News archive May 2010 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2010-05-31 (#) 9 years ago
Vanavond was het wel lastig dat we het zonder CNN moeten stellen op de analoge kabel in Utrecht omdat ik toen ik thuis kwam wel wilde weten wat de laatste ontwikkelingen waren rond de situatie rond de situatie in het midden-oosten. Je zou bijna met een palestijnse vlag gaan zwaaien in plaats van met een oranje.

Tags: ,
2010-05-31 (#) 9 years ago
Messages from the Barracuda E-mail filter are quite useless. When you request information about a specific IP being blocked you get the very, very generic story:
We are sorry you have reached this page because an email was blocked based on its originating IP address having a "poor" reputation. The "poor" reputation may have been caused by one of the following reasons:
  • Your email server contains a virus and has been sending out spam.
  • Your email server may be misconfigured.
  • Your PC may be infected with a virus or botnet software program.
  • Someone in your organization may have a PC infected with a virus or botnet program.
  • You may be utilizing a dynamic IP address which was previously utilized by a known spammer.
  • Your marketing department may be sending out bulk emails that do not comply with the CAN-SPAM Act.
  • You may have an insecure wireless network which is allowing unknown users to use your network to send spam.
  • In some rare cases, your recipient's Barracuda Spam Firewall may be misconfigured.
Which is completely useless when you need information what is causing this listing and whether the spam flow is already stopped. I'm not gambling on trying the 'request removal' link until I know what is causing this.

Barracuda mail filtering: NOT helping solve the spam problem. With some Evil Greedy Corporation conspiracy thinking: really helping stop spam would be bad for business in the long run for Barracuda.


Tags: , , ,
2010-05-26 (#) 10 years ago
De niet maximale snelheid van de ADSL ligt duidelijk niet aan de binnen bekabeling. Ondertussen staat het ADSL modem beneden in de meterkast en is er uit het afbreken van die telefoonlijn naar zolder een interresante verbinding gekomen. Ook een testje zonder ADSL splitter leverde geen echte verandering op. Grappig is dat na het terugzetten van de splitter de snelheid iets omhoog is gegaan (van 13 megabit naar 15 megabit). Gaat vast wel weer een keer omlaag. Ooit had ik een 2draads huurlijn op maar liefst 33.6 kilobit die bij zware regenbuien naar 28.8 kilobit of zelfs minder wegzakte, daar moet ik nu aan terugdenken.
=>:adsl info                     
Modemstate            :  up 
Operation Mode        :  G.992.5 Annex B
Channel Mode          :  interleaved 
Number of resets      :  19 

Vendor                              Local           Remote   
  Country             :               0f               b5 
  Vendor              :             TMMB             BDCM 
  VendorSpecific      :             0000             ff91 
  StandardRevisionNr  :               00               02 

                                  Downstream        Upstream 
Margin       [dB]     :              6.5             16.0 
Attenuation  [dB]     :             21.5             12.5 
OutputPower  [dBm]    :             20.5             13.0 

Available Bandwidth                 Cells/s           Kbit/s 
  Downstream          :            35702            15138 
  Upstream            :             2426             1029 

Tags: , ,
2010-05-26 (#) 10 years ago
The good thing about trying to receive distant transmitters via dvb-t is: when it works, all the results are on the computer. So there is now a script which converts the scan results from all the DVB-T dx experiments into a nice webpage: DVB-T reception log.

Tags: , , ,
2010-05-24 (#) 10 years ago
The Tropospheric ducting forecast for Northwest Europe showed not much happening yesterday evening but I tried a dvb-t scan anyway. No foreign services, but the highest score in services from the Netherlands: 16 active frequencies with 180 services in total. The new find: Digitenne Mux 3 on 554 MHz.

Tags: , ,
2010-05-23 (#) 10 years ago
I guess some kind of bug in the sipscanner at 193.55.30.2 got triggered by my firewalling the IP so asterisk does not 'see' the traffic. The incoming traffic is now up to 70 kilobyte/second. It is all ignored, but that is still a fair chunk of incoming bandwidth being eaten.
Update 2010-05-24 I let asterisk answer the requests for a few packets which slowed down the incoming traffic again to something reasonable. And this morning the traffic was gone which suggests somebody read my report to the security contact.

