Forgot your password?
typodupeerror
Wireless Networking

Journal: Clearwire forcing NAT on customers 6

Journal by Omnifarious

Clearwire is rolling out WiMAX in the Seattle area, and that comes with new modems that force you to use NAT. They aren't giving their customers public IP addresses at all. This makes running IPSEC based VPNs or 6to4 tunnels over Clearwire next to impossible, and I consider Internet service that only comes with non-publicly routeable IP address to not be real Internet service at all.

Google

Journal: Microsoft astroturfing Slashdot? 1

Journal by Omnifarious

I'm wondering with the various anti-google stories showing up on Slashdot, if Microsoft and their anti-google lobby aren't trying to astroturf.

Every single one of these stories has had the quality of seemingly purposefully misinterpreting some move of Google's in a way that's not exactly accurate and much worse than it actually is.

For example, Google getting a design patent on its homepage is more akin to a trademark thing than anything else. It's not really a patent in the sense that people usually think of them.

And I can list a similar kind of twist in thinking in almost all the 'Google is doing this, aren't they evil now!?' stories on Slashdot. Something is fishy.

Security

Journal: First recorded attempt to attack my systems via IPv6!

Journal by Omnifarious

Someone just tried to spam my CAKE wiki via IPv6. The attack came from 2002:c26a:c164:0:216:cbff:feab:b3f5 which is a 6to4 address (you can tell from the beginning 2002) meaning that it corresponds to the IPv4 address of c26ac164, also known as 194.106.193.100 which is the address of some computer in Poland.

It also looks like they're on a network that's using EUI-64 based IPv6 address assignment, so the MAC address it came from is 00:16:cb:ab:b3:f5. Looking that up at the MAC Address Vendor lookup page reveals that this MAC address belongs to an Apple.

Someone's poor hacked Mac is trying to spam my wiki, or this is the computer of the hacker who's running the botnet trying to figure out why none of the spam is showing up.

Security

Journal: DNS cache poisoning on the rise?

Journal by Omnifarious

I run a public DNS server for my own domains and I've been getting a lot of outside attempts to run recursive queries through it. This is something I haven't seen before and I'm wondering if DNS cache poisoning is on the rise.

Here is a sample of the logs:

May 15 01:57:38 foo named[2310]: client 125.17.226.217#4921: query (cache) 'nirvana.admins.ws/A/IN' denied

May 15 02:40:15 foo named[2310]: client 208.72.168.114#54341: query (cache) 'aa36.com/ANY/IN' denied

May 15 03:41:06 foo named[2310]: client 192.172.226.155#56099: query (cache) 'c40431ec875aa6d0.a4a1b82e01a13ddb.test1.openresolvers.org/A/IN' denied

May 15 03:44:21 foo named[2310]: client 124.173.20.186#2898: query (cache) 'nirvana.admins.ws/A/IN' denied

May 15 05:09:01 foo named[2310]: client 88.228.100.29#1598: query (cache) 'nirvana.admins.ws/A/IN' denied

May 15 06:08:46 foo named[2310]: client 201.47.54.80#61320: query (cache) 'nirvana.admins.ws/A/IN' denied

May 15 19:33:27 foo named[2310]: client 221.208.250.186#12899: query (cache) 'nirvana.admins.ws/A/IN' denied

May 15 23:24:55 foo named[2310]: client 71.110.123.103#4547: query (cache) 'nirvana.admins.ws/A/IN' denied

One of these is a definite probe for poorly configured DNS servers in an attempt to be helpful. And that's the query for c40431ec875aa6d0.a4a1b82e01a13ddb.test1.openresolvers.org.

The others appear to be an attempt to query for the DNS records of a spam trap. This could be one of two things. It could be an attempt to get emails destined for the trap to go elsewhere. It could also be an attempt to get unwitting open DNS resolvers to be a part of a DDOS attack against the spam trap. I don't know which.

Does anybody reading this have any idea?

