Tuesday, February 28, 2006

The beginning of the end (retracted)

This post has been retracted due to errors in the source article. China is not creating their own ".com" and ".net" domains. Rather, they are creating ".com.cn" and ".net.cn". Apologies for any confustion. <!--The beginning of the end starts tomorrow. This CircleID article states that China is standing up it's own internal DNS system. If you read it closely enough, you'll notice that they're standing up their own ".com" and ".net" domains.

(To do (any volunteers?): research the requirements to obtain a Chinese .com domain)

Whether or not any other country attempts this will depend on how the Chinese will depict the success of the "experiment". Given the usual "failure is not an option" mind set, implementation problems will probably remain hidden and the project will be extolled as a resounding success.

What does it mean?

It means that if the Chinese government says that such-and-such does not exist on the Internet, for the Chinese user, it does not exist (they can't reach it). It means that censorship becomes that much easier as the model switches from "enumerate the bad" to "enumerate the good". It means that monitoring of DNS-based services just became very easy as zones can be configured to run their traffic through government approved proxies. Many of the tunneling systems (those that use hostnames and SSL) will no longer function.

For the the of us, it makes tracking down sources of malicious traffic that much harder (conflicting WHOIS entries will appear, if the new ones are made available). Commercial interests will probably renegotiate with the Chinese government (do they become an income stream for those that control the CN networks?).

These are just off of the top of my head. Y'all can probably think of a few more. If other large population bases decide to do this, there's going to be chaos. Yes, eventually it'll be ironed out but it's going to get messy before it gets better.-->

Monday, February 27, 2006

Snort tools

Here's a couple of tools that can be used with Snort: FLoP, the Fast Logging Project for Snort, and Mucus, an IDS testing tool that will generate traffic from Snort rules. It should be noted that Mucus can also be used for evil but isn't intended as such.

Oh, and watch out for that wet nose on the web site...

Sunday, February 26, 2006

In Dallas

I'm in Dallas for the next three days... Please leave a message after the beep.


It was an uneventful flight (a welcome occurance after the flight into Scranton last August where people were injured by colliding with the ceiling). I managed to get lost only once on the way to the hotel. I was quite early for check-in so I wandered around. Turns out the Super Walmart in Va. Bch. isn't as super as we locals thought it was. The one in Dallas could hold two of them. Barnes and Noble is slightly larger. CompUSA Dallas should be ashamed of themselves (lots smaller). Even though I did pick up a case for the new cell phone, the space taken up by cell phone displays in CompUSA should not rival the computers'.

In any case, I'll be back in town on Wednesday.

Friday, February 24, 2006


Here is InfoSysSec's link page for network and Internet protocols. You should be able to kill a morning reading various documents linked there.

Thursday, February 23, 2006


A few years ago I had an argument with a "professional" from another NOC concerning the proper repair for his outgoing-mail-bouncing-off-of-my-firewall issue. When I suggested that he repair the reverse lookups in his external DNS's, he snapped and stated that he was an (DNS) expert because he had his MCSE. He stated that I was the fifth NOC that had told him that (there's a clue in there somewhere) and that we should all get our acts together and turn off reverse lookups for SMTP.

To get a description of the day that I've had, just re-read the words in red above. I'll laugh later.

Wednesday, February 22, 2006


I've recovered (mostly) from the week from hell. The garbage grinder is fixed, we've received an apology from the restaurant, I have a new cell phone and I've gone deeper into debt to replace the heating system for the house. The only open issue is the one that had the guarantee of satisfaction.

FTD has not only not answered the properly submitted complaint, they've seen fit to send me unsolicited advertisements.


In any case, because (in my opinion) it appears that FTD has lost the personal touch (your flowers get delivered by the same guy that delivers vitamins and stuff from the tv shopping channels), I recommend that you not use them. Have the local flower shop deliver instead. It supports your local economy and the flowers aren't aren't normally delivered inside a box.

Tuesday, February 21, 2006


fping is an interesting tool in that it can accept a list of addresses from a file and ping each of them in sequence. If a system answers, it is removed from the list and, of course, the function can time out. Useful if you need to periodically check if a set of systems is online.

Monday, February 20, 2006

DNS recursion

Here are discussion concerning the problems related to allowing DNS recursion: "The Continuing Denial of Service Threat Posed by DNS Recursion" and "Looking behind the smoke screen of the Internet: DNS recursive attacks, spamvertised domains, phishing, botnet C&C's, Internet infrastructure and you".

While turning off recursion can be a good thing, there are justifiable uses for it. I've had to argue at length against a policy that all recursion be disabled, even internally.

