RFC1 – Host Software

RFC1 was published in April 7, 1969. We’ve come a long way since then :)

tunnelbroker.net and DragonFlyBSD

If you want to use your tunnelbroker.net interface with a DragonFlyBSD endpoint, the commands are similar to those for FreeBSD:

ifconfig gif0 create
gifconfig gif0 inet Client_IPv4_address Server_IPv4_address
ifconfig gif0 inet6 Client_IPv6_address Server_IPv6_addrees prefixlen 128
route -n add -inet6 default Server_IPv6_address
ifconfig gif0 up

Tested with DragonFlyBSD 2.4.1

Weird day for .GR SMTP servers today?

At first I observed that our dkim filter needed restarts almost every 30 minutes.
Then @stsimb observed weird incoming SMTP behavior too.
@kargig observed higher than normal requests to rbl.void.gr.

Others?

digital beggar

digital beggar: n.
A person who seeks information, cannot access it and asks friends with (university) access for help.

It’s no wonder that the single biggest use of stolen University logins is to download papers.

Update: Please read Matt Blaze’s “Shaking Down Science“

RSS feeds

Με μια μικρή καθυστέρηση (σε σχέση με το πότε είχα υποσχεθεί) μια σταχυολόγηση από τα RSS feeds που παρακολουθώ. Δίνω τα blog URLs και όχι τα feeds:

Μερικές παρατηρήσεις: Η παραπάνω λίστα δεν είναι πλήρης. Λείπουν τα ελληνικά blog (π.χ. το πλέον προφανές). Δεν υπάρχουν blog εξαιρετικών sysadmins όπως π.χ. του Σωτήρη και του Άγγελου. Φίλων για πάνω από 15 χρόνια: past, chstath, dsin, ktroulos. Το κεραμίδι :) Τα blog των κουμπάρων μου: Δημήτρης, Χρήστος, UrBaN και Ποντικός.

Το εύκολο θα ήταν να “σηκώσω” το αρχείο OPML. Αλλά με την ευκαιρία έριξα και ένα μικρό συγίρισμα.

at&c0s0=1

The last few days I am experiencing connection problems and when at home I am on 33600bps doing mostly work related stuff. I have come to appreciate alpine even more.

Broadband has spoiled me.

mailing lists

“Τι λες για ένα post με θέμα τι mailing lists, και rss feeds παρακολουθείς; :)”

Πρότεινε πριν κάτι εβδομάδες ένας φίλος. Οι mailing lists δεν είναι και πολλές:

Interesting People. Η λίστα που τρέχει ο David Farber. Ενδιαφέρουσες συζητήσεις που αφορούν το Δίκτυο σε τεχνικό και πολιτικό επίπεδο, όπως και την ιστορία του. Σχεδόν όλοι όσοι “έγραψαν” διαδικτυακή ιστορία συμμετέχουν σε αυτή.
sage-members. Η λίστα που τρέχει το SAGE group του USENIX. Εάν είσαι system administrator, επιβάλλεται να είσαι γραμμένος στο SAGE (και κατ’επέκταση και στη λίστα). Πραγματική πηγή γνώσης και επίλυσης αποριών.
SOCNET. Mailing list για social networks. Το βασικό forum της INSNA.

Με μικρότερη συχνότητα:

cisca-l. Για αυτούς που ενδιαφέρονται για πράγματα όπως το CISA certification και τις αντίστοιχες περιοχές της ασφάλειας των Πληροφοριακών Συστημάτων.
cryptography. Για τους νοσταλγούς των cypherpunks.
securitymetrics. ” Πως μπορώ να μετρήσω την ασφάλεια;” Αυτό το αφηρημένο ερώτημα που μπορεί να κάνει ο “από πάνω” ή ο πελάτης και που δεν μπορεί να απαντηθεί “με ζυγαριά”.
imap-protocol. Οτιδήποτε σχετικό με το πρωτόκολλο IMAP.
imap-use. Ότι δε χωράει από πάνω και από κάτω :)
imap-uw. Ότι αφορά το UW-IMAP toolkit.
anti-spam-wg / anti-abuse-wg. Το anti-spam-wg μετασχηματίστηκε στο anti-abuse-wg ώστε να είναι ένα forum συζήτησης και για άλλου τύπου online abuse και όχι μόνο (email) spam.
dns-wg. Για οποιοδήποτε ερώτημα σχετικά με το DNS μέσα στο RIPE community.
ipv6-wg. Θέματα IPv6, όπως υλοποίηση, routing και migration.

