Saturday, December 31, 2005

Microsoft Wireless

Here's another good source of basic info on wirless: Microsoft's How 802.11 Wireless Works. Please ignore the part that talks about Zero Conf because, as with any auto-config technology, it has some safety issues.

Friday, December 30, 2005

Shoot self?

The Full Disclosure Mailing List is discussing Richard Smith's suggestion on how to draw the attention of the NSA. A few thoughts:
  • Now why would you want to do that?
  • I seem to remember that your IP is commonly included in the headers of traffic originating from the large webmail services.
  • Why become a "person of interest" just so's you can be funny for two seconds?

It's not that funny of a joke.

Wireless Detection and Tracking

Interlink Networks has a paper on "Wireless Detection and Tracking" that talks about some of the low level stuff, including packet analysis and what amounts to "heat maps". Some of it is a bit dated (WPA, WEP) but it's interesting nonetheless.

Wednesday, December 28, 2005

Comments offline

Please note that the comment-related functions are offline while the system is tweaked. Be nice, those that are working on the system are not being paid to do it.

More free books

Bruce Perens is working with Prentice Hall to produce a series of books by various authors called the Open Source Series. A nifty additional feature is that the book becomes available online, for free, a few months after it hits the shelves.

Tuesday, December 27, 2005

Wiki hackers

While Sean has been tweaking the server, I've been digging around in the odd corners of the site. It seems that, in the 2 or so years the wiki has been up, roughly 96 accounts have been added to the wiki in an attempt to spam/hack it. The wiki adds the account, logs the time and IP and promptly refuses any attempt to change it. (heh)

Monday, December 26, 2005

Digium

Okay, I'm having too much fun. Worked last night and this morning to get the Digium TDM400P card and the Asterisk software installed and running. In the process, I also figured out where my problem was in installing the IVTV software. (It had to do with the build version in the Makefile for the kernel.)

So far, I think I've burned up all the spouse points that I earned earlier in the year. I've added a cheap 900MHz handset to act as the console phone and have driven my wife nuts with the phone (and the laptop) ringing. More stuff to add to The List of Unfinished Projects:

  • figure out how to stream live audio to the phone
  • "adapt" the NSLU2 (saving up for a USB2 HD)
  • learn more about the ivtv modules and MythTV
  • get ready for next semester's classes
  • get ready for ShmooCon (19 shopping days left!!)

Add that to the stuff already on the list and I'll be busy for at least 6 months.

Sunday, December 25, 2005

Craaack!

Stand still and watch. You'll see the leading edge of the crack pass by you very quickly.

What am I referring to? How about the fracturing of the Internet?

InfoWorld has an article about a Dutch company (UnifiedRoot) standing up their own dns infrastructure, with the intent to run it in parallel to the ICANN managed namespace.

Call me a sadistic pessimist but this topic is going to be "interesting" (Chinese curse version) to watch and has a high entertainment potential. This sort of thing has been tried before and has taken some intriguing turns. (Hint: the proposed managers of the .XXX domain are the same people that used to sell you the domain under ALTERNIC, for less money.)

You'll need popcorn and some soda for this one folks! (I predict a lot of nasty politics, both external and internal.)

Update: Still think I'm kidding? How about this: the site recommends that DNS owners replace their hints file with one from UR. A quick look at the file reveals none of the normal DNS root servers are included. Yep, that's right, rather than the cooperation the web site touts, they want you to trust them implicitly. This should get interesting quickly.

Beeeeeeeeeeeeep...

Please standby. The powers-that-be (again, mostly Sean) are working to get the system back up and running. Some of the custom code (mine) has to wait on final system tweaks before I attack it.

Friday, December 23, 2005

No entry

The site will be offline today. I'll backfill this day's post(s) later.

Thursday, December 22, 2005

dnstop

While we're on the subject of DNS tools, dnstop may be a useful tool if you manage a network. It's a bit simple but will keep track of which host is doing how many DNS lookups. For home networks, it's a bit useless as it needs to listen to a gateway feed. You may find it interesting in any case.

Wednesday, December 21, 2005

dnstracer

dnstracer is an interesting tool. It traces information from DNS back to its source. It does this by using non-recursive queries. In other words, if you tell it to trace "shmoocon.org", it'll return the following interesting data:


