News archive July 2011 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2011-07-28 (#) 8 years ago
RTV Drenthe logo screen capture 2011-07-27 DVB-T service scan today, with an interesting service showing up:
tune to: QAM_AUTO f = 570000 kHz I999B8C999D999T999G999Y999 
(time: 10:52) set_frontend: using DVB API 5.1
>>> tuning status == 0x0f
>>> tuning status == 0x1f
SDT (actual TS)
        service = Nickelodeon/TeenNick (Digitenne)
        service = 13th Street (Digitenne)
        service = SLAM!TV (Digitenne)
        service = TV Drenthe  tijdelijk (Digitenne)
        service = BBC Radio 1 (Digitenne)
        service = BBC Radio 2 (Digitenne)
        service = BBC Radio 3 (Digitenne)
        service = BBC Radio 4 (Digitenne)
Due to the recent transmitter tower collapse in Hoogersmilde RTV Drenthe is currently available FTA in the entire country on Digitenne. So I was able to make a screengrab.

One interesting side-effect was mentioned on the tx-list: RTV Drenthe was received in South-east London on 586Mhz (channel 35) on Thursday, over 300 kilometer from the intended service area. This is due to the signals from the Goes transmitter making it over the water.

Tags: , , ,
2011-07-26 (#) 8 years ago
An article which reads like the reporter got introduced to low-security VoIP trunks and caller-id spoofing services for the first time: Authorities say 911 call in Wyckoff hoax came from fake, computer-generated phone number - NorthJersey.com.
The 911 caller whose hoax prompted a tense police standoff in a quiet Wyckoff neighborhood used a computer to mask the origin of the call, authorities said Sunday.
A computer crime expert is quoted:
[..] the 911 call likely originated from a so-called IP phone that makes calls over the Internet. Such phones are increasingly common and allow users to choose the phone number that would appear on caller identification devices [..]
They hope to trace the user back to the original IP of the SIP call. I wish them lots of luck finding the IP in the first place: I don't think a lot of the 'wholesale SIP trunking' or 'Caller-ID spoofing services' will log them. They might have more chance of finding the account and the billing information.

Found via Attack on 'Cyberbullying' critic prompts raid by armed cops - The Register.

Tags: , ,
2011-07-24 (#) 8 years ago
Most of the attempts at toll fraud through an asterisk server set to catch and record these are lately for a number matching +97259xxxxxxx which according to Telephone numbers in Israel - Wikipedia is a 'Jawwal' mobile number in Palestina. Interesting... not a really expensive call to make but I can imagine a certain interest in hard-to-trace calls to that part of the world, especially since these seem to be routed via Israel. According to the explanation on Telephone numbers in the Palestinian territories - Wikipedia +970 is also the country code for Palestina but it depends on which country you are calling from whether +970, +972 or both work. Politics in phone numbers. The +970 route was never tried via my asterisk.

Tags: , , ,
2011-07-23 (#) 8 years ago
I was watching BBS: The Documentary again and that inspired me to put some more stuff on-line at bbs.idefix.net. Stuff now on: Fidonet standards descriptions.

Tags: , ,
2011-07-18 (#) 8 years ago
First good catch after updating the scripts for capturing the audio on attempts at toll fraud through an asterisk server, some calls with incoming audio logged to disk, and some with absolute silence. The calls with audio have serious noise in the background, my best guess is airco noise. But some typing can be heard, some other sounds and one even with a word at the end. I added some audio from that last one.

Boiler-room type telecoms fraud operation? You decide!

What this does mean to me is that someone is actually doing real work to find opportunities for routing calls without paying. This is not an automated script, this is an actual person doing the work.
Listen to audio attachment:
MP3 media: Wrong number airco noise (rightclick, select save-as to download)

Tags: , , ,
2011-07-15 (Big news in the Netherlands: the transmission tower at Hoogersmilde (north/east part of the country)...) 8 years ago
Google+Koos van den Hout : Big news in the Netherlands: the transmission tower at Hoogersmilde (north/east part of the country) collapsed after a fire. I collected some of the links to pictures and videos and added comments in English in a posting on my homepage:
2011-07-15 (#) 8 years ago
Big transmission news in the Netherlands today: the transmission tower/mast collapsed in Hoogersmilde after a fire and the transmission tower/mast in Lopik was shutdown after a small fire because the fire department wanted to be really sure about the situation after the collapse in Hoogersmilde.

Collected links to pictures / videos : A bit of history:

Tags: , , ,
2011-07-15 (#) 8 years ago
I added the .local domain to the nameserver at home as a way to make sure avahi-related queries never escape onto the big Internet. But it seems avahi tests for the presence .local by querying for the SOA record in the DNS and disables itself when that is available. So every time an avahi implementation starts a query for .local has to 'escape' or avahi won't work. Not what I had in mind.

I disabled this .local domain in the local resolver until I can find a way to configure bind9 to return NXDOMAIN without querying the root servers.

Information via Avahi and Unicast Domains .local.

Tags: , ,
2011-07-15 (#) 8 years ago
I updated the scripts for capturing the audio on attempts at toll fraud through an asterisk server so there is some call progress sound before the 'wrong number' recording is played. I also switched from MixMonitor to Monitor which saves incoming and outgoing audio separately, so it is easier (for me) to check the incoming audio for interesting bits.

This is what the asterisk code now looks like:
exten => _00.,1,Set(filename=${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)})
exten => _00.,n,Monitor(wav,wrongnum-${filename})
exten => _00.,n,Playback(wrong/callprogress)
exten => _00.,n,Goto(wrongnumber,s,1)
And you can hear what the 'caller' would hear in the attached mp3 file.
Listen to audio attachment:
MP3 media: Wrong number capture (rightclick, select save-as to download)

Tags: , , ,
2011-07-14 (#) 8 years ago
Just did a dvb-t services scan and I even found a new (to me) service: the new multiplex at 570 MHz, logged in DVB-T reception log for 20110714. I have received the DVB-H KPN Mobiel TV service on that frequency before so it is not a surprise, but seeing this multiplex on this frequency still counts as 'new'.

