News archive March 2019 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2019-03-29 Still looking for the correct frequency for FT8 on the 70 centimeter band 1 year ago
Although FT8 does great work for weak signal reception on HF bands it's also nice for the 2 meter band and the 70 centimeter band. So after lots of tries with the 2 meter band I decided to give the 70 centimeter band another try. But, there is one thing: there aren't many stations active in FT8 on 70 centimeter and even when one is active in the nearby area that station may be on a different FT8 frequency. The real standard is not there yet.

Until now I've seen:
  • 432.174 MHz
  • 432.176 MHz
  • 434.670 MHz
I check for activity via the PSKreporter site. My two FT8 on 70 centimeter contacts where on 432.174 and 432.176.

Tags: , ,
2019-03-24 Now also mapping 70cm gridsquares 1 year ago
In the past week I made my second 70cm FT8 contact, and again with another amateur in the JO22 gridsquare. So the map for 70cm gridsquares contacted and confirmed isn't very spectacular yet, but I'm going to generate and maintain it anyway.

Now in the list of maps at pe4kh.idefix.net.

Tags: ,
2019-03-22 Distributed authenticated smtp scanning 1 year ago
I noticed a lot of entries in my mail logging about aborted smtp transactions
Mar 22 21:04:04 gosper sm-mta[30180]: x2MK437r030180: [193.169.254.68] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:04:58 gosper sm-mta[30229]: x2MK4vv0030229: [185.234.217.222] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:05:25 gosper sm-mta[30307]: x2MK5Oas030307: [193.169.254.68] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:06:01 gosper sm-mta[30328]: x2MK5xAc030328: [185.234.217.222] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:06:02 gosper sm-mta[30331]: x2MK5xg5030331: [185.222.209.209] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v6
And I wondered what was going on, until I did a capture of the session and had a look:
    1   0.000000 185.234.217.222 → 82.95.196.202 TCP 68 55448 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
    2   0.000314 82.95.196.202 → 185.234.217.222 TCP 68 25 → 55448 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
    3   0.034751 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [ACK] Seq=1 Ack=1 Win=65536 Len=0
    4   6.038967 82.95.196.202 → 185.234.217.222 SMTP 395 S: 220-gosper.idefix.net ESMTP Sendmail 8.15.2/8.15.2/Debian-8; Fri, 22 Mar 2019 21:00:55 +0100; (No UCE/UBE) | 220-   This is a private SMTP server. | 220-   The use of this or any related system for the transmission of | 220-   Unsollicited Bulk E-mail (UBE) is prohibited. | 220 logging access from: [185.234.217.222](FAIL)-[185.234.217.222]
    5   6.072501 185.234.217.222 → 82.95.196.202 SMTP 76 C: EHLO 82.95.196.202
    6   6.072915 82.95.196.202 → 185.234.217.222 TCP 56 25 → 55448 [ACK] Seq=340 Ack=21 Win=29312 Len=0
    7   6.073011 82.95.196.202 → 185.234.217.222 SMTP 267 S: 250-gosper.idefix.net Hello [185.234.217.222], pleased to meet you | 250-ENHANCEDSTATUSCODES | 250-PIPELINING | 250-EXPN | 250-VERB | 250-8BITMIME | 250-SIZE | 250-DSN | 250-ETRN | 250-STARTTLS | 250-DELIVERBY | 250 HELP
    8   6.106154 185.234.217.222 → 82.95.196.202 SMTP 68 C: AUTH LOGIN
    9   6.106585 82.95.196.202 → 185.234.217.222 SMTP 86 S: 503 5.3.3 AUTH not available
   10   6.141445 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [FIN, ACK] Seq=33 Ack=581 Win=65024 Len=0
   11   6.141775 82.95.196.202 → 185.234.217.222 TCP 56 25 → 55448 [FIN, ACK] Seq=581 Ack=34 Win=29312 Len=0
   12   6.174430 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [ACK] Seq=34 Ack=582 Win=65024 Len=0
Each session starts ESMTP and even with the ESMTP reply not listing AUTH the next command is 'AUTH LOGIN' for authenticated smtp, and as soon as my server denies offering this the session gets aborted. This does mean no failed authentication attempt is logged which would trigger fail2ban.

