Close Your Ports. Batten down the hatches!

Close Your Ports. Batten down the hatches! Gentlemen callers from nations without extradition policies are calling.

3 days of having port 3389 open on a Linux box. Lesson. Close your ports, use strong passwords, and make sure your software is updated! This is the equivalent of random people coming up to your front door and just checking if your house is open 19 times over 3 days. I know this isn’t a shocker to most people, but it is good to have a reminder. 🙂

2012-12-31 18:10:43 [INFO] Disconnecting /188.80.128.27:63020: Protocol error
2012-12-31 18:10:43 [INFO] /188.80.128.27:63020 lost connection
Host : bl15-128-27.dsl.telepac.pt
Country : Portugal
2012-12-31 19:55:40 [INFO] Disconnecting /198.23.150.84:3748: Protocol error
2012-12-31 19:55:40 [INFO] /198.23.150.84:3748 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 22:13:05 [INFO] Disconnecting /198.23.150.84:1502: Protocol error
2012-12-31 22:13:05 [INFO] /198.23.150.84:1502 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 22:29:39 [INFO] Disconnecting /198.23.150.84:1688: Protocol error
2012-12-31 22:29:39 [INFO] /198.23.150.84:1688 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 22:39:10 [INFO] Disconnecting /198.23.150.84:4286: Protocol error
2012-12-31 22:39:10 [INFO] /198.23.150.84:4286 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 22:47:24 [INFO] Disconnecting /198.23.150.84:1783: Protocol error
2012-12-31 22:47:24 [INFO] /198.23.150.84:1783 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 22:54:48 [INFO] Disconnecting /198.23.150.84:2464: Protocol error
2012-12-31 22:54:48 [INFO] /198.23.150.84:2464 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2012-12-31 23:01:44 [INFO] Disconnecting /198.23.150.84:2912: Protocol error
2012-12-31 23:01:44 [INFO] /198.23.150.84:2912 lost connection
Host : host.colocrossing.com (216.246.49.26 )
Country : United States
2013-01-01 06:30:10 [INFO] Disconnecting /109.124.37.27:63366: Protocol error
2013-01-01 06:30:10 [INFO] /109.124.37.27:63366 lost connection
Host : user-109-124-37-27.tomtelnet.ru
Country : Russian Federation
2013-01-01 12:18:39 [INFO] Disconnecting /203.170.74.234:12274: Protocol error
2013-01-01 12:18:39 [INFO] /203.170.74.234:12274 lost connection
Host : gb-lan-74-234.kar.netsolir.com
Country : Pakistan
2013-01-01 12:28:49 [INFO] Disconnecting /79.5.93.71:3413: Protocol error
2013-01-01 12:28:49 [INFO] /79.5.93.71:3413 lost connection
Host : host71-93-static.5-79-b.business.telecomitalia.it
Country : Italy
2013-01-01 21:27:20 [INFO] Disconnecting /86.96.103.199:4700: Protocol error
2013-01-01 21:27:20 [INFO] /86.96.103.199:4700 lost connection
Host : bba455367.alshamil.net.ae
Country : United Arab Emirates
2013-01-01 21:41:46 [INFO] Disconnecting /110.222.34.54:63023: Protocol error
2013-01-01 21:41:46 [INFO] /110.222.34.54:63023 lost connection
Host : ?
Country : China
2013-01-01 21:47:09 [INFO] Disconnecting /98.189.133.222:55594: Protocol error
2013-01-01 21:47:09 [INFO] /98.189.133.222:55594 lost connection
Host : wsip-98-189-133-222.oc.oc.cox.net
Country : United States
2013-01-01 22:23:08 [INFO] Disconnecting /222.168.113.74:2149: Protocol error
2013-01-01 22:23:08 [INFO] /222.168.113.74:2149 lost connection
Host : 74.113.168.222.broad.jl.jl.dynamic.163data.com.cn
Country : China
2013-01-02 00:10:00 [INFO] Disconnecting /124.224.241.38:2146: Protocol error
2013-01-02 00:10:00 [INFO] /124.224.241.38:2146 lost connection
Host : ?
Country : China
2013-01-02 02:05:02 [INFO] Disconnecting /186.55.11.9:1869: Protocol error
2013-01-02 02:05:02 [INFO] /186.55.11.9:1869 lost connection
Host : r186-55-11-9.dialup.adsl.anteldata.net.uy
Country : Uruguay
2013-01-02 03:57:31 [INFO] Disconnecting /177.132.82.131:4955: Protocol error
2013-01-02 03:57:31 [INFO] /177.132.82.131:4955 lost connection
Host : 177.132.82.131.dynamic.adsl.gvt.net.br
Country : Brazil
2013-01-02 13:37:12 [INFO] Disconnecting /77.61.115.4:51931: Protocol error
2013-01-02 13:37:12 [INFO] /77.61.115.4:51931 lost connection
Host : mail.btts.nl
Country : Netherlands

