zaterdag 28 november 2009

IPv6 anytime

Having IPv6 connectivity is really sweet, at times. The preferred way would be a native connection, but since there are hardly any ISP offering IPv6 on their networks, one needs to tunnel.

Tunneling is basically accepting IPv6 traffic on a local interface, putting it into an IPv4 packet, sending it to a host in the Internet that does have IPv6 connectivity, unpacking the IPv6 packet out of the IPv4 container, and letting it go via the IPv6 network. Tunnel brokers like SiXXs & HE are really good for this. They offer free connectivity, clients, instructions and what have you not, to setup a nice Any to Any tunnel.

But when you are in a network that is somehow blocking tunneled IPv6, easily detectable by firewalls because it is marked as a protocol 41, you will not be able to setup your elegant tunnel. Public WiFi, hotels, companies, all sorts block protocol 41.

Luckily there are more options. One of the more stealthy methods is implemented in the Teredo tunnel. It is specifically designed to work behind NAT'ed devices, something the ISATAP router does not handle since it needs public IP connectivity. "Nice' thing about ISATAP is that Vista, 7 and windows 2008 machines will automatically configure an ISATAP interface when the name isatap is resolvable in the local domain [hint]. So if the record IN A exists, you're in business. But I digress.

Teredo is also implemented for free and automagically on your windows machines... IF they are not member of an Active Directory [hint]. It is also available for linux & BSD and there is a [old] implementation that runs on OSX [including Snow Leopard] too.

The name is not an incident either. As on WikiPedia: "The initial nickname of the Teredo tunneling protocol was shipworm. The idea was that the protocol would pierce holes through NAT devices, much like the shipworms bore tunnels through wood. Shipworms are responsible for the loss of very many wooden hulls, but Christian Huitema in the original draft noted that "the animal only survives in relatively clean and unpolluted water; its recent comeback in several Northern American harbors is a testimony to their newly retrieved cleanliness. Similarly, by piercing holes through NAT, the service would contribute to a newly retrieved transparency of the Internet."
Christian Huitema quickly changed the name to Teredo to avoid confusion with computer worms[2]. Teredo navalis is the Latin name of one of the best known species of shipworm."

The 'self healing capabilities' of 'the Internet' and the features in IPv6 especially, called Neighbor Discovery, open a whole class of challenges themselves. Initially for the network designers and operators but soon for malware writers too. Luckily the part of the RFC for IPv6's Type 0 Routing Header has already been depreciated. It made possible the good ol' source routing but then 88-fold amplification. It has been demonstrated at CanSecWest07 by Philippe Biondi & Arnaud Ebalard, they are the developers of 'scapy' a powerful interactive packet manipulation program.

Have fun and good luck getting packets flowing the way you like it.

dinsdag 17 november 2009

Treasure hunting ;)

With the 'holiday season' coming up, buying presents is on it's all time high. I like buying presents. As a matter of fact, giving presents becomes more fun with age then receiving. I guess that dates me :)

With marktplaats in Holland & ebay as a global fleemarket, hunting for cheap stuff is easier then ever. But there is an angle to make it more fun, because paying too much is for tourists. So lets employ some good old SE on the matter.

A good lesson to start with is to get to know the subject. As an example let's use Steam Engines. The top of the world market is being served by the long standing traditional firm Wilesco. They've been in the steam engine market since [or slightly before] James Watt improved the concept of steam power to a useable level, and even have a Wiki page, in three languages, including Japanees [someone say market?] :)

Reading fan pages is a treasure trove of 'unwritten' useable information, mostly you will be looking for hobbyists and other self proclaimed experts.

Then it's time to scrunch the Internets. Hit graigslist, Marktplaats, Ricardo and other 'local' fleemarkets and compair the offers and prices with the 'global' ebay prices.

Of course, the Wilesco D32 is the all time classic, with prices ranging between 1.000 and 1.500 euroos. A super collectors item is the Wilesco R200 atomkraftwerk, rare & expensive. The top spots will be a rough market and not something we amateurs want to burn our fingers on with a first try.

Since the example of the Wilesco repairman deals with a D24, I propose we start hunting for a nicely priced D24. The D24 is a powerhouse. It is the steam engine with the largest cattle volume of the whole Wilesco range.

One of the cool features of the D32 is the controle panel, the D24 has that [smaller and less] too. See here:

Google "Wilesco D24" for starters and see what you come up with. Then do the same but on your local flee market and repeat it on the International ebay. There are some pretty astounding price differences to be observed. Certainly some of them can be explained based on quality and age but the local culture is a big factor too. Try to leverage that. Dealing with people from other countries used to be hard and painful. With the coming of the Internet and the disappearing of the borders in our global villages, things are getting easier by the day. Often sellers will even state if they will post items international and if they do not, a couple of words in their own language is a good starting point. I like to use google's translate for that purpose.

Very good [for you] deals can be made with people who do not know what they're dealing with. Tell tail signs are misspelled items, incorrectly labeled items [not mentioning the type in the description is sweet], lousy pictures [too much mess around the object, dark, unsharp] and people who are clearly selling stuff that is not theirs [from past away family members, NOT stolen stuff!].

A deadly sin and pit fall in the process is... making a bit.

Never ever make a bid. Do not even think about it. People are lemmings, once they see -you- making your bid, they will not hesitate to over bid. With most online flee markets I have seen it is easy to start an email or skype conversation that is out of sight of your fellow hunters. In case of ebay that is all nice and good but most sellers there do want you to bid. If it has to be, we will comply, but on our terms.

AuctionSniper is one such 'turn the table' tools. It allows for automatic & scheduled bidding. This is good for multiple reasons:
- it allows you to bid at the last second [no one can over bid]
- you do not have to sit behind your screen at odd times when specific auctions end
- most important: it takes the emotion out of your bidding

The emotion thing is where we are suckered into spending way too much on far too little. I will not even start giving examples ;) The cool feature of a scheduled bid is that it allows you to check your information sources, make up a price and forget about it. You will not get suckered into over bidding the guy who hunts for the same items and over bids you by 2 Euroos every time. No, you've set your price and either get it or do not.