This does look like a bit of a distributed attack, but without the network remembering that the attack is not going to work in this way and therefore trying it again and again.

Update: IPs active in this scanning attack sofar: 185.234.217.222 193.169.254.68 185.234.219.56 37.49.225.232 185.222.209.202 141.98.80.15 114.207.112.188 185.222.209.209 23.227.207.215 185.211.245.170 141.98.80.17 89.248.171.176 185.211.245.198 164.132.45.117 37.49.225.224 119.176.218.216 103.114.104.175 37.49.225.47 103.207.37.40 37.49.227.49 185.234.219.57

Update 2019-03-24: I noticed the incorrect EHLO above and looked at options for HELO/EHLO checking in sendmail. Searching did not show a lot of options, trying with the $&s delayed s macro did not fire on the given HELO/EHLO. So I kept searching and found the latest sendmail administration guide ('Bat book') with FEATURE(block_bad_helo). I activated this feature to see if it stops some of this traffic.

Tags: ,
2019-03-19 Time to update putty 1 year ago
An interesting bit of news: SSH client gets patched after RSA key exchange memory vuln spotted.
The fixes implemented on PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.
Get your updated putty at the PuTTY download page.

Update: Interesting visual change in putty: informational lines from the client are now prefixed by a putty logo. This could make it harder to mislead the user in certain attacks.

Tags: , ,
2019-03-17 Still working and sometimes struggling learning morse 1 year ago
Every week there is an hour of morse training at my radio club, see article CW cursus op PI4UTR (Dutch). And I'm going there every week I can, as learning morse is an important part of my amateur radio resolutions for 2019.

We're training with the G4FON morse trainer which uses the Koch method (order of characters to learn) to learn morse and so-called Fairnsworth timing (playing the dits and dahs of the characters at the high speed but leaving room to think about what you just heard).

I am doing ok, now we're getting to the level of 37 characters I have a hard time remembering the newest characters. Constant exercise seems the only way to fix this a bit, making exercises with just the characters I keep making mistakes in, although I can go blank again on new characters when switching to testing the whole set. As soon as I get reasonable low amounts of errors I'll try to raise the speed (by raising the effective speed, the dits and dahs of a single letter still come at 15 words per minute).

I want to learn this, with the plan to pass the Belgian CW test some day, and get up to enough speed to be able to participate in morse parts of contests and DX contacts. But there will be a lot of practice before I'm at that level.

Tags: , ,
2019-03-13 Scam mail really on the rise 1 year ago
According to “FINAL WARNING” email – have they really hacked your webcam? - Naked Security there is a big flood the last day(s) of "Sextortion" scam mails going around. Don't fall for these. It's all fake.

Tags: , ,
2019-03-13 My lineup of amateur radio related podcasts 1 year ago
I like hearing about other experiences in amateur radio from around the world. Podcasts are an easy way to hear experiences, news and opinions from other amateurs. And they fit nicely into my daily commute.

The list of amateur radio related podcasts I follow:

Tags: , ,
2019-03-12 A stupid extortion attempt: with an embedded image 1 year ago
A new level of stupid in the "I have you on video watching porn" extortion scams: the whole message embedded as an image, including the instructions to carefully cut and paste the bitcoin wallet address.

Links: Report history for 12Vso1cRX7zQovZG4wH7RAz2HqtdW1Lvek - Bitcoin Abuse Database, Bitcoin Address 12Vso1cRX7zQovZG4wH7RAz2HqtdW1Lvek.

Before, before, before.

Tags: , ,
2019-03-11 I participated in the EA PSK63 contest 2019 1 year ago
PSK63 contest in fldigi This weekend was the EA PSK63 Contest and I participated Saturday evening, Sunday morning and a bit Sunday afternoon. I planned to participate in this contest so I set up the endfed antenna outside Friday evening because I would be away most of the Saturday daytime.

With the current radio propagation and a serious part of my participation after sunset I decided to enter in the single operator 40 meter category. I made 106 contacts, with 25 different spanish provinces in the log (out of 52 possible province codes). Spain by itself has 50 provinces with Ceuta and Melilla not counting as a province but they do count in the contest.