Advertisements

Turn on your VMs when vCenter is down

If you don’t want to sit through connecting to all your 4.1 ESX hosts to find your vCenter server or your MS SQL server if they need help, you can do it through the command line.

ssh ESX-IP-Address
SSH to your ESX host

vim-cmd vmsvc/getallvms
This lists your VMs

vim-cmd vmsvc/power.on 64
This will power on Vmid 64. You can get your VM’s Vmid from the getallvms command.

vim-cmd vmsvc/power.reboot 64
This will reboot the VM having problems.

vim-cmd vmsvc
This will show you all the possible commands you can run. There’s quite a few.

This is way faster than to vSphere client and I’d recommend it for all your vCenter outage needs. Apparently it works with ESXi 5.0 according to the indomitable Boche here.

EDIT:
vim-cmd vmsvc/tools.cancelinstall 64
Also absurdly useful to stop a hung tools install

Bash Script to Create a Bomgar Licensing Report

I recently showed a developer at work the Bomgar API so he can whip up some fancy reporting. But why should devs have all the fun?

Figuring out the sed part made my brain catch on fire.

#!/bin/bash
# Author Greg Carriger
# Rep Console Usage file version v1
## Collect Data
wget --no-check-certificate https://portal.domain.com/api/command.ns?username=exampleuser\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user1
rm command.ns*
wget --no-check-certificate https://portal2.domain.com/api/command.ns?username=exampleuser\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user2
rm command.ns*
usert=$(cat user1 user2 | sort -u | wc -l)
user1=$(cat user1 | wc -l)
user2=$(cat user2 | wc -l)
time=$(date +%s)
## Write Data
echo $usert $user1 $user2 > tempstats
cat tempstats | sed '$s|^|'"$time"' |' >> stats
## Clean up
rm user1 user2 tempstats

Not done yet.

Revisiting VM Limited in light of vSphere 5.1

http://vimeo.com/29215923

The youtube link is gone and i expect this one to be unavailable as soon as the Microsoft marketing guy recovers his vimeo account password. I think VMware answered all the criticisms with 5.1 cloud suite including offering their own cloud hosting “Project Zephyr” much to their partner’s dismay. Gotta say it’s a funny but infuriating advert.

Apparently Tad doesn’t have anything to say about the new launch. http://twitter.com/Tad_VmLimited

VMware View Windows 7 Optimization Experience

If you are using View then you should look at this fabulous document VMware’s Windows 7 Optimization Guide

I chose the traditional install of Windows 7, because our company image of Windows 7 was created by someone else and I am just throwing it into View for a couple specific purposes.

Make sure to run the script with a “>>c:\result.txt” on the end because it’s long and you want to capture any messages. I had 2 failures. I was not able to purge the Volume shadow copies because the script turned it off before it tried to purge.

The Fix I ran:
Powershell Set-Service 'VSS' -startuptype "manual"
vssadmin delete shadows /All
Powershell Set-Service 'VSS' -startuptype "disabled"

It didn’t actually do anything because this is a fresh install… but hey that’s okay.

The other failure was disabling a Windows Defender service which wasn’t installed.

Also be sure to read through what you are doing because company policy may prevent you from implementing some of the guide such as:
netsh advfirewall set allprofiles state off — Not always the best idea to turn off the windows firewall

And of course make sure your GPOs are not conflicting and the best case scenario is this is applied through GPO so it is easily repeated and enforced.

Good luck!