Tags: , , ,
2010-05-23 (#) 10 years ago
I saw interesting conditions coming up on the Tropospheric ducting forecast for Northwest Europe so I ran a dvb-t scan and indeed found:
tune to: QAM_16   f = 674000 kHz I999B8C23D0T8G4Y0 
SDT (actual TS)
        service = MDR S-Anhalt (ARD)
        service = NDR FS NDS * (ARD)
        service = SWR Fernsehen RP (ARD)
        service = WDR Düsseldorf (ARD)
        service = WDR Wuppertal * (ARD)
        service = WDR Duisburg (ARD)

tune to: QAM_AUTO f = 690000 kHz I999B8C999D999T999G999Y999 
SDT (actual TS)
        service = arte (ARD)
        service = Phoenix (ARD)
        service = Einsfestival (ARD)
        service = Das Erste (ARD)

tune to: QAM_AUTO f = 746000 kHz I999B8C999D999T999G999Y999 
SDT (actual TS)
        service = ProSieben (ProSiebenSat.1)
        service = SAT.1 (ProSiebenSat.1)
        service = kabel eins (ProSiebenSat.1)
        service = N24 (ProSiebenSat.1)
No extra services from the east of the Netherlands, so this must have been some interesting tropospheric ducting. First time for ARD and Prosieben/Sat.1, I have seen the WDR multiplex on that frequency before from Brunssum, a sign this must be a single frequency network. Searching DVB-T Sender Tabelle shows the transmitter at Wesel is the most likely source, a distance of 112 kilometer.

Tags: , , ,
2010-05-22 (#) 10 years ago
Just got in and noticed that the adsl link was particularly s-l-o-w. A tcpdump showed that there was a SIP brute-force attack going on, and with the wondershaper settings this was filling the ADSL upstream to the maximum. In the asterisk logs:
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"607589258"<sip:607589258@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"2737039014"<sip:2737039014@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"hello"<sip:hello@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"ranger"<sip:ranger@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"shadow"<sip:shadow@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"baseball"<sip:baseball@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"donald"<sip:donald@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"harley"<sip:harley@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"hockey"<sip:hockey@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 14:49:08] NOTICE[11238] chan_sip.c: Registration from '"letmein"<sip:letmein@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found

[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
[May 22 17:46:24] NOTICE[11238] chan_sip.c: Registration from '"active" <sip:active@xx.xx.xx.xx>' failed for '193.55.30.2' - No matching peer found
For a total of 284970 attempts. Then I updated the firewall to block this. And send out an abuse report to the ISP.

With tshark the attacks look like:

Session Initiation Protocol
    Request-Line: REGISTER sip:xx.xx.xx.xx SIP/2.0
        Method: REGISTER
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 127.0.0.1:5091;branch=z9hG4bK-1064873464;rport
            Transport: UDP
            Sent-by Address: 127.0.0.1
            Sent-by port: 5091
            Branch: z9hG4bK-1064873464
            RPort: rport
        Content-Length: 0
        From: "instruct" <sip:instruct@xx.xx.xx.xx>
            SIP Display info: "instruct" 
            SIP from address: sip:instruct@xx.xx.xx.xx
        Accept: application/sdp
        User-Agent: friendly-scanner
        To: "instruct" <sip:instruct@xx.xx.xx.xx>
            SIP Display info: "instruct" 
            SIP to address: sip:instruct@xx.xx.xx.xx
        Contact: sip:123@1.1.1.1
            Contact Binding: sip:123@1.1.1.1
                URI: sip:123@1.1.1.1\r
                    SIP contact address: sip:123@1.1.1.1\r
        CSeq: 1 REGISTER
            Sequence Number: 1
            Method: REGISTER
        Call-ID: 3859238695
        Max-Forwards: 70

Tags: , , ,
2010-05-21 (#) 10 years ago
Glenn Fleishman (wireless network expert) has taken the time to completely read and analyze the class-action suit against google for collecting public data from wi-fi networks and tears it to pieces:
You're broadcasting data in an unlicensed band. You have no reasonable expectation of privacy over openly broadcast data.
In my opinion google should not have collected this data. It still sounds like installing kismet and forgetting to configure it completely. Google should wipe this data immediately. Not hand it over to any law enforcement because law enforcement should not have this data either, it should be wiped thoroughly. But starting a stupid lawsuit with falsehoods and lies like:
9. In 2006, Google generated programming code that sampled and decoded all categories of publicly broadcast WiFi data. This type or class of program is commonly called a packet analyzer, also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer ("wireless sniffer"). As data streams flow across the wireless network, the sniffer secretly captures each packet (or discreet package) of information, then decrypts / decodes and analyzes its content according to the appropriate specifications.