I picked up a very decent D24 for <100 Euro. Sinterklaas will be proud to see the smile on the receivers face.

Happy hunting.

zondag 15 november 2009

IPv6 work...ed!

Apple owners where responsible for a surprisingly large number [0.238 percent ] of IPv6 enabled google users. Thanks to the wizards at Cupertino, who decided on Infinite wisdom Loop to meddle with mDNSResponder so now it cancels the queries and shuts down the socket after the first responses are in. Big change these are A responses so the AAAA replies will be /dev/null'ed leaving the end user [application] with no option but to access the resource via... IPv4.

Mistakes happen, but with 10.6.2 the issue is still here.

The DHCPv6 client is not available for MAC users either, that does not help since it's basically required to play nice with ISP's and other large network operators [large[r] companies come to mind]. Neither is there a lot of documentation on the IPv6 implementation.

Finally improving the Apple Airports with [more complete] IPv6 support is a good thing... unfortunately: it is a New Feature and as such, will NOT be available for us loyal Apple hardware buyers. Only the currently for sale AirPort Extreme & Time Capsule are lucky enough to have this 'New Feature' so you're out of luck if you thought you could snatch up a 'cheap' AirPort Express: they do not have it.

So IPv6 on my beloved Apple setup is basically broken and the future looks dim. Microsoft is miles ahead with working IPv6 since Vista. Thank G*d not to many people read this since otherwise the street credibility of OSX would be down yet another point. Microsoft's DirectAccess could develop into the first IPv6 'killer app' and that both makes me happy [IPv6 FTW!] and sad: why my BSD based OS is not leader of the pack is beyond me, except that maybe, just maybe, IPv6 is really not as much in demand as I -think- hoped it was.

As a desert, I offer you a link that I missed before, but certainly love as much as a lot of the other work of the author.

maandag 9 november 2009

Mod'ing for fun and pleasure

The PSP's the PS the Wii: all can be moded to allow for 'distributed backups' of your [owned OFC] games to be run. One of my daughters participated and won a contest last weekend and came home with a fresh Wii. Our first Wii we got from Austria via friends when it was just released 3 years ago and unobtainable here in Holland. The kids liked it alright, but after a couple of weeks the novelty was off and the Wii turned into a dust collector. We made someone very happy by selling it complete with the controllers, accessories & games right before new years eve.

So now, 3 years later we are the happy owners of a Wii again. It came with the usual Wii Sports game, but nothing more. Blast: the box comes with only one controller, and what is more exciting then beating someone in a heads on? So lets run out and get a second controller FAST.

Configuring & connecting the device is a brease although it is a pity there is no HDMI connectivity. After entering the 'WEP' password [riiiight] a whole Wii world opened up like a deja vu: the Wii shop & Wii credits! How could I have forgotten? Let's open the box of pandora and soft mod it first to be able to test drive some of these distributed backups first.

It takes the better part of an hour to finally get to the source of the homebrew scene. Just like most moding software, be it for the iPhone or Wii or any other device, there is people who are scamming their arses off and want to make you pay for download links and instructions. Somehow these dudes are such experts on SOE that they manage to basically p0wn the first page of google and make you navigate through all sorts of blogs, affiliation links and what not. After glancing over a page or 10 you get the idea of the gist of the basic requirements & tools like BannerBomb BootMii WiiKey and what have you not.

All pieces fall together when you find instructions in simple documents called README-HBC.txt and the like. The process is fairly simple:
Have & format your SD card, download and copy a couple of files, start the Wii, install the HomeBrew channel: done!

All in all it took longer to find the 'I accept all legal mumbo jumbo' agreement in the Wii menu to be able to access the online content of the original Wii channels then it took to mod the box. Now that Linux is running on the box, the kids can relax and spend their time breaking records & battling out competitions with friends for bragging rights.

vrijdag 23 oktober 2009

Adam Curtis makes me want to delete this blog...

Adam Curtis: "The basic fact is they gave me a website on which I put up this film, It Felt Like A Kiss and things associated with it. When I'd done that they asked what I wanted to do next. They wanted me to all sorts of bloggy stuff and I just would not do that. I think that's so boring. It's noodling and doodling and it's exactly what I criticise the web for being - the idea that half formed, half, vague, badly researched aperçu, we used to call them, can be some new form of journalism."

donderdag 15 oktober 2009

Whatever happened to IPvSEXY?

IPv6 is needed, both readers of this blog know that, right? So how come the implementation is so slow?

Is it [at least locally here] the rules for lawful interception holding us back?
Is it again the question who pays for the huge investments for the equipment needed for lawful interception?
Is it the customer [me and you] not willing to pay for IPv6?
Or is it not ready for primetime?

There are hardly any technical reasons not to get wet your appetite. Or it must be for the lack of consumer grade [read cheep] hardware. Setup a tunnel in a minute and go!

But where does one go on the IPv6 Internet?

Google 'IPv6' and the first hit is the wikipedia entry for IPv6, the second is with the tempting page title "IPv6: The Next Generation Internet!" Sweet! But ever bothered to look at the content? It's older then my first born! It's totally outdated and not maintained. How's that for marketing?

Third hit, IPv6 (tutorial) - DD-WRT Wiki. Excellent! A cheap easy to get your hands on IPv6 able [WiFi] router. Ooops: "IPv6 is apparently NOT WORKING on all versions of DD-WRT version 24 (tested on RC5 and final). If you want IPv6 on v24, try one of the custom builds"

So, let's try another angle, google "IPv6 WRT54G" First hit leads to JoatWiki, stating "While the actual setup/configuration takes less than an hour if you know what you're doing, it make take a couple weekends to get up and running if you never done this sort of thing. You also run the risk of turning your WRT54G into a brick"

Hmm, hit two sounds promising: "Earthlink IPv6 in the Home" Earthlink being a large ISP in the US, surely offers something more useable then the 'do it wrong and you'll brick your device' right? Well, the footer of the page might dim that expectation a little: Last modified: Wed Jul 06 18:29:15 PDT 2005. 2005, that is like a million Internet years ago! The concept is to make it so simple that there is not even a possibility to login [http nor ssh nor telnet] to the box. That does not help unless you truly want to go IPv6 via earthlink and I do not since I am on the other end of the world.