Security

Journal: Vista and IPv6 6to4 auto-tunneling (not completely correct)

Journal by Omnifarious

In looking at the various logs I keep to monitor what's going on on my home network, I've noticed an interesting fact about Vista that I haven't seen published anywhere. This is something of a guess, but it's supported by the increased activity in my logs, the fact the packets are coming from the US, the User-Agent strings and the curious and regular form of most of the new IPv6 connections I've been seeing. This fact is that Vista is fairly aggressive in supporting IPv6.

Now, Windows XP supports IPv6 fairly passively right out of the box. If you put it on a network with other nodes that speak IPv6 and a router or DHCPv6 server advertising a prefix, it will happily pick it up and gain a globally routable IPv6 address. But Vista goes one step further. If it figures out that it's been assigned a globally routable IPv4 address it sets up its on 6to4 tunnel so its IPv4 address can be used to route IPv6 packets to it.

This is slightly worrisome as the IPv6 packets stuck inside the IPv4 packets represent a potential attack vector that may slide by all the filtering. But so far all the machines I've been able to portscan with some confidence that the computer at the IP I saw was still there look like they're heavily firewalled. This is better than I expected, but I did notice a different, more worrisome trend.

I expect that what firewall manufacturers will do when they learn of this is just block all IP packets with a protocol field of 41 (0x29), the IPv6 in IPv4 protocol. This is because in most Internet discussions IPv6 is treated either with "it will never happen" or "it's evil and stupid and NAT is enough". Basically, people are afraid of something new and don't want to have to learn it, so it's easier to dismiss it than embrace it.

I have some evidence that this is already happening. I think all the Vista originated 6to4 tunneled packets all have IPv6 addresses of the form 2002:hexip_upper16:hexip_lower16::hexip_upper16:hexip_lower16. When I ping the associated IPv4 address I often get a response, but when I ping the IPv6 address I don't. But I do in a very small number of cases. My guess is that something is filtering incoming IP packets with a protocol field of 41.

This means that whenever such computers try to visit my website (which has an IPv6 address) they will likely get absolutely nothing in response, or a long wait until the browser decides to fall back to IPv4.

This is actively hostile and wrong. IPv6 is happening. Learn it and get used to it. Fix your broken hardware and software. The specs have been relatively stable for the base protocol now for more than 4 years. There is no excuse for not knowing something about it.

Useful links

In fact, that's a big problem here. No pictures, no overview, just an explosion of technical detail. There are some sites that have an overview that are put up by the IPv6 task force, but they are so badly designed I don't want to link to them for fear of crashing someone's browser with the evilness.

User Journal

Journal: Slashdot tag system

Journal by Omnifarious

Has anybody else noticed how the tagging system seems to have changed. Gone are the tags like 'fud', 'itsatrap', and 'haha'. No more 'slashvertisement' and the like either. I find the current set of tags bland and useless. They are OK for hunting down an article, but horrible for being able to tell anything about an article before you click on it.

I found 'slashvertisement' and a few of the other tags about chronic problems that the Slashdot editors tend not to acknowledge to be particularly helpful. Does anybody know how or why the tags became so bland?

Programming

Journal: Looking for a job in or near Seattle

Journal by Omnifarious

So, I'm looking for a job now. My résumé is updated and I've called a few people I know. I'm curious if any of you know anybody.

Here is what I'm looking for:

Ideally someone would point me at an investor who was interested in funding CAKE development for a couple of years with possibly another couple of people. The focus would be on creating a web-service that provided various services for CAKE users, not selling CAKE itself. A business model like LJs is the idea.

Barring that, I would really like to work for a company that wasn't so interested in someone who was capable of cranking out code. I'm not any good at that. I can program well, but I'm not fast, and I'm very cautious about working with a system I don't fully understand, especially if it's not easy to play with and test. OTOH, I am pretty good at talking to people about technical stuff, talking about design, pointing out flaws in designs, and creating new ones. So, a job that focused on the latter more than the former would be good.