10. To view data secretly captured by a wireless sniffer in readable or viewable form, after being captured and stored on digital media, it must then be decoded using crypto-analysis or similar programming or technology. Because the data "as captured" by the wireless sniffer is typically not readable by the public absent sophisticated decoding or processing, it is reasonably considered and understood to be private, protected information by users and operators of home- based WiFi systems.

I get worked up just having to point out the lies and false acquisations in this part. I really hope this suit by Vicki van Valin and Neil Mertz backfires on them.

Running kismet from a wardriver-CD will yield you the same data unless kismet was configured (not the default!) to not save that data. So the above statements are false.


Tags: , , , ,
2010-05-20 (#) 10 years ago
Webmail account phishers sometimes write interesting works of fiction:
We are currently performing maintenance on our Digital webmail Server because it has come to our notice that one or more of our internet subscribers are introducing a very severe virus into our system, thereby hacking into our esteemed customers private data, and this is affecting our network performance by all standards, as well as causing our customers like you so much complications.
.. and after this bit of bad news about the provider their systems seem to be so damaged by the virus they need to ask for the domain name:
In order to ensure you do not experience service interruption, kindly you reply to this email immediately and enter your Domain Name: for example, mail.icb.com.
.. please don't respond to these. Please.

Tags: , ,
2010-05-20 (#) 10 years ago
No this is not the result of an artillery attack on a swimming pool, this was the weather in Oklahoma city on 16 May 2010. Source: Monster hail storm slams Oklahoma city - TornadoVideos.Net

Tags: , ,
2010-05-19 (#) 10 years ago
End of an era: Duke university is to shut down their Usenet server, the place where it all started.
This week marks the end of an era for one of the earliest pieces of Internet history, which got its start at Duke more than 30 years ago.

On May 20, Duke will shut down its Usenet server, which provides access to a worldwide electronic discussion network of newsgroups started in 1979 by two Duke graduate students, Tom Truscott and Jim Ellis.

Working with a graduate student at UNC-Chapel Hill, they came up with a simple program to exchange messages and files between computers at Duke and UNC using telephone modems.

Maybe newer services like twitter and facebook have taken over, but there is still nothing compared to the distributed nature of Usenet. Those services all have centralized storage of their data which means there is one place to delete it. With Usenet, you can't unpublish anything. This is both a blessing and a curse.

Source: Duke To Shut Down Usenet Server - Slashdot


Tags: , ,
2010-05-17 (#) 10 years ago
Ik heb van het weekend eens voor de aardigheid een proefexamen radio amateur novice gedaan. Zonder enige studie vooraf een score van 27 van de 40, om het te halen is een score van 29 nodig. Blijkbaar is er genoeg van mijn MTS electronica blijven hangen. Op specifieke radio techniek en de regels moet ik nog wel het nodige studeren als ik een licentie zou willen halen.

Tags: , ,
2010-05-12 (#) 10 years ago
After a discussion in which I got to quote the Reply-To munging considered harmful I upgraded Ubuntu on my laptop and noticed Thunderbird 3.0.4 recognizes mailing list headers and gives 'Reply', 'Reply all' and 'Reply list' headers depending on what would be correct. Finally!

Tags: , , ,
2010-05-11 (#) 10 years ago
Amusing log entries:
May 11 09:17:01 greenblatt sshd[17063]: Invalid user !@#$%^ from 82.228.181.124
May 11 09:17:03 greenblatt sshd[17076]: Invalid user !@#$%^& from 82.228.181.124
May 11 09:17:04 greenblatt sshd[17088]: Invalid user !@#$%^&* from 82.228.181.124
May 11 09:17:05 greenblatt sshd[17090]: Invalid user !@#$% from 82.228.181.124
May 11 09:17:07 greenblatt sshd[17092]: Invalid user @#$%^& from 82.228.181.124
Quit @#$%^& breaking into my system.