But lets say you, as a dedicated hobbyist are not stopped by all the dead links and manual work to get your WRT54 up and running, or you're rich and just bought a Fritz 7270 and loaded the lab firmware version and get your IPv6 working, then what?

What is waiting out there for you? How will it feel to browse the Internet of the future? What prices will you be able to collect and pry the eyes of your friends? Hold tight, take a seat and look at these impressive numbers:

As Lars explains: "The scripts that update this page retrieve the names of the web sites that are most popular across the globe, as well as in select countries, from in regular intervals. They then check whether the DNS entry for each site name reflects that it uses IPv6. The numbers above show the percentage of these top sites that are IPv6-enabled, as well as the absolute numbers."

There are about 200 [yes, two hundert] IPv6 enabled sites! In the IPv4 world, back when the Internet still was DARPA's that number was reached in 1983. Ok, I give it to you, I am comparing apples and oranges: the 200 number of IPv6 hosts are 'the most popular' sites and the 190 hosts are an absolute number, but it does show how PATHETICALLY slow IPv6 adaptation is.

We celebrate single 'well known' IPv4 hosts who are accessible via IPv6 by means of a proxy. WOW hold the presses, the eagle has landed!

At the same time, the one true IPv6 pushing ISP in Holland called XS4ALL has to STOP the rollout because Legal Interception is too costly.

But there must be good news? Any news? Well on the Dutch IPv6 taskforce site, there are a stunning 5 [yes five] links listed with IPv6 news...

But why trust me and my flakey and spotty observations! Let's find some smart guys who care and actually know things. Derek Morr for instance. On his [ice to read] blog called "Living with IPv6" he made some [wishful] predictions about IPv6 deployment in 2009 and some excellent observations of the lack of good IPv6 monitoring.

Let me wrap up by making some predictions for IPv6 metrics in December, 2009:

90% of top-level domains will have IPv6 glue in the root (right now, 75% do).
50% of the DNS root servers will support IPv6 (right now, 25% do)

At AMS-IX, 1% of traffic will be native IPv6.
1400 ASes will have IPv6 prefixes.
Europe will continue to have the most allocated and deployed IPv6.

The prediction for the AMS-IX is wrong. Currently it is about 0.3% IPv6 a far cry from the predicted 1%

What's wrong with these pictures:

Screenies taken about 3 months apart, left one first: 40.000 IPv6 domains 'disappeared' and IPv4 gained 40 days :D

Let's see what Derek Morr will come up with in a couple of months.

Bottom line: we have a need, we have a solution, we have [some] knowledge but our marketing is horrific, the customers [yes: you!] have no need and thus are not demanding [read: pay for] it. It is up to us [as ISP's and networkers as a whole] to get it out. There is good news too, of course. When you see CDN's like netflix implement IPv6 in 2 [yes, TWO!] months, you know it is realy possible... even if they too are a little scared to let 'normal' users access their service via IPv6 and 'hide it' in a IPv6 subdomain.

Pair that with this news flash: "In the first nine months of 2009, the American Registry for Internet Numbers (ARIN) received 300 requests from carriers for blocks of IPv6 address space. This compares to 250 requests received in all of 2008 and 2007." and it just looks like there is some real IPv6 work being done.

Now let's see how IPvSexy will actually make a real life comeback and forefil its destiny.

PS For those with love for numbers, the Ghost Route Hunter by SixXS is a must bookmark.

woensdag 30 september 2009

Posting drafts: duh!

It happens at moments I am not paying any real attention to the posting itself. Something arouses my typing finger and boom, off it goes. I forget a picture, links, spell chekcing, and post right out nonsense that is soo totally off the wall not even the conspiracy specialists see anything useful in it.

So what do you do with incorrectly posted material? Of course I have the option to alter the text and up scale it and even to retract it, but that feels like cheating. It's like clearing up that blatant hole 'someone' left in the firewall ruleset and silently close it... it's just wrong. It's wrong because errors are an excellent stepping stone to knowledge.

As a rule I like asking the people I work for|with "So how many major incidents have you seen lately". The answer is often more revealing then one might expect. The classics are "None!" and "Define incident" and "That is classified". The one I really like is "One major last 6 to 12 months".

Companies claiming 'none' are more at risk then the others. Thing -do- go wrong and you not knowing is plain dangerous. The people asking for clarification work in a back stabbing culture where bad news shall and will be punished and thus manipulated till the color scheme of the report is all white, yellow and green. The final answer "one" gives me an indication that "major incident" is a weighted value where the worst incident of the year is major, a nice relative scale that I feel most comfortable with. Threats and risk do change, no matter what metrics one uses, no matter how many 'risk managers' and 'risk analysis standards' one uses.

Good [and a little lucky] security officers have the gift to correctly context incidents and know when things are really going down hill and when incidents are more defcon red in the political arena. Both requiere a different approach and a different toolset. Most of us love technology issues:
- Man in the Browser
- Sly holes in firewall
- Rogue route advertisements
- Script kidies
- Lack of bandwidth
- Application layer exploits
- Arp storms

These are in our comfort zone, we deal with them daily and enjoy the puzzle and the diffs we see in the pre and after traffic dumps. A few people I have met in the availability scene like the part of corporate culture where the presentations kick in. The moments of debriefing not-so-hot technical aspects to people who know more about golfclubs then we know about ASM. However, more often then not, that is where the real difference is made: they p0wn the resources and set the priorities.

So when I go out and look for a person to lead the availability department, I look for the person who gets his coffee from the machine that is closest to the techies. The person who actually gets the autistic CCIE to share anecdotes about his holiday and at the same time dares to make a remark about the drawing at the whiteboard.

They're few and far between but easy to spot as they stand out like wolf among sheep.