Tags: , , ,
2011-07-13 (#) 8 years ago
I did it.. I joined Google+. I actively avoided Facebook sofar and waited very long before joining Twitter but I got a reasonably early invite to Google+ and took it. The invite was from a German user so it took some changing settings before Google+ changed its userinterface language to english for me. Lots of people I know from certain places are on Google+ so there is something to read.

Google+ urls are somewhat unreadable: my page is at https://plus.google.com/114168607206195341184 so I added a redirect as http://gplus.idefix.net/.

Tags: , ,
2011-07-13 (#) 8 years ago
End of an era: today we changed all computer science e-mail addresses to forward to central mail addresses where a big exchange server does all the work. After years of running the e-mail service, including dealing with problems like viruses and spam it still feels weird. Almost all local delivery has been stopped, postfix just has a big list of aliases now.

A history for as far as I can deduce (most way before I worked there) :
UUCP mail with a telebit trailblazer modem
SMTP based mail, sendmail
Postfix (cs.uu.nl ran postfix before it was called postfix) with mboxes/imap
Postfix with maildir / imapssl

I'll still be running my own e-mail setup at home, based on sendmail, my personal choice in mailer. But that's a different story.

Tags: ,
2011-07-13 (#) 8 years ago
Trying to clear out an old e-mailarchive (13215 messages) with the Thunderbird e-mail client (selecting all messages older than a month, pressing shift-delete) makes Thunderbird unresponsive for hours and in the end the mail is still not deleted.

Doing the same in the right place on the server with
# find . -mtime +31 | xargs rm
takes less than 30 seconds and Thunderbird rereads the folder fine.

Tags: , , ,
2011-07-12 (#) 8 years ago
Gisteren in de volkskrant een stukje over acquisitiefraude. Eigenlijk ook een vorm van Social engineering. Meestal wordt de term 'Social engineering' gebruikt voor het verzamelen van informatie rond computers maar ik zou in navolging van de uitspraken over social engineering bij 'Off The Hook' de term ruimer willen interpreteren. Ook de manieren waarop acquisitiefrauders proberen hun slachtoffers te benaderen vallen keurig in het rijtje van social engineering.

En nog even dit: de officiele website van het 'steunpunt acquisitiefraude' is http://www.fraudemeldpunt.nl/. Maar wat krijg je als je niet de voor de hand liggende domeinnamen registreert? Dan doet iemand anders dat wel en krijg je dus sites als www.acquisitiefraude.nl, www.advertentiefraude.nl, www.fraudemeldpunt.com volgens het artikel in de volkskrant allemaal van een van de bekendere acquisitiefrauders.

Tags: ,
2011-07-06 (#) 8 years ago
Meer informatie over de nieuwe keuze in het aanbod van digitale televisie bij Ziggo. Ziggo maakt nieuwe pakket indeling bekend - Digitale Kabeltelevisie. De eerder voorspelde Wie nu een enkel thema-pakket heeft van 3,95 per maand zal om alle zenders te behouden minstens moeten overstappen op het plus pakket dat per maand 8 euro extra kost lijkt uit te komen.

We hebben het 'kennis en nieuws' pakket, origineel aangevraagd om toegang te hebben tot Journaal24, maar we kijken ook wel eens naar Geschiedenis24. In de nieuwe opzet kost toegang houden tot die laatste 8 euro per maand, ten opzichte van 3.95 nu.

Ik denk dat we zonder Geschiedenis24 kunnen, voor die prijs kan je nog eens windows booten en via de Geschiedenis24 website de Silverlight stream kijken.

Tags: ,
2011-07-06 (#) 8 years ago
Vermakelijk nieuws: er was iemand die wel een businesscase zag in grootschalige fraude met ov-chipkaarten. Dat heeft Translink Systems altijd ontkent, het was allemaal theoretisch. Deze keer werd de poging snel ontdekt, maar ik ga er van uit dat binnen de kortste keren iemand dit beter probeert.

Via Gekraakte OV-chipkaarten massaal verhandeld - Webwereld. Voor degenen die probeerden met de kaarten iets te doen minder leuk: Reizigers dupe van vervalste OV-chipkaarten - Webwereld.

Met een mooi advies van TLS
De voorlichter heeft een duidelijk advies aan reizigers: "Advies aan de consument is deze kaart niet aan te schaffen, want ook het reizen met gemanipuleerde kaarten is en blijft strafbaar.

Tags: , ,
2011-07-01 (#) 8 years ago
It is well-known that all IPv4 address blocks are either allocated or reserved for very good reasons, but some IP addresses in logs still make me think 'huh?' when I see them, thinking they might be reserved when they are for sure given out now. Stuff like:
Jul  1 09:12:17 greenblatt sshd[841]: Invalid user data from 1.9.21.4
Jul  1 09:12:23 greenblatt sshd[846]: Invalid user data from 1.9.21.4
Jul  1 09:12:26 greenblatt sshd[849]: Invalid user data1 from 1.9.21.4
Jul  1 09:12:28 greenblatt sshd[851]: Invalid user data2 from 1.9.21.4
Jul  1 09:12:34 greenblatt sshd[858]: Invalid user data4 from 1.9.21.4
Jul  1 09:12:37 greenblatt sshd[862]: Invalid user data1 from 1.9.21.4
Even the ssh scanners are popping up in the 'new' IPv4 ranges. And a quite stupid one too.

Tags: , ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.030965 seconds.