And here's a few bullet points:

  • Working on code that was going to be published as Open Source code would be a huge plus.
  • I know Python and C++ best out of all the programming languages I know.
  • I would really vastly prefer working with a POSIX-like environment like Linux. :-)
  • I do best when working with systems level software, not UI software
User Journal

Journal: If people want to get together anyway 7

Journal by Omnifarious

If people would like to get together anyway, despite the cancelled meetup, let's use this entry to arrange a time and place. :-) I was thinking of doing that anyway, and then droleary suggested it as well, so I'm all for it. :-)

I bought a new PowerBook as well, so I'd have a toy for people to ogle. :-)

Encryption

Journal: CAKE

Journal by Omnifarious

Well, I have a name for my project, and a website. It will be known as CAKE. :-)

I need to set up a Wiki and a mailing list for it, and some other ways of getting feedback from people. I want to build a community around this project fairly quickly as there will be a number of aspects of the project that others would be much more suited to attacking than I.

Programming

Journal: What's in a name?

Journal by Omnifarious

Well, it's starting to come together a bit, and I'm needing a name. I'm building a protocol in which all objects are named with self verifying names that aren't human readable. Messages are sent to a public key, and are always signed by the sender's public key. Files are named by secure hashes of their contents. That kind of thing.

I have grand plans of using this protocol for email, instant messages, web browsing, remote filesystem and database access, and almost anything else you can imagine. I intend for the basics of the protocol to form a layer above TCP or UDP, though it should be able to be layered inside of almost anything. I intend to write layerings for SMTP/IMAP, and AIM/Yahoo/MSN/ICQ/Jabber (via a gaim plugin).

I have some of the basics working using a mixture of C++ and Python, but it's not quite ready for public consumption. One obstacle is a name. I made a post in my LiveJournal about naming it. I'd like input from people here, if they're interested. Please feel free to make posts (anonymous or otherwise) to my LiveJournal with opinions or suggestions.

I don't consider the non-human readability of the names to be an obstacle. After all, IP addresses aren't particularly human readable either.

Also, if you care to look at the source at it currently stands, it can be found at: http://www.cakem.net/

Subversion is great, and MUCH better than CVS, even though it's still in alpha/beta.

User Journal

Journal: Lost my job today 1

Journal by Omnifarious

*sigh* The company I used to work for is barely staying afloat. They decided to jettison more development staff today in the attempt. They cut some really excellent people today. They won't be able to move things forward much at all now with so few people. :-(

Oh, well.

If anybody knows someone in MN who wants a really good C++ programmer who also knows enough Unix administration to be a good sysadmin, and who knows Python, Perl, some Java, and a whole slew of other stuff, post them here. :-)

Programming

Journal: XML may not be answer, but I'm writing a parser anyway 1

Journal by Omnifarious

Well, my XML parser understands XML well enough now to turn this:

<fred> <went> <down> <to> <the> <street> </street> <br/> </the> <a><store></store></a></to> </down> </went> </fred>

into this:

<fred>
  <went>
      <down>
        <to>
            <the>
              <street>
              </street>
              <br/>
            </the>
            <a>
              <store>
              </store>
            </a>
        </to>
      </down>
  </went>
</fred>

Yeah, maybe it doesn't seem like much, but in order for the code to do that, it has to understand what a start tag looks like, what an end tag looks like, and what an empty tag looks like. It also has to keep track of the nesting level.

I'm happy about all this because the parser is carefully designed to for two requirements. The first requirement being that it be as fast as possible. The second being that it give me pointers into the original text where the various elements and tags are. The second requirement allows me to cut out or replace pieces of XML documents without altering the parts I'm not changing.

Since the XML messages I'm working with may have pieces that are digitally signed, it is vitally important I leave them exactly as I found them. Any alteration, no matter how slight, would render the signature invalid, and the message would be rejected by the destination. Most XML parsers forget the original document as they construct an internal structure describing the various elements and their relationships that throws away superficial features (like spacing) found in the original document.

Anyway, I'm pleased with my progress. I've had to stop for careful thought along the way to make sure that it was as flexible and fast as possible. I think it'll be fairly widely useful when I'm done.

Stellar rays prove fibbing never pays. Embezzlement is another matter.

Working...