Koos picture small

Koos van den Hout

Welcome. This is my homepage where I write about my opinion, projects, things I note, things I try and other random stuff. Newsitems have tags for a bit of structure.

Latest news/thoughts/geeking/rants/notablog

2015-04-01 New country for me in amateur radio: Afghanistan 8 hours ago
Spotting T6T on pskreporter I saw T6T active on 10 meter PSK31 this afternoon, fading in and out. And quite popular with other stations, Afghanistan is a rare country to see active on amateur radio. But one go he saw my reply and we managed to have a short contact. Right after the contact he faded away completely again!

Tags: , ,
2015-03-30 Don't try to use my system to attack another 2 days ago
A growing part of the 'Internet background noise' that my server is receiving seems to be tcp syn packets from faked source addresses. I mentioned this before in Am I part of an interesting attack?. Looking at the traffic with p0f shows that the source addresses (and ports!) are constant but the operating system and the time to live changes so these probably come from multiple hijacked systems:
174.128.225.126:57282 - Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC]
  Signature: [8192:93:1:52:M1460,N,W8,N,N,S:.:Windows:?]
  -> xx.xx.xx.xx:80 (distance 35, link: ethernet/modem)
174.128.225.126:57282 - UNKNOWN [8192:87:1:52:M1460,N,W8,N,N,S:.:?:?]
  -> xx.xx.xx.xx:80 (link: ethernet/modem)
174.128.225.126:57282 - UNKNOWN [8192:85:1:52:M1460,N,W8,N,N,S:.:?:?]
  -> xx.xx.xx.xx:80 (link: ethernet/modem)
174.128.225.126:57282 - Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC]
  Signature: [8192:98:1:52:M1460,N,W8,N,N,S:.:Windows:?]
  -> xx.xx.xx.xx:80 (distance 30, link: ethernet/modem)
174.128.225.126:57282 - UNKNOWN [8192:81:1:52:M1460,N,W8,N,N,S:.:?:?]
  -> xx.xx.xx.xx:80 (link: ethernet/modem)
174.128.225.126:57282 - Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC]
  Signature: [8192:116:1:52:M1460,N,W8,N,N,S:.:Windows:?]
  -> xx.xx.xx.xx:80 (distance 12, link: ethernet/modem)
174.128.225.126:57282 - Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC]
  Signature: [8192:102:1:52:M1460,N,W8,N,N,S:.:Windows:?]
  -> xx.xx.xx.xx:80 (distance 26, link: ethernet/modem)
Read the rest of Don't try to use my system to attack another

Tags: ,
2015-03-29 RF into a networkcard crashing a computer 3 days ago
I recently had the main PC that is connected to the amateur radio crash regularly when I was active on the 20 meter amateur band (14.000 - 14.250 MHz) which is at the moment the most interesting band for me. This PC is thompson, a Dell OptiPlex 745. This led to serious annoyances as cqrlog, the logging program I use depends on MySQL which handles crashes badly. I got very good at recovering the database and reinstalling cqrlog.

I thought it was time for a new PC but in the mean time I was dismantling some other old PC's and found an Intel E-1000 gigabit network card. Since the network switch thompson is connected to always showed strange activity after the PC had crashed I wondered if the on-board network card of the PC was the main cause. So I disabled the on-board network interface and installed the Intel E-1000 card.

So far the PC hasn't crashed since installing the card. I have been active on the radio two evenings since the installation.

Tags: , ,
2015-03-29 Publishing my QSL policy 3 days ago
I was reading the Electron magazine of the Veron radio club and it had a mention of rising costs of QSL forwarding. The article asked radio amateurs to clearly publish their QSL policy so other amateurs don't send cards when they don't want them.

My own policy is that I like receiving QSL cards so I'll send them out myself to amateurs that appreciate them. But a confirmation via eQSL is also good. In digimodes eQSL is quite popular so I already gathered a collection of incoming eQSL cards.

So I updated the PD4KH amateur radio and PD4KH profile on qrz.com with my QSL policy. I suggest others do this too.