Sunday, February 19, 2006

SSH DenyHosts

Awhile ago, I had a discussion with someone concerning the possible responses to the brute force attacks occurring against SSH servers. Of course, because the attacks involved automated discovery, the obvious answer was "move the port". As this apparently wasn't an option, the discussion involved tcpwrappers and iptables. Here is an example of a TCPWrappers-like approach.

Friday, February 17, 2006

IPv6 autoconf

LinuxWorld Magazine has a good article on "Stateless Network Auto Configuration with IPv6. Warning: extremely high number of advertisements on page.

Thursday, February 16, 2006

Ford Aux Input

I guess this goes under the "note to self" category.

A member of the local *nix group has been talking about car-puters and he happens to drive the same make/model as I do. He pointed out this interface.

Wednesday, February 15, 2006


The people on this planet have entirely TOOOOO much time on their hands! Squidly1 pointed out a selection of Numa Numa videos. The one entitled "the famous numa numa" (added by kuyalong) is pretty good but would someone tell that guy to stop diving off his bed? That looks painful.

Tuesday, February 14, 2006

Note to self

Stay in bed next year. Pull the covers up over your head.

Valentine's Day this year was a display of how far people are willing to stress their systems in pursuit of profit. The $50 in roses that I ordered arrived on time, wilted. (They did not improve when we recut the ends, replaced the water and added bloom booster.)(My roses are nicer but my wife likes the order-out stuff for V-day.) Thank you FTD and DHL. (FTD no longer delivers. They outsourced that to DHL).

We didn't want to go out for dinner (too many people... wait times, even for reservations, are excessive...) so I decided for Fazolli's take out. The drive through was closed so I had to go in. I should have noticed that the restaurant was full of people that weren't eating. (They were waiting on take out.) The obsessive manager had taken over the pickup window and had driven all other employees away from there. He was mixing up orders, throwing out order slips, and throwing out plates of food when it didn't match what he thought was the current order. That store definitely did not make a profit tonight. In any case, it took 40+ minutes to get food at what is normally considered a fast-food place.

On the way home (on a back road), a truck took out a telephone pole, pulling two others down also. I had to backtrack two miles to the previous intersection and then take a detour which added another 15 minutes to the trip. Oh, did I forget to say that the truck was a delivery truck?

Note to self: Next year, stay in bed. Don't come out until the Ides of February.

Monday, February 13, 2006

Sunday, February 12, 2006

EA Blames

Me: "Officer, I'd like to turn myself in. My computer thinks that I'm a pirate."

LEO: "Huh? A software pirate?"

Me: "Uh, yeah. I recently added a VoIP interface and, because Microsoft didn't recognize the card, EA Games's copy protection thought that I was doing something evil. Now I can't run any EA Games products, even after removing the TDM-400 card and trying to re-install everything. Even the OS."

LEO: "How many systems did you install it on?"

Me: "Just that one. Of course, I've had to re-install a number of times over the past few years as it periodically eats itself."

LEO: "Eats itself?"

Me: "Yeah, causes hard disk errors. At one point, re-installation was almost a monthly thing. Now even re-installing the software doesn't work. All of my other software still works."

LEO: "Did you steal any of that software?"

Me: "Nope. Bought all of it."

LEO: "Well, if your computer thinks you're a criminal... You have the right to remain silent. Anything you say will be..."

Methinks that there's more to the registration process than EA lets on as none of my EA Games software works now. If anyone in the EA complaint department is reading this, you'll be hearing from me shortly, just as soon as I bulk up on carbs (it helps support extended whining).

Update: The world is coming apart! Add the following to the EA games problem:

  • the garbage grinder quit sometime last night
  • took a late morning nap and woke up to a gradually colder house. I think the cause is the relay for the outside heat pump. It smells funny (as in burnt-funny).
  • my niece has connectivity problems (her father's computer can surf, she can't but can view the config page on the router)(a really old one)(something that's next to impossible to troubleshoot over the phone)(I'm cheating and mailing them a new router.)
  • I still can't get the NSLU2/MVP setup to stream more than 15 seconds of video.

I guess I'm having one of those days. I swear, if one more thing breaks today, I'm going back to bed and pulling the covers up over my head. On the up-side, I was successful in replacing some of the firmware on a second-hand ZipIt at about 3 a.m., this morning.

Update (19FEB06):And here is one of the reasons why I don't want to join EA's mailing lists just so's I can submit a complaint. I'm so pissed about this!

Saturday, February 11, 2006


Emmanuel Lochin has an interesting bibliography for some paper or another that's worth wading through to find interesting papers to read. A lot of the papers are older but are still worth reading.

Update: the tricky part appears to be catching CiteSeer when it's up.

Friday, February 10, 2006


Here is a quick howto for monitoring wireless traffic levels with RRDTool.