PS Click on the picture. It will take you to a free download of the whole album of 'The Slew'. A band that just loves to mingle rock, instruments & DJ's in a refreshing mix that is a perfect example how a healthy mix of different 'character & ability' upscales the individual parts of the sum.

dinsdag 29 september 2009

IPv6? Nowhere to be found!

IPv6 has basically disappeared from the wireless router landscape. Try finding a current one < 100 euro. Except for some obscure releases, like the DIR-615 Wireless b/g/n Router but only the hardware revision C with firmware 3.01

Hard to find, and certainly online nearly impossible to get any assurance about the hardware revision level.

Oh wait, my good old loyal WRTG54 [V4 with plenty of RAM] to the rescue! Oh no, not now, with the current 2.6 kernel and the open source b43 broadcom chipset and it's issues. Only with kernel 2.4 and it's 'limited' IPv6 support. You can roll your own WRT54 dd-wrt, if you feel adventures but the drawback is that there is no way to use the GUI. Not a nice plan if you plan to send the devices to parts far far away from home to end users.

There is the Fritz!Box 7270 but that goes for about 200 euro. That is nearly Cisco level pricing. And only with a lab release of the firmware, that is RC in dialect in the rest of the software world. Cisco of course does support IPv6 too but using the word Cisco and a price tag of <100 is like demanding justice from a African dictator.

So is there no solution? Oddly enough, there is... and it is produced by Apple: the AirPort Extreme [ and the AirPort TimeCapsule but for a >100 price tag]. Unfortunately there are gazillion stability issues specially in combination with Apple MBP's but they do IPv6 well with a simple interface.


Not too bad! Native IPv6 ADSL for 7 euroos a month.

And Fritz!Box 7270 is indeed the only commercial IPv6 enabled home grade device available, also used by XS4ALL

dinsdag 8 september 2009


na een dampend optreden
aanbeden door een uitverkochte menigte
de zoete geur van succes in de hersenpan
viel het de dichter tegen
dat niemand op de Afsluitdijk
met vlaggetjes staat te zwaaien

die eens zo toegejuigde aanbedene
vermakelijke tot nadenken stemmende hersenspoelende
alle handen opelkaar gekregene
zet thuis de televisie an
as een uitgebluste brandweerman

ton lebbink

vrijdag 28 augustus 2009




SixXs tunnel, not native yet, how on earth is it possible that LARGE colocs still do not support native IPv6?
No AAAA record yet, how on earth is it possible that LARGE registars still do not support IPv6?
No native IPv6 from my ISP, how on earth is it possible that LARGE IPS's still do not support native IPv6?

Like John Curran makes clear, it has to be "the boy that cried wolf" syndrom. See for yourself:

maandag 24 augustus 2009

UPC throttling ALL traffic, not specific.

Of course QoS is important to the customer. I am one myself. I like getting what I pay for. I understand Internet traffic costs money and I am [willingly] paying for it. So when UPC decided to cut all bandwidth between 12:00 and 00:00 by 2/3 to ensure the QoS for all customers would be able to enjoy Internet access at expected speeds, I was a little worried.

Well, my browsing the Internet experience has not changed too much.

But what did change a lot was my usenet experience. Is : Download speed: 638.85 KB/s Was: [Avg-Speed]: 1895kB/s. That is drastic but expected, right? WRONG.

UPC is not just throttling Internet access, it throttles ALL traffic.

My traceroute [v0.75]
macbookpro-meij-net.local ( Mon Aug 24 22:59:35 2009
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 0.0% 455 1.2 1.3 0.7 14.7 1.5
2. 0.0% 455 4.4 8.4 2.6 34.3 4.1
3. 0.0% 455 6.7 10.6 4.2 57.0 7.0
4. 0.0% 455 5.7 13.9 4.6 78.4 12.6
5. 0.0% 454 12.2 14.0 5.0 47.6 6.0
6. ???

My usenet traffic never hits 'the Internet', it goes straight out to XSNews. XSNews is my current [and good!] usenet provider. I hope they will resolve this issue with UPC.

maandag 17 augustus 2009

All your secrets are belong to us

Nifty site ;)

Specially when people use their GPS enabled cams

maandag 10 augustus 2009

Ze Frank in Amsterdam!

I am sure all who read this know Ze Frank and spent countless hours in awe and amassment . If you do not, shame on you! Go google the master. But do not take my word for it, read what Scot Trent has to say: "By the Keillor standard of diversity, intelligence, and talent, ze Frank sings, composes, has a depth beyond most of us and is more prolific than any one person."

So this week [Friday the 21st.] Ze Frank be in Amsterdam on the "Pluk de nacht" festival.

maandag 3 augustus 2009

iPhone + redsn0w == Waiting for reboot SOLVED!

It took me the better part of a full day, lots of google hits, lots of options, lots of everything.

First, make sure you got the proper files [# openssl sha1 'filename']:
iPhone1,1_3.0_7A341_Restore.ipsw SHA1 2afd3f8ede17390737f508473ed205506a0bd23f
bl39.bin SHA1 8ec565fe026d3f642dbe836c0fdc80f06844603b
bl46.bin SHA1 fd4825ffe5727dcc30e4c70dc78908838d498822
[not too many people care about these it seems...]

And the real solution was simpler then anything: While redsn0w shows the dreaded "waiting for reboot" screen, just unplug the USB cable and replug it. done. all fine. iPhone unlocked and updated to version 3.0.1

Thanks to iLeoMarc on the macrumurs forums.

zondag 2 augustus 2009

Not found by google?

There are some queries that google has only one answer for, some are here.

"mokum's iphone" is one. In the [faint] hope that someone will once type "mokum's iPhone" in google after laying her|his hands on my phone and trying to find the original owner, now you got a change. Contact me and I am sure we will work out a deal that satisfies all involved parties.

Having said that, I would like a moment to thank Apple, GeoHot & the iPhone dev-team for letting me and many others use this amazing device, with any provider -I- like.