2015-03-27 Overly interested Amazon EC2 nodes 5 days ago
On Camp Wireless and The Virtual Bookcase I see the following pattern in the access logs:
2620:108:700f::36bc:aade - - [27/Mar/2015:13:27:11 +0100] "GET / HTTP/1.1" 302 298 "-" "curl/7.36.0"
2406:da00:ff00::36e2:d963 - - [27/Mar/2015:13:27:38 +0100] "GET / HTTP/1.1" 302 298 "-" "curl/7.36.0"
Constant requests, 2 or 3 per minute from Amazon EC2 IPv6 addresses just requesting the / using curl. Over the day I now see 1334 unique addresses with at most 5 requests from one url.

The same pattern as described in Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances - Server Fault with no real answer to the why.

It's not a problematic amount of traffic, I'd just like to understand what is happenning!

Tags: , , , , ,
2015-03-25 New country for me in amateur radio: Qatar 1 week ago
eQSL confirming contact with A71AE
Confirmation of contact with A71AE
Last evening I saw A71AE active on 20 meter PSK63. After he worked a number of other station I answered his CQ and we had a short but good contact. And I already have it confirmed via eQSL.

Tags: , ,
2015-03-24 (The camb-hams will do it again: they will be active on satellites and other propagation modes, this ...) 1 week ago
Google+Koos van den Hout : The camb-hams will do it again: they will be active on satellites and other propagation modes, this year from May 15-21 2015 from locator IO76EJ island of Mull.
2015-03-24 New antenna for outdoor plans 1 week ago
The main thing I shopped for when I visited the Landelijke Radio Vlooienmarkt was a simple antenna for 10/20/40 to use while camping. To get the most out of not too much space I decided to mainly look for an endfed antenna. This is a simple wire with a transformer at the end. Not the perfect antenna, but a compromise between size, performance and ease of deployment.

LW-10 antenna Browsing the offerings I found an LW-10 antenna which covers 40 to 6 meter (7 to 50 MHz) and was sold to me by the nice people of www.cbradio.co.uk. I wanted to test it at home and last evening I had the chance.
Read the rest of New antenna for outdoor plans

2015-03-23 Unexpected facilities at CPAN 1 week ago
From the spambox:
How are you doing today, I am miracle 24 yearls old girl, i saw your profile today at googlesearch cpan.cse.msu.edu - i like it, then i decided to contact you for going into deep rellastionship between me and you
I know CPAN is a lot, but I never saw it as a dating site.

Tags: , , ,
2015-03-23 Meer mobiel geschikte pagina's 1 week ago
Recent gaf google me allemaal meldingen dat mijn websites niet goed zouden werken op mobiele apparaten (telefoons, tablets). Het gevolg is dan dat google bij zoeken vanaf mobiele apparaten de sites ook minder aantrekkelijk zou vinden.

Mijn eerste gedachte was dat dat me niet zoveel uitmaakt omdat de gemiddelde bezoeker van mijn sites wel vanaf een desktop of laptop PC komt. Maar aan de andere kant doe ik simpele dingen ook vaker vanaf een tablet tegenwoordig en zag in ieder geval mijn homepage er daarop niet uit. En sites als Camp Wireless hebben zeker een mobiel publiek.

Alleen liep mijn kennis wat achter. De laatste keer dat ik serieus keek naar sites voor mobiele devices was toen WAP de oplossing was. Dus maar eens de informatiepagina's gelezen die google aangaf, over viewport gebruik en media queries voor CSS.

Voor de meeste sites is het een simpele CSS aanpassing om een en ander mogelijk te maken. Onder een bepaalde breedte hebben de 2 kolommen die ik vaak gebruik niet zoveel zin. Dus met de media query dit opgelost. Nu langzaam maar zeker sites aanpassen. En van sommige sites moeten echt dingen aangepast worden (juist camp-wireless..) omdat daar nog deels verouderde technieken gebruikt worden die aanpassingen voor mobiel moeilijk maken.

