I think the upload to the mirrors was interrupted, I’ve re-posted the MP3 version. If you re-download it should be the whole episode!

    Sorry about that!
    -Chris

  7. Anonymous Says:

    NikeのハイエンドのサッカーシューズのシリーズELミュウミュウ 財布ITEある去年派手な1時、adidasは品質はNIKEに負けませんますが、しかし位置付けの上でプーマ スニーカー風下に降りました。近日、1組のサッカーシューズのスパイはによってadidasの重いサッカーシューズの王の席に帰る遠大な抱負を暴露しました。サッカーユニフォームadidasはadiPOWER PREDATORが発表することをきっかけにするを、SLシリーズのトップクラスのサッカーシューズの製品を出して、その中はPREDATOR SLとadiPURE SLを含みました。2足の靴はすべてF50をブーツ 激安採用しました adiZEROの軽量で大きい底、靴の表面の材質もエアマックス95普通な版と違い、大いに重さを軽減しました。さらに加えて再びサッカーシューズの軽量の王冠のF50を奪います adiZERO PRIME,adidasのトップクラスのサッカーのシリーズはすでに準備し出発を待ちました。登山靴NIKEとadidasの双雄間もなく引き離す大きい幕。

  8. Daniel Anderson Says:

    I have a lot of experience with supermicro servers. Nice to see you got the heat sink in the right direction for the air flow :) Lots of people mess that up it seems… :

  9. Knight Says:

    That server is screaming!

    FYI, standard PC power supplies usually have an efficiency range of 70%-79%. I always purchase 80 Plus Certified PSU’s to avoid inefficient power distribution.

  10. Anonymous Says:

    Lol. You people are awfully easy to impress, if 48G of memory is all it takes. The 48G of ram that is being used here is only about 17% of what the MB can have. If you look at the specs for it you will find that it can have 288 GB of the DDR3 1333 memory. With Dual Quad Coue CPU’s that’s only 6 GB of ram per core. That’s not an awful lot for a server.

    Now I’m not saying that it’s not a real nice server. It is. It’s just not really that impressive. As far as hardware goes. There are desktops out there being used for gaming, that have specs like this does. Yes, they are high end desktops, but they are still desktops.

    So don’t get me wrong Alan. It’s a very nice box. Dual Quad Core CPUs @ 2.4GHz, 11x 2TB 7200 RPM hard drives, and the Adaptec Raid Controller. All really nice kit. One that I wouldn’t mind having myself.

    But “screaming”?

  11. Anonymous Says:

    ”  … Lots of people mess that up it seems. … ”

    People like this are allowed anywhere near this kind of equipment?

    WHY? HOW?

    You have to be kidding me? RIGHT?

    SERIOUS? More then once?

    No !!!!!!! ?

    Wow.

Leave a Reply