I also participated in the EA PSK63 contest 2016 with 60 contacts and EA PSK63 contest 2018 with 125 contacts (but only 79 in the 40 meter band).
Read the rest of I participated in the EA PSK63 contest 2019

Tags: , ,
2019-03-08 Another extortion attempt mentioning video 1 year ago
In the inbox this morning, another attempt at extortion.
Subject: IMPORTANT! You have been recorded masturbating! I have Koos Website.mp4!

Hi there,

The last time you visited a porn website with teens,
you downloaded and installed the software I developed.

My program has turned on your camera and recorded
the process of your masturbation.

My software has also grabbed all your email contact lists
and a list of your friends on Facebook.

I have the - Koos Website.mp4 - with you jerking off to teens
as well as a file with all your contacts on my computer.

You are very perverted!

If you want me to delete both the files and keep the secret,
you must send me Bitcoin payment. I give you 72 hours for the payment.

If you don't know how to pay with Bitcoin, visit Google and search.

Send 2.000 USD to this Bitcoin address as soon as possible:

34vKT8SpK2zYAgJUDww9ih1o7Ky3JKmCdP
(copy and paste)

1 BTC = 3,850 USD right now, so send exactly 0.525386 BTC
to the address provided above.
Do not try to cheat me!
As soon as you open this Email I will know you opened it.
I am tracking all actions on your device.

This Bitcoin address is linked to you only,
so I will know when you send the correct amount.
When you pay in full, I will remove both files and deactivate my program.

If you don't send the payment, I will send your masturbation video
to ALL YOUR FRIENDS AND ASSOCIATES from your contact lists I hacked.

Here are the payment details again:

Send 0.525386 BTC to this Bitcoin address:

----------------------------------------
34vKT8SpK2zYAgJUDww9ih1o7Ky3JKmCdP
----------------------------------------


You саn visit police but nobody can help you. I know what I am doing.
I don't live in your country and I know how to stay anonymous.

Don't try to deceive me - I will know it immediately - my spy software is
recording all the websites you visit and all keys you press.
If you do - I will send this ugly recording to everyone you know,
including your family.

Don't cheat me! Don't forget the shame and if you ignore this message your
life will be ruined.

I am waiting for your Bitcoin payment.
You have 72 hours left.

Anonymous Hacker
Given the address it's clear someone managed to visit this website. Actually hacking my computer and removing the webcam cover or installing the webcam is harder!

Bitcoin links: Report history for 34vKT8SpK2zYAgJUDww9ih1o7Ky3JKmCdP - Bitcoin Abuse Database and Bitcoin Address 34vKT8SpK2zYAgJUDww9ih1o7Ky3JKmCdP.

Tags: , ,
2019-03-08 Nieuwe experimenten met RFID kaarten 1 year ago
Na mijn experimenten met RFID kaarten in 2011 heb ik er een tijd niets aan gedaan. Het afgelopen half jaar kwam het onderwerp weer op door wat beveiligingsvragen rond RFID kaarten en heb ik weer de software uitgezocht.

Naast de linux tools is RFID support onder Android nu ook normaal en ik heb ontdekt dat NFC TagInfo by NXP prima software is om snel een kaart te onderzoeken. Bij sommige MiFare classic kaarten geeft deze software dan al een melding dat er standaard bekende sleutels ('factory default keys') gebruikt worden.

In vergelijking met 2011 is het wel anders dat Mifare classic kaarten met een wijzigbare UID (uniek kaartnummer) gewoon te koop zijn (zoek op 'UID changeable card') en de wijziging kan met nfc-mfsetuid wat onderdeel is van libnfc en dus bij een moderne linux uit package libnfc-examples komt. Een complete clone van een mifare classic kaart is dus prima mogelijk, zie bijvoorbeeld deze beschrijving: Cloning Mifare 1K cards (engelstalig).

Tags: ,
2019-03-04 Terug van snowboard vakantie 1 year ago
We zijn een week op wintersport vakantie geweest naar het gebied van Serfaus-Fiss-Ladis in Tirol. Ons onderdak was een leuk appartement in Ladis, vlak aan de piste en we hebben ons prima vermaakt met snowboarden en een dag bergwandelen. Na een onderbreking van een paar jaar kan ik nog goed snowboarden en heb me ook weer vermaakt met boardercross en mooie afdalingen.

Tags: , , ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.023930 seconds.