Thursday, February 9, 2006

Top/Bottom Posting


The posting ettiquette wars seem to be brewing again in a very old mailing list that I subscribe to...

For those that don't know what it is, it's a periodic battle between the rebels and the anal retentives about which "the proper formatting to use when sending traffic to a mailing list". This time around, there's references to official guides on the Internet. (Like that makes it more official.)

The arguments only succeed in doing one thing: annoying the remainder of the list's population.

Wednesday, February 8, 2006

HRSUG tonight

For those catching this at the last minute, Judy Novak (SourceFire) is speaking at the HRSUG meeting tonight in Williamsburg. (I'm there now.)

Tuesday, February 7, 2006


NirSoft has a collection of free, useful tools for various Windows functions (password recovery, monitoring, etc.).

Monday, February 6, 2006

Comments experiment

I'm experimenting with external comment systems (currently Haloscan). My comment system did not survive the system move and subsequent cable melt. Let me know what you think?

Homemade mag covers

Okay, it's yet another silly tool but it's fun. (I'm going to get in trouble with this one!) Here's a Flickr tool that let's you create fake magazine covers.

Sunday, February 5, 2006

AOL Goodmail

Matt Blumberg has further comments on the AOL announcment that they will charge per message for amounts to a whitelist guarantee. I consider AOL's (and Yahoo's) actions a very bad idea.

"Why?" you ask. Basic engineering, a personal mistrust of altruism, and "life".

It's basic engineering that adding controls to a system narrows its operating range and makes it more sensitive to external forces. While the stated purpose of this action is "to fight spam", I view it as an added stressor to an overly large pile of political and financial stresses on the operation of the Internet.

Adding controls (or stress) to any system makes that system more brittle and more reactive to outside forces. Drive a system out of its normal operating range and it will oscillate, attempting to escape the stress (or controls) placed on it. It's why large buildings and bridges are difficult to build properly. They have "operating ranges" and have been known to oscillate. End (or end-to-end) controls on a system such as the Internet will make it a very brittle system. You think that the NE blackouts of this decade and the Blaster worm were bad? They were problems in "loose" systems.

It's mistrust of altruism because, somewhere down the line, I believe this "stamp" will shortly become an "income stream". Call me pessimistic but, sometime in the future, some bean counter will suggest that raising the rates to generate more income. Greed has killed more technologies than poor design ever has (yeah, I owned a Betamax).

There's other factors involved. Mostly "life" (i.e., the people that use and run the Internet).

People will never cease arguing. The "pursuit of happiness" involves most of the same motivations that cause people to commit crimes. Profit, power, ideology and emotional satisfaction are the reasons that people commit crimes. It's also the purposes under which business operate. We, as a society, live to argue. Politics, religion, sports, the opposite sex, business, finance, last nights tv show, and so on are all motivations for conflict on a daily basis. That society operates under this load without tearing itself apart should be considered an amazing feat, on a daily basis.

The Internet is no different. We will soon be (or already are) bickering over:

  • charging for email
  • who "owns" DNS
  • IP assignments (I have approx. 4 billion IPv6 addresses assigned to my house) (the assignment is discretionary and, sometime in the future, someone will decide that that's too many and take them back) (I won't be happy.)
  • how to protect other people's children (mine's grown and isn't interested, thank you)
  • what constitutes digital privacy
  • what amounts to digital "fair use"
  • and many, many more issues.

Some of the reaons for these arguements are more subtle than others but the justification(s) are nothing new.

The number of arguments will continue to grow in number and volume, each participant justifying/rationalizing their own quest for power or money. Don't think so? There's some today that have declared that the Internet is broken and should be torn down and rebuilt. The only reason to do so is because those people are not "on top". In other words, it's a control issue.

The Internet is not "broke". It's just about the best system that you're going to end up with, no matter how many times you rebuild it. Tighter controls may solve a few short-term issues but will cause problems in the long run. Adding a financial control to fight one problem (spam) will cause another problem to surface elsewhere (fraud?).

In other words, I don't think charging for whitelist membership is a good idea.

Friday, February 3, 2006

Thursday, February 2, 2006

Architectural Assessment

For those people in Rob's class that need sources for their homework ("research an assessment methodology"), I offer the Build Security In web site.

Wednesday, February 1, 2006

Running stuff on the NSLU2

I finally had enough change saved up to get a cheap USB-based hard drive. Getting it "unslung" went without a problem but I have this feeling that I was lucky. (Written directions and I don't normally agree.)

In any case, I've been playing with it during the few minutes of free time I've had in the last few days. My objective is to serve video off of it, similar to the method that I'd demonstrated to friends a few months back, but without the extra computer to serve DHCP and tftp.

Once I get this monster up and running, I'll post my notes in the wiki.