What a long strange (upgrade) trip it’ been!

Holy crap batman! This easily has to be the longest upgrade I have ever done. Especially seeing I didn’t build a new machine. All I did was upgrade the drives in my RAID array added new video cards to my machine. The rest was just upgrading the internal network to a gigabit.

Upgrading the drives was the major time killer. First, I had to format 4-1 Terabyte HD’s which took almost 3 hours each! OUCH! Installing a fresh copy of Windows 7 went without a hitch. Detected everything in the computer right off the bat. Even the new, dual Nvidia GT250’s I put it. Smokin’ video cards by the way! 1GB DDR3 per card. Yummy! They are dual slot cards so they take up all but one of my slots on the pc. That one holds my WinTV card. And as another added bonus with this upgrade, Comcast FINALLY opened up some Clear QAM channels that my TV card can decode. So I finally have some HD TV on my pc. It’s been great watching the Olympics!

But I digress, back the the friggin’ HD’s. So not only did it take almost 3 hours per drive to format them, 1 for a backup drive and the other 3 for a RAID array, it took almost 36 hours to sync the resulting 1.8Tb RAID5 array. And all that time doesn’t even include copying the over 700G of data I have.

So I finally get everything formatted, installed and configured Monday night after starting everything last Thursday. I wake up Tuesday morning and what do I find? One of my monitors died! WTF! If it’s not one thing it’s another? The biggest kicker isn’t that it died, it’s that you can hardly find any 19″ monitors any more with a standard 4:3 aspect ratio. The only ones I found that were comparable to my current monitors costs a minimum of $180-200. I can get a brand new 23″ wide screen (16:9 aspect ration) for an extra $30. So I said “to hell with it” and got me a new HD ready, 1080p, 23″ Viewsonic widescreen LCD monitor. Should be coming tomorrow. I’m going to have so much screen space I won’t know what to do with it!

So after getting everything up and running I check my email. Looks like you-know-who was a busy little boy since I wrote the post about greatschools.org getting back to me and me calling him out on accessing my websites from his work! So far I have 3 text files documenting all the major crap that went on.

  1. Starting 2/16/2010 at approx 23:46 CST till 2/17/2010 00:14 CST, I was being swarmed with a UDP flood all pointing to my outbound connection.
  2. On the 17th, between approx. 13:10CST ? 13:36CST I had 17,471 hits on UDP port 1025 which access attempts to said port are from a Trojan called Remote Storm. With one last visit on that port on 2/18/2010 at approx. 17:50 CST.
  3. On the 18th around 16:38 CST I get 3 firewall warnings for a “Teardrop Attack” coming from ip address 178.66.179.29. Along with that I just found on the 18th that I was being flooded with more UDP traffic coming from ip address 124.40.51.144.
  4. The 19th has so far consisted of random ip addresses hitting random UPD and TCP ports. Heaviest port being hit was UPD port 2805.
  5. The 20th was the same except the majority of the hits were to UDP port 2869. But, at around 18:00 CST I received a phone call from work that the website was under a DoS attack from a Comcast address 67.163.25.163.
  6. The 21st around 22:16 CST ? 22:31 CST, I started getting slammed on UDP port 2140, which references back a Trojan named Deep Throat/Foreplay. During that time also, at approx. 23:06 CST I get warnings that I am being scanned from 130.94.111.20.
  7. The 22nd, between approx. 12:49 CST and 14:28 CST, once again it was a UDP flood on port 2366 with some other UDP ports mixed in.
  8. The 23rd, was just a bunch of different attempts on different UDP ports. On top of that though, in my email logs, it looks like someone was trying to hack in/brute force attack my pop email server starting at approx. 2:24 CST.

Today seems to be quiet so far, but he usually doesn’t start till the afternoon or late night.

Spoke to soon! Seems today I was getting flooded primarily on UDP port 1372. It started at approx. 12:32 CST and stopped around 14:12 CST. I also just saw someone trying to use a bot called? Linkwalker/2.0 from brandprotect.com/seventwentyfour.com. Odd. After going to the website I see what’s going on.

Leave a Reply