Tags: ,
2015-03-22 The Heard Island DXpedition book 1 week ago
First I have to describe to 'other' visitors of my pages what a DXpedition is: operating radio from a remote location which is on the wish-list of many radio amateurs who want to make contacts with as much countries/locations as possible. Radio amateurs will visit such a place and set up antennas and radios to make those contacts possible.

I just finished reading the VK0IR DXpedition book. It's a great description of the Heard Island DXpedition in 1997. Just 18 years ago, but a lot has changed. Supporting a major amateur radio event via the Internet/World wide web was a new thing back then. Nowadays, not doing that would be unthinkable.

And, the Heard Island 2015 DXpedition is being planned! I usually avoid making contact with DXpeditions because it's just trying to get through a wall of radio amateurs trying to make that contact (what radio amateurs call a "pile-up") but it can be done, so I may try to get this one.

Tags: , ,
2015-03-21 (In het Autotron is nog wel iets te zien over auto's. Maar ik ben er vandaag natuurlijk voor de landelijke...) 1 week ago
Google+Koos van den Hout : In het Autotron is nog wel iets te zien over auto's. Maar ik ben er vandaag natuurlijk voor de landelijke radio vlooienmarkt.
2015-03-20 Morgen Landelijke Radio Vlooienmarkt 1 week ago
Morgen is het tijd voor de 40e Landelijke Radio Vlooienmarkt in het Autotron in Rosmalen. Ik ga er weer van harte heen!

Tags: ,
2015-03-18 (So true) 2 weeks ago
Google+Koos van den Hout : So true
2015-03-05 A new distance record in HF for me 3 weeks ago
A new distance record in HF for me this evening: I had a PSK31 contact with someone 5 kilometers away!

My other current distance record is an RTTY contact to the island of Aruba at a distance of 7908 kilometers.

Tags: , ,
2015-03-05 Am I part of an interesting attack? 3 weeks ago
Noticable traffic:
13:06:15.787470 IP (tos 0x0, ttl 110, id 27178, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x48c7 (correct), 2310054019:2310054019(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.188187 IP (tos 0x0, ttl 92, id 14152, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x2c3a (correct), 1627317698:1627317698(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.588698 IP (tos 0x0, ttl 96, id 64188, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x6e9f (correct), 249296256:249296256(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.989469 IP (tos 0x0, ttl 97, id 54770, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xa3fc (correct), 3532061815:3532061815(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.390192 IP (tos 0x0, ttl 92, id 5400, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xaae9 (correct), 1786797457:1786797457(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.792734 IP (tos 0x0, ttl 81, id 42621, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x925d (correct), 3619031271:3619031271(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:18.193910 IP (tos 0x0, ttl 81, id 6384, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x5712 (correct), 841083335:841083335(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
The variation in ttl values suggests a distributed denial of service attack trying to make me part of it.

Tags: , ,

News archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015

The person

Father, cat owned/owner, Unix/Linux fan, Internet user, reader, recumbent byciclist, snowboarder, ipv6 fan. For those who don't speak Dutch: how to pronounce Koos van den Hout.

The job

Specialist information security at Utrecht University with a modern Profile page.
 

Search idefix.net

Custom Search

Visitor using legacy IPv4

Your IPv4 address is 54.146.178.218 in United States

Other webprojects I work on

Weather projects

Weather station

Temperature : 8.4 °C
Humidity : 88.1 %
Airpressure : 1009.3 hPa

Contact

Use the e-mail address in the address box and use PGP private secure e-mail when possible.

Pages on specific projects

Loads more pages


Koos van den Hout, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key DSS/1024 2C66 3B5D F0D7 C263 local copy PGP key DSS/1024 2C66 3B5D F0D7 C263 via keyservers pgp key statistics for 0x2C663B5DF0D7C263 Koos van den Hout
This page is best viewed with any browser in any resolution. Some browsers will wait with rendering most of the page until allmost all HTML is loaded. RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
This page generated by $Id: index.cgi,v 1.57 2015-03-22 14:26:06 koos Exp $ in 0.118342 seconds.