News archive March 2018 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023

2018-03-30 More FT8 on the 2 meter band
I have now tried FT8 on the 2 meter band several times. One time I received a message via FT8 to try it on the 70cm band too but I haven't figured out the right frequency on that band yet.

DX contacts have been made into England, France and Germany. Furthest 2 meter contact at the moment is 323 kilometers. From the doppler shift I see the most probably reason for these distances is aircraft scatter, which means I'm using big metal reflectors in the sky to bounce my signal, without even paying for an airplane ticket.

I'm looking forward to 'E-skip' and other phenomena that can make 2 meter radio signals reach larger distances. I wonder what that will bring me.

Tags: , ,
2018-03-24 Trying FT8 on the 2 meter band
The different radio bands also have quite different properties. The HF bands below 30 MHz have ionospheric refraction which lets the signal return to earth in far away places. The VHF bands (30-300 MHz) are usually only line of sight, signals usually will not get beyond the horizon.

Recently I saw mention of the FT8 mode on the 2 meter band. Specifically here: Essex 2M Activity Day Update - Essex Ham and VHF FT8 - M1AVV.

This inspired me to give it a try myself. It took a bit of searching to find the right frequency for FT8 on 2 meter. I found out it's 144.178 MHz so I started trying there and soon made my first contacts with Dutch amateurs at reasonable distances. But from time to time I saw signals from further away than was possible, for example England and France. My best guess is that aircrafts reflect the signals. I also saw doppler shift in signals which confirms aircraft reflections.

After a few tries I was able to make my first contacts at nice distances in the Netherlands.

Tags: ,
2018-03-19 Building my own balun, part 1: idea and parts needed
I was considering hanging a dipole antenna outside. This would need a balun and I realized that I have a good outdoor-capable balun hanging in the attic. It's a Fritzel 1005 1:1 current balun which is good up to 300 watts power.

I am not going to use 300 watts under the roof close to other equipment and the balun there does not need to be rain proof. So the idea was born to build a smaller balun for use under the roof and have the Fritzel balun available for outdoor use.

And last Saturday was a hamfest (radio onderdelenmarkt Rosmalen) so I had an idea of things I wanted for this project.

Parts needed for a current balun:
  • A ferrite core with the right specifications
  • Wire with enamel coating
  • An SO239 socket
  • Terminals for connecting the dipole wires
  • A case
The various collections of electronics parts only missed the SO239 socket and a case. Those were found at the hamfest for a nice price.

The choice of design is a current balun or a voltage balun. I had to do some searching to find a good comparison between the two, and DX engineering has one at Baluns: Choosing the Correct Balun - DX Engineering which has:
Current baluns, rather than voltage baluns, should be used whenever possible. Current baluns provide better balance and often have lower loss. Current baluns, especially 1:1 ratio baluns, tolerate load impedance and balance variations much better than voltage baluns.
Some searches found good explanations of building your own baluns, I found a very clear explanation at VK6YSF project page.

So I'm building a current balun, and when it's finished enough to test it I will measure how it is doing. I have the tools like the SARK100 antenna analyzer that I can control from Linux and a dummy load so I can check everything.
Read the rest of Building my own balun, part 1: idea and parts needed

Tags: , ,
2018-03-19 (In augustus 2012 kreeg ik spam gericht aan een belg en bleek mijn adres op een spamlijst voor vlaams...)
Google+Koos van den Hout : In augustus 2012 kreeg ik spam gericht aan een belg en bleek mijn adres op een spamlijst voor vlaams-belgische bedrijfscontactpersonen te staan: de lijst kostte toen 199 euro.
En nog steeds krijg ik met enige regelmaat spam voor dezelfde doelgroep: . Het geeft alles bij elkaar wel een aardig overzicht van bedrijven die blijkbaar zo'n spamlijst gewoon gebruiken.
2018-03-16 Meer spam voor een Belg
Het gaat rustig door, ruim 5 jaar sinds de eerste spam die te herleiden was tot een belgische lijst. Ook vandaag, dit keer spam voor Desvo veilingen die blijkbaar ook dezelfde spamlijst gekocht hebben.

Tot nu toe was alle spam die ik dacht te herleiden naar deze bron nederlands / vlaams. Gericht op inkopers bij bedrijven. Maar nu eentje in het frans, maar uiteindelijk te herleiden tot Fruit at work die tweetalig werkt. En later op dezelfde dag Neopost weer gewoon in het nederlands maar volgens de mail ook via "B2Best Belgique" die op het web niet terug te vinden is.

Eerder, eerder, eerder, eerder, eerder.

Tags: ,
2018-03-15 Working on having the right IP address in the apache logs
I noticed the access_log for various websites being tested on the new homeserver all had the IPv6 address of the haproxy I configured in the logs and not the original IP address.

The fun bit is I have set up the right Apache mod_remoteip settings, RemoteIPHeader and RemoteIPInternalProxy and this was tested and working with Require ip rules. But it turns out the default logging formats use the %h logging variable which is not changed by mod_remoteip. Since I want IPv6/IPv4 addresses in the logs that can be resolved later I changed to the %a variable which is the Client IP address which can be changed by mod_remoteip.