Tracing to shmoocon.org[a] via 68.10.16.25, maximum of 3 retries
68.10.16.25 (68.10.16.25)
|\___ TLD3.ULTRADNS.org [org] (199.7.66.1)
| |\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) Got authoritative answer
| \___ ns1.directnic.com [shmoocon.org] (204.13.172.154) Got authoritative answer
|\___ TLD2.ULTRADNS.NET [org] (204.74.113.1)
| |\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) (cached)
| \___ ns1.directnic.com [shmoocon.org] (204.13.172.154) (cached)
|\___ TLD1.ULTRADNS.NET [org] (204.74.112.1)
| |\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) (cached)
| \___ ns1.directnic.com [shmoocon.org] (204.13.172.154) (cached)
|\___ TLD1.ULTRADNS.NET [org] (2001:0502:d399:0000:0000:0000:0000:0001) send_data/sendto: Network is unreachable
* send_data/sendto: Network is unreachable
* send_data/sendto: Network is unreachable
*
|\___ TLD6.ULTRADNS.CO.UK [org] (198.133.199.11)
| |\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) (cached)
| \___ ns1.directnic.com [shmoocon.org] (204.13.172.154) (cached)
|\___ TLD5.ULTRADNS.INFO [org] (192.100.59.11)
| |\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) (cached)
| \___ ns1.directnic.com [shmoocon.org] (204.13.172.154) (cached)
\___ TLD4.ULTRADNS.org [org] (199.7.67.1)
|\___ ns0.directnic.com [shmoocon.org] (204.251.10.100) (cached)
\___ ns1.directnic.com [shmoocon.org] (204.13.172.154) (cached)

While it shows that there may be a problem with TLD1 (this is likely to be a problem with the tool's ability to handle IPv6 data rather than the server), you can see that the tool queries all of the DNS servers that are known to have the data. (68.10.16.25 is the IP of a DNS server local to me). This tool also has the ability to detect lame DNS servers (those that are supposed to know the answer but don't)(think misconfigured or damaged secondaries).

If anyone is really proficient with this tool, please contact me. I'd like to know if it is useful in detecting record poisoning.

Tuesday, December 20, 2005

Help wanted

If PJ (at Groklaw) ever gets around to writing a book on the SCO v. The World cases and I fail to notice it, will y'all let me know? If she can sort out the mess, I'd enjoy reading about it. In any case, more hand-waving and finger-waggling is slated for 22 Dec. Anyone know if I how much it is to buy just one stock (currently at $4.01) and have it framed?

Monday, December 19, 2005

Dasher

The Worm Blog has some initial comments on the Dasher worm. There's also some comment about Dasher.C.

Sunday, December 18, 2005

Offensive Computing

Offensive Computing may be a site to keep an eye on. Their stated purpose is to improve computer/network security via analysis of malware.

Saturday, December 17, 2005

Heads up

"The powers that be" (Sean mostly) have stated that the server swap will occur this week. While the wiki shouldn't be affected as I already maintain it on the new server, there may be some glitches in the rest of the site. Please excuse any vagaries.

Spam Hunt

Just spent the last hour removing spam from the queue for the blog. I feel another spam hunt coming on. Every single one of the incest and beastiality ads pointed at web servers in the continental U.S.

Geek Style

I've just altered my Bloglines subscriptions to remove the Geek Style feed. Visiting that site causes pop advertisements (even in a Linux-based Firefox install). I don't know about anyone else but I feel that I read are either geek-related or personal. With Geek Style, it's the usual low-grade crap in the pop-ups. Example: The usual "Your system is infected with spyware. Click here to scan for it." message. (Hint: I'm not running Windows on this laptop.)

Babak, if you read this, I think the ads are getting into your blog via your webstats4u logo/link. Read this post at JNode and the following excerpts from the WebStats4U Terms of Service:

  • WMS entitles users to access to a variety of on-line and interactive on-line services (the "Products and Services"). Some of the Products and Services are supported by advertising, enabling WMS to provide them to you at no cost. When you use these free services, you agree to allow WMS to display advertising, including third party advertising, through the Products and Services.
  • With the installation of WebStats4U on the site it is accepted that WMS has the right to place advertisements on the site in any format or through any channel, including but not limited to e-mail, layer ads, pops, banners and other usual formats without any forewarning and it is furthermore accepted that WMS takes no responsibility for the advertising content and that WMS shall not be liable for any losses incurred regarding this advertising.

I find anything more obtrusive than Google Ads to be offensive. Google Ads are passive and easily ignored. I'll probably resubscribe at a future date but only after the WebStats4U thingy goes away.

Friday, December 16, 2005

Offline

My apologies. I've been offline for a few days while on a short-notice trip out of town. I've back-filled the last few days.

On a tech-related note, I "helped" pick out a couple of my Christmas presents for this year: the Asterisk Developer's Kit (with TDM400P) and a Linksys NSLU2.

You think that it will keep me busy for a few days? To say nothing about the TDM400P.

Thursday, December 15, 2005

Alien viruses

Is there any way we can strip a Doctorate from someone absolutely clueless?