And another one, while messing with remote syslog on OSX:
syslogd 31783 FS_WRITE_DATA SBF /private/var/log/asl/StoreData
FS_WRITE_DATA SBF /private/var/log/asl/StoreData 13 (seatbelt)

donderdag 30 juli 2009

OpenDNS, in Holland soon.

Some days ago I read something about OpenDNS [thinking of] getting a new location [AMS-IX] for their excellent DNS service. Since it is based on anycast, endusers need not to change any addresses in order to benefit from the added location. Silly me, I can't find the article anymore.

Last week I had some issues with slow dns lookups/slow Internet on Leopard again. It is plagued with issues. My setup with an Apple Airport and Apple iPhones, and an iMAC, a G4 & more [all running 10.5.7] is often experiencing issues with name resolving. Unfortunately, I am not the only one with this. I have googled my arse off and tried every 'tip' I found, from turning of ipv6 in Firefox & the Airport & on my laptop to moving the resolving from my laptop to the Airport. Nothing works reliable.

Last week however the issue was another:

My traceroute [v0.75] macbookpro-meij-net.local ( Thu Jul 30 01:40:51 2009 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev
1. 0.0% 96 1.0 1.3 0.7 4.2 0.7
2. 0.0% 96 8.3 9.7 6.8 33.1 3.8
3. 0.0% 96 69.4 12.1 7.6 69.4 8.5
4. 0.0% 96 13.3 11.3 7.0 32.2 3.5
5. 82.1% 96 8.9 11.7 8.3 24.5 4.5
6. 87.4% 96 10.0 12.2 8.9 31.8 6.3
7. 80.2% 96 9.1 10.5 8.2 18.8 2.7
8. 95.8% 96 19.2 15.0 11.6 19.2 4.0
9. 82.3% 96 16.8 11.9 8.9 20.6 3.5
10. 93.7% 96 9.0 12.5 9.0 26.8 7.0
11. 82.3% 96 10.3 11.8 8.4 31.6 5.6
12. 95.7% 95 9.4 12.3 9.4 17.4 3.7
13. 76.5% 86 9.9 13.0 8.9 33.5 6.5
14. ???
15. 83.5% 80 11.8 10.5 8.7 12.3 1.2
16. ???
17. 82.9% 77 10.6 10.3 8.2 16.7 2.2
18. 95.7% 24 11.7 11.7 11.7 11.7 0.0

A simple routing loop at my provider. It took me over 30 minutes to find, focused as I was on the 'normal' DNS problems with OSX. Only after the reliable 'turn Airport off' & 'turn Airport on' trick did not work I checked the availability of the OpenDNS servers...

Other sillies with OSX:
- Calling an IP address in the 169.254./16 range 'self assigned' even if you get it from a DHCP server
- Falling back to 'old' IP addresses even if a new lease has been accepted and used
- Slow poke ethernet link setup [need to nail arp settings to flash routers fast enough]

dinsdag 14 juli 2009

Israel distributes libido-increasing gum, and I want some!

Hamas: Israel distributes libido-increasing gum in Gaza

Islamist group claims Israeli intelligence operatives transfer merchandise to Gaza dealers that increases sex drive, even encourage them to distribute them free of charge in order 'to destroy' young generation. Affair exposed after young girl chews gum, complains of bizarre side effects

Is Israel targeting the Palestinian population in Gaza by distributing libido-increasing chewing gum in the Strip? A Hamas police spokesman in the Gaza Strip Islam Shahwan claimed Monday that Israeli intelligence operatives are attempting to "destroy" the young generation by distributing such materials in the coastal enclave.

Shahwan said that the police got their hands on gum that increases sexual desire that, according to him, reaches merchants in the Strip by way of the border crossings. According to him, a Palestinian drug dealer admitted that he sold products that increase sex drive. The dealer said that he received the materials from Israeli sources by way of the Karni crossing.

A number of suspects have been arrested.

The affair was exposed when a Palestinian filed a complaint that his daughter chewed the aforementioned gum and experienced the dubious side effects.

Shahwan even claimed that Israeli intelligence operatives encourage dealers in Gaza to distribute the gum for free.

"The Israelis seek to destroy the Palestinians' social infrastructure with these products and to hurt the young generation by distributing drugs and sex stimulants," said Shahwan.
However, he noted that drugs reach the Gaza Strip by way of Rafah tunnels, and said that the police keep a close watch on the illegal activities going on in the tunnels between Gaza and Egypt.

Shahwan added that the police have recently seized large amounts of drugs and alcohol attached to the underside of automobiles passing through Erez crossing. The automobile owners admitted receiving help for smuggling the materials from Israeli intelligence operatives.

maandag 13 juli 2009

Watson Research Center ssh scan

# grep "" /var/log/messages
Jul 11 15:31:50 meij sshd[19894]: Failed password for root from port 35477 ssh2
Jul 11 15:31:51 meij sshd[19896]: Failed password for root from port 35702 ssh2
Jul 11 15:31:52 meij sshd[19898]: Failed password for root from port 35873 ssh2
Jul 11 15:31:53 meij sshd[19900]: Failed password for root from port 36003 ssh2
Jul 11 15:31:54 meij sshd[19902]: Failed password for root from port 36177 ssh2
Jul 11 15:31:55 meij sshd[19904]: Failed password for root from port 36332 ssh2
Jul 11 15:31:57 meij sshd[19906]: Failed password for root from port 36462 ssh2
Jul 11 15:31:57 meij denyhosts: Added the following hosts to /etc/hosts.deny - (
Jul 11 15:31:58 meij sshd[19913]: Failed password for root from port 36666 ssh2
Jul 11 15:31:59 meij sshd[19915]: Failed password for root from port 36795 ssh2
Jul 11 15:32:00 meij sshd[19917]: Failed password for root from port 36937 ssh2
Jul 11 15:32:01 meij sshd[19919]: Failed password for root from port 37086 ssh2
Jul 11 15:32:02 meij sshd[19921]: Failed password for root from port 37215 ssh2
Jul 11 15:32:03 meij sshd[19923]: Failed password for root from port 37333 ssh2
Jul 11 15:32:04 meij sshd[19925]: Invalid user oracle from
Jul 11 15:32:04 meij sshd[19925]: Failed password for invalid user oracle from port 37454 ssh2
Jul 11 15:32:05 meij sshd[19927]: Invalid user test from
Jul 11 15:32:05 meij sshd[19927]: Failed password for invalid user test from port 37538 ssh2

