forksand
/
forksand-it-manual
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c168acebb7'
${ noResults }
forksand-it-manual/source/Clouds/Sharktech.tex

109 lines
4.2 KiB
Raw Blame History

%
% Sharktech.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Sharktech}
Sharktech is a provider that focuses on \gls{ddos} prevention, such
as for gaming servers. Has a data center in Denver.
Looks good. Manually provisions servers over a few days.
Good local speed and latency.
\url{https://sharktech.net/}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png}
\caption{Sharktech Website}
\label{fig:www-sharktech}
\end{figure}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png}
\caption{Sharktech Dashboard Services Web Page}
\label{fig:www-sharktech-dashboard-services}
\end{figure}
First login, kernel is:
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 \gls{gnulinux}}
It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already
barfed a couple times (USB time outs and more).
\Gls{ipmi} http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL
certificate (like every other Supermicro on the planet). \Gls{ipmi} requires Java junk.
Server was running for a few days before I could update it.
\begin{minted}{sh}
# Sharktech IPMI:
Firmware Revision : 03.38
Firmware Build Time : 2015-01-05
# XXX
# XXX Somehow doesn't have a route to ns1 for DNS (?).
# XXX NEED MULTIPLE MASTERS.
# XXX This eventually sync'd after a few minutes and restarts...
017-10-07 07:53:57.755584 | server | N | zone load: slave zone solipsists.org. requires download from the master
2017-10-07 07:54:00.833918 | server | E | slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host
2017-10-07 07:54:00.833923 | server | W | slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying
2017-10-07 07:54:00.928262 | server | E | database: solipsists.org.: failed to download the zone: No route to host
# XXX takes 7 minutes to reboot.
\end{minted}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png}
\caption{Sharktech Reboot DHCP Hang}
\label{fig:sharktech-reboot-dhcp}
\end{figure}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png}
\caption{Sharktech Reboot DHCP Hang 2}
\label{fig:sharktech-reboot-dhcp-2}
\end{figure}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png}
\caption{Sharktech Reboot GRUB}
\label{fig:sharktech-reboot-grub}
\end{figure}
\begin{itemize}
\item Default \gls{ipmi} connection is in cleartext http.
\item SSL certificate for Supermicro \gls{ipmi} is bad (like all of them).
\item Can't change password on \gls{ipmi}.
\item Root password for server and \gls{ipmi} is sent via email.
\item There is an attack window between their machine imaging and first login.
\item Customer should control timing of first power on.
\item System is also possibly vuln during the ISP's initial power up and commissioning period.
\item First reboot, the system hung (.png XXX).
\item Hard reset, lots of DHCP queries at boot.
\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!
\item They block NTP to prevent \gls{ddos}, so you have to use their time server
\texttt{time.sharktech.net}
\end{itemize}
Sharktech payment methods:
\begin{itemize}
\item Credit Card.
\item PayPal.
\item Wire Transfer.
\item Check/Western Union.
\item Offline Credit Card.
\item Bitcoin.
\item \$1,000USD maximum balance.
\end{itemize}
\section{ns36}
ns36 server info
\begin{itemize}
\item Shipped with default kernel:
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 \gls{gnulinux}}
\item Shipped with Debian 8.3 (an old version of \texttt{oldstable}).
\end{itemize}
Reference in new issue View Git Blame Copy Permalink