Changed options:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %O" common
LogFormat "%a %{HOST}i %l %u %t \"%r\" %s %b %{User-agent}i %{Referer}i -> %U" vcommon

Tags: , ,
2018-03-14 Try anything as an open webproxy
It seems any open port can be tried as an open webproxy. An open webproxy is interesting for hiding tracks or getting around restrictions. But some of the scans are getting stupid. There are still a lot of other tcp-based services, not everything is HTTP.

From recent logs:
Mar 14 13:46:42 greenblatt nnrpd[20297]: unrecognized GET / HTTP/1.0                                                                             
Mar 14 13:46:47 greenblatt nnrpd[20299]: unrecognized OPTIONS / HTTP/1.0                                                                         
Mar 14 13:46:52 greenblatt nnrpd[20301]: unrecognized OPTIONS / RTSP/1.0                                                                         
And this gem of distributed scanning:
Mar  8 08:45:00 greenblatt sm-mta[6355]: w287j0dE006355: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:00 greenblatt sm-mta[6359]: w287j0V0006359: []: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:00 greenblatt sm-mta[6360]: w287j0lM006360: []: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:04 greenblatt sm-mta[6353]: w287j4lq006353: []: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:04 greenblatt sm-mta[6356]: w287j4io006356: []: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:04 greenblatt sm-mta[6357]: w287j4h0006357: []: probable open proxy: command=GET HTTP/1.1\r\n
Mar  8 08:45:05 greenblatt sm-mta[6358]: w287j5pu006358: []: probable open proxy: command=CONNECT HTTP/1.0\r\n
Mar  8 08:45:05 greenblatt sm-mta[6354]: w287j5bt006354: [] (may be forged): probable open proxy: command=GET HTTP/1.1\r\n
Interesting timing and coordination on this one, looks like some form of central control was involved.

Tags: ,
2018-03-12 I participated in the EA PSK63 Contest 2018
As planned I participated in the EA PSK63 contest 2018 last weekend. As this contest starts at 16:00 UTC and not the usual 12:00 UTC I decided to again try my luck as single operator on the 40 meter band only (SO 40 DX for this contest).

Contacts were made Saturday evening and Sunday morning and afternoon. Sunday at 12:45 UTC I gave up on finding any new callsigns on the 40 meter band and decided to switch to the 20 meter band. Conditions were not very good and I think I made some errors copying serial numbers or on the decision whether to count a contact as valid. And at least two calls had me in their log but my log was not convinced we made a contact around that time.

In the end I made 125 contacts, 79 on the 40 meter band and 46 on the 20 meter band. Looking at the results of previous years I thought I would end up with a higher ranking with the 79 contacts on the 40 meter band only so I entered in that category. The 20 meter contacts will only count as checking for the other participants.

The one that got away: I saw an amateur from Thailand call CQ but my answer did not make it back there.

A nice contest. I was able to practice fast contacts a bit even in difficult conditions. As usual with all contests I also uploaded my score to the Veron Afdelingscompetitie where our local chapter A08 is doing ok.
Read the rest of I participated in the EA PSK63 Contest 2018

Tags: , ,
2018-03-07 ()
Google+Koos van den Hout : Another sighting of an RFC2322 implementation. Really nice that these show up from time to time!
2018-03-05 Obfuscating powershell with -encoded and UTF-16
In some files I noticed a vbs file where I expected something else. Vbs sounds like visual basic script so I directly started looking for malware. And indeed I saw suspicous code, with a for me new type of obfuscation.

The vbs has one really long line, beginning with:
CreateObject("Wscript.Shell").Run("powershell -w hidden -ep bypass -enc aQBuAHYA
and at the end:
Which looked very base64-like to me. But standard tools could not find out what it was:
$ base64 -d < base64part | file -
/dev/stdin: data
But with a second look I could make out something:
$ base64 -d < base64part | xxd | less
0000000: 6900 6e00 7600 6f00 6b00 6500 2d00 6500  i.n.v.o.k.e.-.e.
0000010: 7800 7000 7200 6500 7300 7300 6900 6f00  x.p.r.e.s.s.i.o.
0000020: 6e00 2800 2200 7b00 3400 3800 7d00 7b00  n.(.".{.4.8.}.{.
0000030: 3100 3200 7d00 7b00 3200 3800 7d00 7b00  1.2.}.{.2.8.}.{.
0000040: 3100 3000 3300 7d00 7b00 3200 3100 7d00  1.0.3.}.{.2.1.}.
0000050: 7b00 3900 7d00 7b00 3100 3000 3600 7d00  {.9.}.{.1.0.6.}.
0000060: 7b00 3700 3000 7d00 7b00 3200 3800 7d00  {.7.0.}.{.2.8.}.
0000070: 7b00 3800 7d00 7b00 3000 7d00 7b00 3200  {.8.}.{.0.}.{.2.
0000080: 7d00 7b00 3400 3100 7d00 7b00 3100 3100  }.{.4.1.}.{.1.1.
0000090: 3300 7d00 7b00 3600 3600 7d00 7b00 3000  3.}.{.6.6.}.{.0.
Suddenly there is UTF-16 powershell code. Or when I simply cat it to a terminal:
-f "t","2"," ",".","i","f","C","'","c","o","2",")","n","n","0","c","'","/",
It looks like some kind of array mapping, but I have no idea how to decode this into readable code to check what it does. I am quite sure it can't be up to any good if I keep finding levels of obfuscation!