Unfortunatly there is more amiss at IBM's Watson Research Center:

The original message was received at Mon, 13 Jul 2009 09:11:05 -0400
from []

----- The following addresses had permanent fatal errors -----
(reason: 550 Host unknown)

----- Transcript of session follows -----
554 5.0.0 Service unknown
550 5.1.2 <>... Host unknown (Name server: -f: host not found)

Final-Recipient: RFC822;
X-Actual-Recipient: RFC822;
Action: failed
Status: 5.1.2
Remote-MTA: DNS; -f
Diagnostic-Code: X-Unix; 550 Host unknown
Last-Attempt-Date: Mon, 13 Jul 2009 09:11:06 -0400

So I guess they'll need to read this blog to find out about their issues ;)
Good luck

dinsdag 16 juni 2009

USENET but then FASTER: tsunami-udp FTW!

Downloading data via USENET has become the default FAST track for most DSL|Cable users. The data is nicely placed 'locally' and for a small fee, one gets priority access for 4, 8 or however many connections. Nice. Much faster then the old single-sourced-http access or the newer multiple-source-bittorent [too many cheaters in bittorent country who who do not obey to the rule that one should at least have a share ratio of 1:1.20 or better].

Cool, so now we finally get to use all the bandwidth we pay the ISP for. But since the USENET servers are useualy close to the endpoint, the need for a connection oriented protocol like TCP is hard to make. UDP is a cheaper protocol and thus could increase the effective bandwidth since it requiers less 'overhead'. The old fasioned reasoning for using TCP over UDP is that UDP is only usefull for transmissions where order isn't important and you don't need all of the messages to get to the other machine.

Other reasons for using TCP over UDP are that the upstream application needs less state awareness and since we like our coders dumb, we take that burden off of them.

But since our USENET servers are close, packetloss is not much of an issue. It is far more exceptional to loose packets. In the rare case we do, we could simply ask for a resent of that particular packet [or block].

So I went to BING [I have to admit I am impressed by the google-like results!] and asked "when is tcp better then udp" Hardly anything interesting showed at first glance. I repeated the same question to GOOGLE, more 'good' material was listed at first, but still not what I was looking for. BING has been setup to give me 100 results so I took a second look and found at hit 38 tsunami-udp.

In pseudo-code, the server and client operate approximately like this:

while(running) {
wait(new incoming client TCP connection)
fork server process:
check_authenticate(MD5, "kitten");
exchange settings and values with client;
while(live) {
wait(request, nonblocking)
switch(request) {
case no request received yet: { send next block in sequence; }
case request_stop: { close file, clean up; exit; }
case request_retransmit: { send requested blocks; }

start, show command line
while(running) {
read user command;
switch(command) {
case command_exit: { clean up; exit; }
case command_set: { edit the specified parameter; }
case command_connect: { TCP connect to server; auth; protocol version compare;
send some parameters; }
case command_get && connected: {
send get-file request containing all transfer parameters;
read server response - filesize, block count;
initialize bit array of received blocks, allocate retransmit list;
start separate disk I/O thread;
while (not received all blocks yet) {
if timeout { send retransmit request(); }

if block not marked as received yet in the bit array {
pass block to I/O thread for later writing to disk;
if block nr > expected block { add intermediate blocks to retransmit list; }

if it is time {
process retransmit list, send assembled request_retransmit to server;
send updated statistics to server, print to screen;
send request_stop;
sync with disk I/O, finalize, clean up;
case command_help: { display available commands etc; }

It combines the strength of TCP [reliable data transfer] with the efficiency of UDP [no handshakes etc].

How It Works:
Tsunami performs a file transfer by sectioning the file into numbered blocks of usually 32kB size. Communication between the client and server applications flows over a low bandwidth TCP connection. The bulk data is transferred over UDP.

Most of the protocol intelligence is worked into the client code - the server simply sends out all blocks, and resends blocks that the client requests. The client specifies nearly all parameters of the transfer, such as the requested file name, target data rate, blocksize, target port, congestion behaviour, etc, and controls which blocks are requested from the server and when these requests are sent.

vrijdag 12 juni 2009

Peace Future School defrauding kids?

Someone thought it a good idea to help African people in & outside Africa and to do so, collect money from others. But how to get people to give you money? Well, one soft target are kids. So when you have a volunteer working for you who is linked to a school, why not use that opportunity?

So you register a site, copy the content [one page] of another site and sit back watching the kids donating money. Simple & potentially effective. Until a parent gets a little suspicious and decides to contact the school and ask them what this is all about. As it happens, the school knew as little as what the copied one paged website let them know: nothing really.

Another parent used some who is, some google-fu, some Maltego & some RL contacts in the fraud business. Everything found smells fishy, except the person who claims to be behind the Peace Future School. They go to extended lengths to assure the doubters that all is very legit, all is being done in good faith, there is no official registration YET, but surely that will be done one day, there is no content for the site YET but that too is on it's way, there are many trustworthy people behind the project but not one links from their site to the Peace Future School YET but that will surely come.

But what is the truth? Is it just a bunch of innocent people who do not know how to setup a reliable looking site or are they fraudsters? I leave the verdict up to you, but for my kids there is no way they are going to be giving money to this particular initiative. No matter how much private money the spokeswoman claims to have spend on it, no matter how many well connected people she claims are behind it, no matter how strange and surprising it was to all volunteers that people are doubting, no matter how sad it makes her Nigerian partners to be confronted with suspicion, no matter how many volunteers are emailing from free email addresses.