Tags: ,
2010-05-11 (#) 10 years ago
Onderweg op de ligfiets geluisterd naar de podcast met de registratie van de nederlandse d-star ronde van de dinsdagavond ervoor. Van die dingen waar je alleen onderweg aan toekomt. Ik was nogal huiverig om op de ligfiets oordopjes in te doen omdat ik het idee heb dat ik meer op gehoor rij dan op een rechtopfiets. Maar op een uiterst bekende route die ik ook bijna slapend kan rijden en waar ik ook weet waar de lastige plekken zitten is het risico minder groot. Ik heb geen gevoel onderweg gehad dat ik ineens in een gevaarlijke situatie zat. Zo naar amateur radio luisteren doet me wel afvragen of er misschien ook amateur radio rondes zijn in de ochtendspits en avondspits. Ik heb gehoord van Mike Andrews W5EGO dat er in Kansas zo een ronde is op werkdagen. Dat is natuurlijk wel de ultieme versie van 'drivetime radio'.

Tags: , , ,
2010-05-04 (#) 10 years ago
Ok, this one was new to me:
-bash: ./storscript: /bin/bash: bad interpreter: Text file busy
How? the script was copied using scp and there was a hanging sshd (something about a not 100% reliable network).

Tags: , , ,
2010-05-04 (#) 10 years ago
Nu blijkt Glashart media (die onder andere de TV verzorgt voor XMSnet) officieel ook geen BBC door te mogen geven: Glasvezelabonnees kijken illegaal BBC - Webwereld. Alleen laat Glashart de wensen van hun klanten even voorgaan. Een nieuw concept: een televisie-doorgever die beter naar z'n klanten dan naar z'n contentleveranciers luistert. Ik ben benieuwd wat hier uit komt.
Update: Per 12 juni 2010 is Glashart toch gestopt met BBC 1 en 2. Weinig informatie te vinden over hoe en waarom behalve bij wat providers die het Glashart media pakket doorgeven.

Tags: ,
2010-05-04 (#) 10 years ago
htop display with easter egg I like htop as a nicer looking replacement for top. And on one machine I recently noticed this little gem: the uptime has an exclamation mark when it runs over 100 days. And a bit of searching confirms: htop has a real easter egg, confirmed by the author.

Tags: , ,
2010-05-02 (#) 10 years ago
Ik dacht: ik vraag vandaag eens die 'upgrade' aan bij xs4all, van lite-oud 8 megabit naar lite-nieuw 16 megabit, dan doen ze die maandag of dinsdag en dan weet ik waar ik aan toe ben met de bekabeling omdat ik daar toch al wat meer problemen verwacht.

Binnen 5 minuten na 'bevestigen' deed de telefoonlijn hik en stond er ineens 14583 kilobit downstream. Zo automatisch gaat dat blijkbaar, daar is vast geen monteur aan te pas gekomen. Maar er is dus duidelijk ruimte voor verbetering aan de bekabeling: de verbinding is nu niet heel stabiel, de snelheid is al even omhooggegaan naar 14769 en toen weer gezakt naar 12743 kilobit. Tijd om te kijken hoe een en ander beter kan. Maar aangezien de telefoon ook wat raars doet kijk ik even verder naar mogelijkheden.


Tags: ,
2010-05-01 (#) 10 years ago
De adsl verbinding had weer een slechte dag vandaag, de downstream snelheid was gezakt van 8006 naar 7344 kilobit. Maar eens de telefoonlijn die voor adsl gebruikt wordt nagekeken en het bleek dat deze lijn een rare aftakking had. Dat helpt natuurlijk niet. Die aftakking er af gehaald en toen schoot de noise margin weer omhoog. En na een hint naar het modem om even de snelheid opnieuw te bepalen was het weer 8006 kilobit.
De optie om de hele lange telefoonkabel op te heffen en het adsl modem beneden te zetten blijft natuurlijk. Maar dan moet er weer iets met utp kabel door het huis.

Tags: , ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.035028 seconds.