You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
4.1 KiB
109 lines
4.1 KiB
%
|
|
% Sharktech.tex
|
|
%
|
|
% Fork Sand IT Manual
|
|
%
|
|
% Copyright (C) 2018, Fork Sand, Inc.
|
|
% Copyright (C) 2017, Jeff Moe
|
|
%
|
|
% This document is licensed under the Creative Commons Attribution 4.0
|
|
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
|
|
%
|
|
\section{Sharktech}
|
|
Sharktech is a provider that focuses on DDoS prevention, such
|
|
as for gaming servers. Has a data center in Denver.
|
|
Looks good. Manually provisions servers over a few days.
|
|
Good local speed and latency.
|
|
\url{https://sharktech.net/}
|
|
|
|
\begin{figure}[!htb]
|
|
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png}
|
|
\caption{Sharktech Website}
|
|
\label{fig:www-sharktech}
|
|
\end{figure}
|
|
|
|
\begin{figure}[!htb]
|
|
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png}
|
|
\caption{Sharktech Dashboard Services Web Page}
|
|
\label{fig:www-sharktech-dashboard-services}
|
|
\end{figure}
|
|
|
|
First login, kernel is:
|
|
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 GNU/Linux}
|
|
It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already
|
|
barfed a couple times (USB time outs and more).
|
|
|
|
IPMI http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL
|
|
certificate (like every other Supermicro on the planet). IPMI requires Java junk.
|
|
Server was running for a few days before I could update it.
|
|
|
|
\begin{minted}{sh}
|
|
# Sharktech IPMI:
|
|
Firmware Revision : 03.38
|
|
Firmware Build Time : 2015-01-05
|
|
|
|
# XXX
|
|
# XXX Somehow doesn't have a route to ns1 for DNS (?).
|
|
# XXX NEED MULTIPLE MASTERS.
|
|
# XXX This eventually sync'd after a few minutes and restarts...
|
|
017-10-07 07:53:57.755584 | server | N | zone load: slave zone solipsists.org. requires download from the master
|
|
2017-10-07 07:54:00.833918 | server | E | slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host
|
|
2017-10-07 07:54:00.833923 | server | W | slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying
|
|
2017-10-07 07:54:00.928262 | server | E | database: solipsists.org.: failed to download the zone: No route to host
|
|
|
|
# XXX takes 7 minutes to reboot.
|
|
\end{minted}
|
|
|
|
\begin{figure}[!htb]
|
|
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png}
|
|
\caption{Sharktech Reboot DHCP Hang}
|
|
\label{fig:sharktech-reboot-dhcp}
|
|
\end{figure}
|
|
\begin{figure}[!htb]
|
|
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png}
|
|
\caption{Sharktech Reboot DHCP Hang 2}
|
|
\label{fig:sharktech-reboot-dhcp-2}
|
|
\end{figure}
|
|
\begin{figure}[!htb]
|
|
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png}
|
|
\caption{Sharktech Reboot GRUB}
|
|
\label{fig:sharktech-reboot-grub}
|
|
\end{figure}
|
|
|
|
\begin{itemize}
|
|
\item Default IPMI connection is in cleartext http.
|
|
\item SSL certificate for Supermicro IPMI is bad (like all of them).
|
|
\item Can't change password on IPMI.
|
|
\item Root password for server and IPMI is sent via email.
|
|
\item There is an attack window between their machine imaging and first login.
|
|
\item Customer should control timing of first power on.
|
|
\item System is also possibly vuln during the ISP's initial power up and commissioning period.
|
|
\item First reboot, the system hung (.png XXX).
|
|
\item Hard reset, lots of DHCP queries at boot.
|
|
\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!
|
|
\item They block NTP to prevent DDoS, so you have to use their time server
|
|
\texttt{time.sharktech.net}
|
|
\end{itemize}
|
|
|
|
Sharktech payment methods:
|
|
|
|
\begin{itemize}
|
|
\item Credit Card.
|
|
\item PayPal.
|
|
\item Wire Transfer.
|
|
\item Check/Western Union.
|
|
\item Offline Credit Card.
|
|
\item Bitcoin.
|
|
\item \$1,000USD maximum balance.
|
|
\end{itemize}
|
|
|
|
|
|
\section{ns36}
|
|
ns36 server info
|
|
|
|
\begin{itemize}
|
|
\item Shipped with default kernel:
|
|
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 GNU/Linux}
|
|
\item Shipped with Debian 8.3 (an old version of \texttt{oldstable}).
|
|
\end{itemize}
|