The people behind this will not make the same mistake again. They now will get some links to and from the site, and some content, change the graphics, list some names, do some more foot work and all that jazz. They learned from the incident and will not make the same mistakes. So for the next person who gets contacted and who does some online research, it will get harder to find in dices. That is worrying and reminds me of an experiment of the people behind Fake Trust.

woensdag 10 juni 2009

... completely change the way you shop!

"Remember the story about how you are going to be able to order coffee at Starbucks through the iPhone and then pay at the counter? 2 Think bigger. The new iPhone 3.0 operating system and its push notifications and the in-app commerce features and abilities to pay through your account at the iTunes store, could completely change the way you shop. As you walk into any store, you could browse information about their products, order and pay and maybe have the goods delivered to your home, without having to stand in line and all the usual hassle associated with shopping. It is like on-line ordering with the added benefit of being able to squeeze, smell, and try out the products. The rumored improved camera with autofocus enables bar-code scanning. Sit in a comfy sofa at IKEA, order it, and that’s it. You just walk out. Or you could pick the goods up as you leave."

vrijdag 5 juni 2009

Dictated but not dead

Listen, son: I am saying this as you lie asleep, one little paw crumpled under your cheek and the blond curls stickily wet on your damp forehead. I have stolen into your room alone.  Just a few minutes ago, as I sat reading my paper in the library, a stifling wave of remorse swept over me. Guiltily I came to your bedside. 

There are the things I was thinking, son: I had been cross to you. I scolded you as you were dressing for school because you gave your face merely a dab with a towel. I took you to task for not cleaning your shoes. I called out angrily when you threw some of your things on the floor. At breakfast I found fault, too. You spilled things. You gulped down your food. You put your elbows on the table. You spread butter too thick on your bread. And as you started off to play and I made for my train, you turned and waved a hand and called, "Goodbye, Daddy!" and I frowned, and said in reply, "Hold your shoulders back!" Then it began all over again in the late afternoon. 

As I came up the road I spied you, down on your knees, playing marbles. There were holes in your stockings. I humiliated you before your boyfriends by marching you ahead of me to the house. Stockings were expensive-and if you had to buy them you would be more careful! Imagine that, son, from a father! Do you remember, later, when I was reading in the library, how you came in timidly, with a sort of hurt look in your eyes? 

When I glanced up over my paper, impatient at the interruption, you hesitated at the door. "What is it you want?" I snapped. You said nothing, but ran across in one tempestuous plunge, and threw your arms around my neck and kissed me, and your small arms tightended with an affection that God had set blooming in your heart and which even neglect could not wither. And then you were gone, pattering up the stairs. 

Well, son, it was shortly afterwards that my paper slipped from my hands and a terrible sickening fear came over me. What has habit been doing to me? The habit of finding fault, of reprimanding-this was my reward to you for being a boy. It was not that I did not love you; it was that I expected too much of youth. I was measuring you by the yardstick of my own years. And there was so much that was good and fine and true in your character. The little heart of you was as big as the dawn itself over the wide hills. This was shown by your spontaneous impulse to rush in and kiss me good night. Nothing else matters tonight, son. I have come to your bedside in the darkness, and I have knelt there, ashamed! It is feeble atonement; I know you would not understand these things if I told them to you during your waking hours. But tomorrow I will be a real daddy! I will chum with you, and suffer when you suffer, and laugh when you laugh. I will bite my tongue when impatient words come. I will keep saying as if it were a ritual: "He is nothing but a boy-a little boy!" I am afraid I have visualized you as a man. Yet as I see you now, son, crumpled and weary in your cot, I see that you are still a baby. Yesterday you were in your mother's arms, your head on her shoulder. 

I have asked too much, too much.

woensdag 3 juni 2009

My blog blog crashes Firefox

I can not access the page you are looking at with my most favorite browser: Firefox. It crashes Firefox v3.0.10, released April 27, 2009

When you search for blog crashes firefox, the second link points to a story about Rob Levin's Spinhome blog crashing FF In it seemed to be fixed.

For me it happens not to be FF itself, but the addon NoScript, that I can not browse without anymore.

woensdag 15 april 2009

BlackHat Europe drinks anyone?

Who's there? I know I am, I know Craig Balding is and Roelof Temmingh & Chris Bohme are, but will you?

This action packed and kick ass conference will show you where the community is at and what to expect in the [not so] near future. A -must- for IT [security] people who take their jobs serious.

Not just the presentations but the informal meeting opportunities in & out side bars and rooms make BlackHat Europe so special. It's much smaller and more intimate then Los Vegas etc. This is one important reason speakers like it here so much. Not to mention the opportunity to explore this magical city with is struck by a wave of the best weather in a loooong time.

dinsdag 14 april 2009

Kidney, anyone?

One of my best friends is due to get a 'new' kidney, today. Just like hosting a new service. New is relative here since the market for new grown kidneys is not that big so he gets one second hand, from his wife. Like using that compiled distributed application. While they spend time unconscious under the capable hands of one team of doctors, their 3 year old spends time at our house. Like having freelancers watching over your databases.

There is a lot of risk involved in the whole kidney transplantation deal. He will get a 'strange' organ implanted and his immune system will fight it to its or their death. Like your antiviral software battling a smartly written Trojan. To prevent this from succeeding he will be taking medication to reduce the effectiveness of his immune system, which in itself opens him up to a whole range of new dangers. Like placing a very large do not scan mask. See it as DMZ's or even extranet connectivity.

But before he gets anything, she will have to give. Like opening up your tightly secured local network. She's a healthy woman in the flowering ages and has absolutely 0 health issues. Like your internal NetWare file server. She's taking a statistically small risk, kidneys get removed and people operated by the 1.000 everyday. Like hosting your own domain. Still, statistics mean little in individual cases since either you live or you die, a rather back and white situation. Like the compromise of your network with a 0 day.

The risk person in us [we do sort of the same kinda work] made us prepare for the worst. Like a BCP for an earthquake in a country like Holland. They have officially made me guardian of the little them. I have full control over all their assets. Like having the root passwords. Just in case. You never know. The scenario of him kicking the bucket, they both not waking up and whatever other terrible scenarios have been discussed, face to face and measures have been taken to assure live will be as good as possible for friend 2.0.

