Thursday, October 28, 2004

Install of Gentoo AMD64 on a Sun Java Workstation W1100z

Install of Gentoo AMD64 on a Sun Java Workstation W1100z


http://uk.sunsolve.sun.com/handbook_pub/Systems/W1100z/W1100z.html

Install of Gentoo 2004.2 AMD64 Universal CDROM, with a stage 3 install and KDE.
Due to time limits I was unable to a Stage 1 or test audio and NVIDIA drivers.


Boot from Live CD Gentoo 2004.2 AMD64.


livecd root # lspci


0000:00:06.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8111 PCI (rev 07)
0000:00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-8111 LPC (rev 05)
0000:00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-8111 IDE (rev 03)
0000:00:07.2 SMBus: Advanced Micro Devices [AMD] AMD-8111 SMBus 2.0 (rev 02)
0000:00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-8111 ACPI (rev 05)
0000:00:07.5 Multimedia audio controller: Advanced Micro Devices [AMD] AMD-8111 AC97 Audio (rev 03)
0000:00:0a.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
0000:00:0a.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X APIC (rev 01)
0000:00:0b.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
0000:00:0b.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X APIC (rev 01)
0000:00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 NorthBridge
0000:00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 NorthBridge
0000:00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 NorthBridge
0000:00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 NorthBridge
0000:01:00.0 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
0000:01:00.1 USB Controller: Advanced Micro Devices [AMD] AMD-8111 USB (rev 0b)
0000:01:03.0 USB Controller: NEC Corporation USB (rev 43)
0000:01:03.1 USB Controller: NEC Corporation USB (rev 43)
0000:01:03.2 USB Controller: NEC Corporation USB 2.0 (rev 04)
0000:01:04.0 FireWire (IEEE 1394): Texas Instruments TSB43AB22/A IEEE-1394a-2000 Controller (PHY/Link)
0000:03:02.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5703X Gigabit Ethernet (rev 02)
0000:08:00.0 Host bridge: Advanced Micro Devices [AMD] AMD-8151 System Controller (rev 14)
0000:08:01.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8151 AGP Bridge (rev 14)
0000:08:03.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
0000:08:03.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X APIC (rev 01)
0000:08:04.0 PCI bridge: Advanced Micro Devices [AMD] AMD-8131 PCI-X Bridge (rev 12)
0000:08:04.1 PIC: Advanced Micro Devices [AMD] AMD-8131 PCI-X APIC (rev 01)
0000:09:00.0 VGA compatible controller: nVidia Corporation NV34GL [Quadro FX 500] (rev a1)
0000:13:04.0 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10)
0000:13:04.1 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10)

Network
To enable network, with no DHCP available.
The Broadcom NetXtreme BCM5703X uses the TG3 (Tigon3) driver.

livecd root # modprobe tg3

livecd root # /etc/init.d/net.eth0 stop

livecd root # /etc/init.d/net.eth0 start

livecd root # ifconfig eth0 192.168.1.12 up

livecd root # route add default gw 192.168.1.254

livecd root # vi /etc/resolov.conf
nameserver 192.168.1.254

Disk
Although the Java Workstation has an Adaptec AIC-7902 Controller, the internal drive was IDE ATA. Surprising to me that only the LiteOn Combi CDROM was found, thus manually required to load IDE drivers.

livecd root # modprobe ide-disk


livecd root # lsmod
Module Size Used by
tg3 78084 0
ide_disk 18112 0
sbp2 22664 0
ohci1394 30404 0
ieee1394 98392 2 sbp2,ohci1394
usb_storage 66880 0
ehci_hcd 26820 0

Carry on install as normal.
Remember to add support for the Adaptec AIC7902 when building the kernel. And add the Tigon3 NIC support . I've used gentoo-dev-sources Kernel AMD64 v2.6.9-r1.



Benchmarking with John the Ripper 1.6

Quick and dirty benchmark against a Sun V610 Xeon 2.8 Gentoo 2.6.5 & the SunW1100z Gentoo 2.6.9.

Johntheripper is a masked package for AMD64, so needed to bye pass keywords.

tux# vi /etc/portage/package.keywords

app-crypt/johntheripper *

tux# CFLAGS="-march=athlon64 -O6 -pipe -fomit-frame-pointer" emerge johhntheripper

Results overview from "john -t"
CPU 2.8 Xeon AMD 150
DES 196706 720659
BSDI DES 6762 24906
MD5 4294 4741
Blowfish 425 372
Kerberos 148487 339303
NTLM 1567952 2948532
DES results are excellent, but poor for MD5 and Blowfish.




Tuesday, October 12, 2004

I got a virus/tojan in dnsSys.exe

Sunday 2nd October, just surfed the web and closed down Firefox, and noticed that my network activity lights are still going. Now, I'm paranoid when it comes to my computer.

Sygate firewall is installed on the W2K box, so checked its logs and c:\winnt\system32\drives\npt.sys was sending constant requests to the network (port 53 DNS). npt.sys was described as “NPF Driver – Time Extensions”, I doubled checking with Google, npt.sys looked a valid W2K program.

Out comes Ethereal network sniffer, simultaneously I logging into my IPCOP firewall and run tcpdump (filtering out ssh traffic). Both programs identify that my PC is sending out DNS requests for “urx.your-getting-rapped.co.uk”.(unresolvable)

I do not like this and reboot, just in case it will go away on its own. It doesn't!
I run free AVG AV, I download the latest virus definitions and scan the windows directory. No virus found!

The DNS requests are happening every second, so I decide to shut down all non-essential W2K services, with no result. I look next at the process table and spot “dnsSys.exe” (c:\winnt\system32\dnsSys.exe). I stop the program and YES the DNS request stop. Found you, you little bugger. But what is dnsSys.exe?

Transfered dnssys.exe to my Gentoo Linux machine and ran clamav id it as, Trojan.Mybot.gen-152.

fett apaton # md5deep dnsSys.exe
d30251e8502a7cf657e64922ea082ae9 /home/apaton/dnsSys.exe

fett apaton # /usr/bin/clamscan dnsSys.exe
dnsSys.exe: Trojan.Mybot.gen-152 FOUND

Now to clean it.
I deleted the file c:\winnt\system32\dnsSys.exe
removed registry entries in for dnsSys.exe
hkey_local_machine\software\Microsoft\Windows\CurrentVersion\Run
hkey_local_machine\software\Microsoft\Windows\CurrentVersion\RunServices


Hope this may help any one else as a Google for dnsSys.exe doesn't find much!
I now run ClamAV from www.clamwin.com and TREND.

apaton