Dr. Carrigan believes that the Internet is wide open to infection from alien (as in off-world) computer viruses. I have problems with a number of his anthropomorphised assumptions:

  • Where'd they get the 8086-series chips? Dr. Carrigan seems to assume that silicon and the various doping elements are as plentiful there as they are here.
  • Are they running Microsoft Windows? If so, how are they getting their updates? I assume they'd be easy to track on Patch Tuesday. Also, I believe Bill would like a word with them about licensing. Actually, taking into account the speed of light, it means that Windows was in use decades (if not centuries or millenia) before it's availability here on Earth. We may need to talk to Bill about his patents and licensing practices.
  • Infection by off-planet source would happen in one of two ways: either intentionally or accidentally. If intentional, it means they know we're here and network infection is likely to be the least of our problems. (Somebody call Tom Cruise!!) If unintentional, we need to prompt the anti-virus industry that they need to start including sub-routines to counteract alien worms and viruses.
  • If there is a risk of infection from exterrestial sources, what risk do we pose to the galactic community with the problems that we have in our networks? Could that be why no one has contacted us yet? (All claims by the UFO community aside.)

In any case, I hereby nominate Dr. Carrigan to be the recipient of a Reynolds Wrap hat. Shiny side out, dude!

Update: the above is a bit dated and lived in my slush pile for a bit but is still amusing.

Wednesday, December 14, 2005

TMBG

This will a hint to tell how old I am (at a minimum): I'm excited about discovering the TMBG podcast feed.

To those that are Britney's age or younger (or those who've never heard of Login Whitehurst), TMBG is short for "They Might Be Giants". Where else can you hear a band sing in the style of Yes, Rocky Horror, the Beatles, and Leon Redbone?

Then again, trying getting through the day with Birdhouse in Your Soul and Happy Noodle doing battle in your head.

Tuesday, December 13, 2005

MyMP3 and Beam-It

Here is an analysis of MP3.com's Beam-It protocol which is used to verify that a user actually owns the CD they want to stream.

Something I never really understood: why employ a lower quality stream when you already have the CD?

Monday, December 12, 2005

Ouch

Took a power hit this weekend. Lost a stereo and my home network has been acting funny every since. I thought that I'd lost the router that acts as my IPv4/IPv6 gateway because it'd only work for a few minutes at a time.

Turns out that I was wrong. I'd forgotten about the print server I had picked up a few months ago (my wife is the only one that uses it). I'm not sure if it's permanently damaged yet but the network came back when I unplugged it.

In any case, I'm relieved and my wife is pissed. (Keep in mind there's only one print server and two spare AP's.)

I'm in trouble!

Wireless calculators

Tuanis Technology has various online calculators for use with wireless technologies.

Sunday, December 11, 2005

FBI

Not that it's new but I received one from a friendly Mytob worm that I hadn't seen yet. It was from veeby@fbi.gov and said "Here are your bank documents." So, if you're IP is 202.177.156.97 (India), please take a look at your system. It's infected.

Saturday, December 10, 2005

Help wanted

I'm searching for stuff to listen to for an upcoming trip to DC. If anyone has any sources for non-music content, please forward 'em.

Hint: stuff from recent cons and the usual podcasts, I already have.

Automated fingerprinting

CCIED has a paper entitled "Automated
Worm Fingerprinting
" that attempts to deal with 0day worms.

Friday, December 9, 2005

802.16e

It's old news (2 days) now but 802.16e has been ratified. It's important to wireless because it provides extensions to 802.16 that improves mobility (hand-offs between cells) and streaming media. Between this, podcasting and BPL (at least the noise generated by it), we may see some damage to the AM radio business.

Thursday, December 8, 2005

NO OP

No post today, I'm taking the evening off to attend "finals", also known as the class party at the Biergarden in Portsmouth. They have a highly addictive form of potato soup that has beef chunks and spaetzle in it and I'm planning on at least two bowls.

Tuesday, December 6, 2005

WVE

Wandered across the Wireless Vulnerabilities & Exploits site this morning. Looks like it'll be valuable in the long run.

Monday, December 5, 2005

IWS

I'm a bit nervous when the term Information Warfare is used in relation to a website as the Information Warfare Mailing List suffers from bouts of tangential politics but the IWS appears to be a good site to read. It has a lot of good documents for communications security and InfoSec basics.

Sunday, December 4, 2005

Root servers

It's a bit trivial but it's knowing more about your root servers is a good-to-know.

Saturday, December 3, 2005

Basics: Netcat

Linux.com has a "CLI Series" piece on netcat. This is yet another good-to-know tool in the netadmin/sysadmin/power user toolkit, especially for the beginner.

Friday, December 2, 2005

This plane is going to Cleveland?

Can RSS hijacking really be that much of a threat? If it is, I'll modify previous statements about RSS being a viable vector for malicious code. It still wouldn't be a good vector for the spread of malicious code but it might be a usuable vector for the introduction of malicious code.

Thursday, December 1, 2005

X-Lite Softphone

My entire exercise in getting CounterPath's (XTEN) X-Lite softphone to run under Wine (as logged in the wiki) has been rendered a moot point. I've discovered that they also have versions for Mac and Linux via their download site.

Note: this isn't a new development. Chalk it up to my not noticing.