What can and needs to be arranged officially has been done. A will has been made, signed and sealed. List with invites & a formal chain of command have been made. Famous last words have been written. Religious & family matters been taken into account. Everything has been encrypted and securely distributed. The key hidden in Google's cache.

We also have friends over from a country where we lived for a couple of years.

Black Hat Europe will start for me tomorrow and my youngest daughter will go on her first real school holiday trip.

Later today the operation's team leader will call me to inform me of the preliminary results and I have been assigned the task to inform the selected family members, friends & colleagues.

Unless something goes dramatically wrong: then the phone will ring earlier.

Business as usual, nothing to see here, please move on.

vrijdag 10 april 2009

Safe browsing at

Google hosts a great club of smart people who do all sorts of groovy things. One of them is the "Safe BrowsingDiagnostic". You can check sites yourself to [use this]

What happened when Google visited this site?

Of the 2709 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-10, and the last time suspicious content was found on this site was on 2009-04-10.

Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 8 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including,,

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including,

This site was hosted on 4 network(s) including AS15169 (GOOGLE), AS26230 (TOTTAWA), AS6130 (ADN).

browsing is not a safe idea anymore!

donderdag 9 april 2009

ING Internet payment site down again

ING is not doing too well, not to say bad. Lots of hocus pocus with your [and mine] money of the past couple of years have led to the current drama unfolding. This whole 'financial turmoil' might look far away from decent people's beds but it is not.

Since 2 hours the internet site for money transfers is not working, and greets you with "Welcome Null" what a great way to show your customer something 'technical' is wrong!

When I spoke to the helldesk for normal customers the lady told me there was a power issue in Amsterdam caused by the NUON. My [former] colleages told me the power issue is in Rotterdam and the IBM mainframes & access switches went of the radar about 2 hours ago.

The largest local newspaper quoted an ING spokesperson saying "We do not know what the issue is at the moment"

All of this is not so bad if the issue happened 'any other normal day' but ING's luck or mismanagement make things look extra scary since they released a press note stating they are dropping 10 of the 12 [!!!] business units not directly related to banking.

Killing the super successful no nonsense Postbank right in the middle of the financial crisis was a bad stroke of luck, but as so often, when things start going wrong, they go very wrong. I hope for you you have taken measures that the actions of the management of this bank will not affect you and your loved ones too bad, because more news is in the making...

And of course things that 'go wrong' can be hilarious too. Here rally champion sjeik Mohamed Bin Sulayem in the ING sponsored F1:

woensdag 1 april 2009

Nmap to find Conficker infected hosts

Get latest nmap (4.85BETA6 at the moment of writing) from:


sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \
-d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 \
-oA conficker_scan

It is important to note that scanning for Conficker has the small chance of crashing an unpatched host. Patched and infected hosts won't be crashed though. Note that if Conficker scans unpatched hosts they are even more likely to crash than with this check so the benefits probably outweigh the drawbacks.

Find the source here.

donderdag 12 maart 2009

nothing.. compares... to you

It's been... seven hours... and fifteen.. days
since you took... your love away
I go out... every night... and sleep all.. day
since you took... your love away
since.. you've been gone... I can do... whatever I want
I can do... whatever.. I choose
I can eat.. my dinner.. in a fancy.. restaurant
but nothing... can take away.. these blues
nothing compares
nothing compares.. to you

It's been.. so lonely... without.. you here
like a bird... without.. a song
nothing.. can stop... these lonely tears...
tell me baby... where did I. go wrong?
I could.. put my arms... around every girl I see
but they'd all... remind me. of you
I went.. to the doctor... guess what he.. told me
said you'd better have some fun
no matter what you do,
nothing compares
nothing compares... to you

All the flowers.. that you planted..
in the backyard
all died.... when you went.. away
I know that.. living with you.... was sometimes hard
but I'm willing.... to give it a try

nothing. compares
nothing compares... to you
nothing compares
nothing... compares... to you
nothing compares
nothing.. compares to you
nothing compares
nothing compares... to you
nothing compares
nothing.. compares... to you

woensdag 11 maart 2009

Dutch Chocolate == drop

For years I have been an addict and huge fan of the best chocolates in the world that are locally produced and sold in... Amsterdam. The company is called Puccini and has two shops. One conveniently located 5 minutes cycling from my home. Luckily the route to work does not take me past that shop so we have enough money left to buy real food too.

As I am on an assignment in Istanbul, I like to bring some 'typical' dutch presents with me to break the ice and compensate for all the presents and gifts I get from my colleagues when abroad. Stroopwafels are a safe bet, no matter where you go, as long as care is taken in warm climates in regards to transportation and the stains the syrup leaves.

Much to my surprise I was offered 'dutch chocolate' today while at the coffee break. For me, Dutch chocolate == Puccini. Nice! What an excellent start of the day!

Even more surprised I was when I found that the 'Dutch chocolate' was actually drop!

Drop makes me drool [Pavlof sends his greetings] but I am not that much a fan of it, but it is fun to see how not Dutch people react to it. Like haring, it is something you have to grow up with to like.

zondag 8 maart 2009

♫♫♫ ♫♫♫ Ton Lebbink ♫♫♫ ♫♫♫

De nederlandse pop dichter Ton Lebbink is een held, tenminste, dat vind ik en een groeiend aantal andere. Ik heb natuurlijk al zijn platen, maar mijn pogingen om er fatsoenlijke mp3's van te maken zijn schromelijk mislukt. Gelukkig zijn ze te koop bij Fonos.

Nog toffer is dat veel van Ton Lebbink's werk nu ook op YouTube te vinden is om eens te luisteren voor het geval je het nog niet kent.

Boodje Brood is ook actief bezig met Ton Lebbink [en nog meer interesants].

Dus bijdeze mijn luister tip:

zaterdag 28 februari 2009

RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Dear employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW programme (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Eamings for Retired Personnel Early Severance).

Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely, The Management