Δύο newsgroups που παρακολουθούσα, αλλά τώρα επισκέπτομαι μόνο περιστασιακά:

Εχω γραφτεί και σε αρκετά groups στο LinkedIn, αλλά δε μπορώ να πω πως τα παρακολουθώ.

Ξεχνάω μερικά; Μπορεί. Όποιος έχει κέφι ας προσθέσει στα σχόλια.

(Τα RSS feeds ~~αύριο~~ αργότερα)

weird dns problems are routing problems

This is a story we dealt with some months ago. After a major upgrade of the pipes that connect us with one of our upstreams (lets call them O) our support lines started getting complaints that certain sites could not be reached (RapidShare was a notable example). At first this was thought to be a temporary routing problem, but as calls started to amass within the hour, we looked further into it.

Since we already had a list of sites that were not reachable, we used the first tool one uses at such situations: traceroute. What I immediately observed was that prior to failing, traceroute took sometime to execute. Could it be that the DNS servers and not the web sites were not reachable?

Since we run a separate setup that forwards queries to OpenDNS, I used that DNS server, and traceroute worked! So it indeed was a routing problem, only it was not a routing problem to the web site itself, rather to its name servers who were unreachable by our DNS servers. Tracerouting by hand to the IP addresses of the DNS servers of the “problematic” domains verified that. Luckily we could reach OpenDNS, who in turn could reach (and cached) the DNS servers we could not.

While in fact a very small part of the Internet was not reachable at the time, due to the fact that lots of DNS servers serving other domains lived there, a significantly larger part of the web was invisible. Such issues do occur when your DNS and your hosting provider are networks appart.

We opened a ticket with O and tried to resolve the situation. It seemed that the problem was a case of asymmetric routing, since answers to our packets were returning via our other upstream (lets call them F). The weirdness of describing the problem confused at first the routing engineers at F who could not believe that we were using DNS servers that were not forwarding to theirs. Luckily their DNS master is a good friend and helped get past that quickly. They (F) located the problem to the configuration of one of their upstreams (lets call them L). They opened a ticket and we all waited. In the mean time they (F) devised a backup plan, in case L did not want to cooperate. But they did.

So when you think (or are told) that a web site is unreachable, always check whether its DNS servers are reachable first.

So you think you know traceroute…

sage-members has a very interesting thread on traceroute, including a presentation by Richard A. Steenbergen given at NANOG: “A Practical Guide to (Correctly) Troubleshooting with Traceroute” [pdf]

[Thanks gkoutep]

The retweet “botnet”

@travelplanet24 had the idea to ask users to come up with a catchy tweet that would be retweeted many times for marketing purposes. They were sucessful enough, since the majority of the greeks that I follow retweeted #tp24Lon almost making it impossible to read the stream that I follow.

I felt DDoSed and I objected strongly. I will not go into legal, technical and moral issues of what can be considered spam in a medium like twitter. I am simply one of those 45,7% users who use the web browser as their client and such campaigns, when successful, are annoying because of the limited (== none) filtering capabilities available from the web client. Unfollowing people to prevent this is just like disconnecting from the Net to stop a spam outburst. To be fair, of the people I follow only one more complained and a second one retweeted my objection.

What I find more interesting is that @travelplanet24 effectively managed to construct a retweet botnet where, in contrast to the usual botnets, the participants consciously retweeted the message. While the first time that such a trick is used may be considered successful, it may be a one time only stunt. With 45,7% of the users still using the web client, imagine two or more different such campaigns running at the same time. We need both a better web client and better standalone clients.

At least @travelplanet24 said that their next campaign, if any, will last less time.