4444jbp

HP PSC2410 ... printing on dark paper

2005-12-17T14:22:00.000-08:00

Just some notes, mostly for myself, but hopefully useful to others to ...

I was trying to use my HP PSC2410 printer to print on very dark (chocolate-brown) card stock, from my Apple PowerBook laptop. I used Powerpoint to layout the text and graphics, then in the print menu, I had to do a lot of twiddling -- otherwise the dark paper would confuse the printer and it would claim to be jammed or out of paper.

In Powerpoint I set it for "US Letter" ... which it considered 7.5x10in (landscape mode)

In Printer Options, I set the following:

* under "Paper Handling": click on "Use documents paper size: Borderless photo 8.5x11in." (No, this does not appear to jive with what Powerpoint thinks, but this is what I found that works)
* under "Borderless Printing": click on "Print borderless" (i.e. turn it on)
* under "Paper Type/Quality":
** on the "Paper" tab: select "Paper Type" as "HP Premium Plus Photo", select "Quality" as "Best", select "Color" as "ColorSmart III", and select "Source" as "Upper Tray"
** on the "Digital Photo" tab: turn all the fancy options off, or set the sliders all the way to the left (which should say "Off")

The details

2005-08-05T15:05:00.000-07:00

The details of what my log-watch system:

1. mkfifo /tmp/log_fifo
2. edit /etc/syslog.conf and add:
*.info;authpriv.none |/tmp/log_fifo
3. edit /etc/sysconfig/iptables and add a new table called "BADGUYS"
a. in the "filter" section (at the top):
:BADGUYS - [0:0]
b. in the INPUT table:
-A INPUT --in-interface eth+ --jump BADGUYS
c. in the BADGUYS table (add this at the bottom):
-A BADGUYS --in-interface eth+ --source 169.254.0.0/16 --jump DROP
or some other "bad" IP address.
3. service syslog restart
4. run my logmonitor script which watches the /tmp/log_fifo "file" (more on this later)

By default, the logmonitor wakes up whenever a new entry appears in the log_fifo -- i.e. every time a login fails, but also every time any other crap goes into the log file. Every 5 minutes, it also wakes up and checks if any of the banned IP addresses has expired -- right now a ban is for 12 hours. I think the overhead on the system is minimal, and it catches script kiddies after 3 failed attempts, not 50.

Geek blog

2005-08-05T14:54:00.000-07:00

Every now and then I tend to "geek out" and so I figured I'd start a blog to post my progress.

The latest thing I've been hacking on is a security system for my computer ... there are lots of script kiddies out there now, and if you turn on a brand-new computer, they say it will be "rooted" or compromised within minutes. In my own computer's logs, I'm seeing 2-10 brute-force attempts to login by random machines. Generally, these are very easy to detect:


Jul 31 23:03:35 192 sshd[32563]: Illegal user admin from 200.220.192.86
Jul 31 23:03:35 192 sshd(pam_unix)[32563]: check pass; user unknown
Jul 31 23:03:35 192 sshd(pam_unix)[32563]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=nagios.nqt.com.br
Jul 31 23:03:37 192 sshd[32563]: Failed password for illegal user admin from
200.220.192.86 port 52533 ssh2
Jul 31 23:03:39 192 sshd[32565]: Illegal user admin from 200.220.192.86
Jul 31 23:03:39 192 sshd(pam_unix)[32565]: check pass; user unknown
Jul 31 23:03:39 192 sshd(pam_unix)[32565]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=nagios.nqt.com.br

Basically, they're just trying random passwords into widely-used usernames -- admin, betty, bob, joe. But they also try it a few times at each of 50 different usernames, so they could slowly figure out a correct combination.

My approach has been to give them 3 tries to get in, then I start dropping all their packets -- it's as if my computer never sees them again. If it is a legit user, they'll probably get their password right in 3 tries, so it isn't a big inconvenience to real users.