Tags: ,
2018-03-04 Trying a bit of radio at a holiday park
Last week we were staying in a holiday home in the Ardennen area in Belgium. Temperatures were constantly below zero which can make my fibermast break easily according to the instructions. I also forgot to bring a side cutter so setting up the fibermast with the rubber profile at every level would be hard to take down again. This made it a bad idea to leave it up overnight.

Due to the cold and me having a serious cold as well it took a few days before I got around to a bit of amateur radio. When I got around to setting up the mast it went reasonably well. The ground was frozen so I needed a hammer to get the pegs into the ground for the guy wires. The foot of the fibermast decided to slip away and the tip fell against a wall, but no damage.

When the mast was up and the dipole hanging the local RF noise turned to be at the same S8 level I am used to at home and it was very hard to make a contact. I tried 40 meter FT8 with transmit power dialed back to 25 watt since the radio itself started showing signs of RF interference. One partial contact was made (no full exchange of signal reports).

And then I noticed gardeners working on pruning bushes everywhere and working in my direction so I disassembled the mast again and took all the parts back in.

For next time I may find some plate to anchor the foot of the fibermast so it can't slip away. Maybe a plate with a big hole in it for the mast and two small holes for tent pegs.

Tags: , , ,
2018-03-02 I am planning to participate in the EA PSK63 contest 2018
This year I am planning to participate again in the EA PSK63 contest edition 2018. Although the weekend is not completely free there will be time to get as many spanish stations and others in the log as possible.

Time to find out if I can improve my score from participating in the EA PSK63 contest in 2016.

Tags: , ,
2018-03-01 An interesting bug in age-old Perl Net::SNMP code
I recently noticed the network traffic statistics weren't updated correctly for the LAN interface of my Draytek Vigor 130 modem. These statistics were extracted using code that I originally started using at the computer science systems group somewhere in the previous decade. It's all Perl Net::SNMP and not very efficient. I don't know if I wrote it myself or copied from somewhere else, I do know a new bug was introduced.

To understand the code it is important to realize that interface index numbers in SNMP are dynamic. Across a reboot a certain number can change. Interface names are static, but those are never used directly in SNMP.

So to get from a static interface name to a dynamic interface index the interfaces.2.1.2 subtree (ifDescr) has to be fetched from the device and checked for the right names. To get the interface index from an snmp object identifier I used to use this bit of code:
# find the current interface indices for the wanted ^ interfaces
foreach my $oid (oid_lex_sort(keys(%table))) {
    if (oid_base_match($ifTable_ifDesc,$oid)){
#        printf("%s => %s\n", $oid, $table{$oid});
        if (defined $wantstuff{$table{$oid}}){
            # I am lazy. I fill a hash with the interface indices so I can
            # use it for lookups
        #    printf "Found ifindex %d for %s\n",$wantstuff{$table{$oid}}{ifindex},$table{$oid};
But note how the current ifDesc subtree is from the modem:
IF-MIB::ifDescr.1 = STRING: LAN
IF-MIB::ifDescr.4 = STRING: VDSL
IF-MIB::ifDescr.5 = STRING: Resrved
IF-MIB::ifDescr.6 = STRING: 
IF-MIB::ifDescr.7 = STRING: 
IF-MIB::ifDescr.8 = STRING: 
IF-MIB::ifDescr.20.101.1 = STRING: WAN1
IF-MIB::ifDescr.21.101.1 = STRING: WAN2
IF-MIB::ifDescr.22.101.1 = STRING: LAN_PORT1
Using that rindex function there are 4 instances of index 1. Which caused the very similar code looking for the ifInOctets, ifOutOctets and other counters to overwrite the result for index 1 with those from WAN1, WAN2 and LAN_PORT1.

So that code is now improved, no more rindex but a well-defined use of length:
# find the current interface indices for the wanted ^ interfaces
foreach my $oid (oid_lex_sort(keys(%table))) {
    if (oid_base_match($ifTable_ifDesc,$oid)){
        #printf("%s => %s\n", $oid, $table{$oid});
        if (defined $wantstuff{$table{$oid}}){
                        my $intindex=substr($oid,length($ifTable_ifDesc)+1);
                        #printf "Submatch found ifindex %d for %s\n",$intindex,$table{$oid};
            # I am lazy. I fill a hash with the interface indices so I can
            # use it for lookups
            #printf "Found ifindex %d for %s\n",$wantstuff{$table{$oid}}{ifindex},$table{$oid};

Tags: , ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.55 2022/12/12 15:34:31 koos Exp $ in 0.041334 seconds.