News items for tag network - Koos van den Hout

2016-11-10 Backup to .. the cloud! 4 years ago
So I now have some cloudstorage space available also via webdav and I am working on using this for backups. The main idea is to have a daily backup to the cloud service and do the tape backups less often.

I still want incremental backups so I can go back to specific older versions of files. So I want to use amanda for backups. I installed the davfs2 package to be able to mount the webdav filesystem and access it from Linux. The first few clues come from Set Up Virtual Tapes - Amanda Howto but I had to switch to the chg-multi driver as described in Backup to Virtual Tapes on a non-UNIX Filesystem - Amanda Howto because the webdav filesystem does not support symlinks.

I/O performance during the backup isn't ideal and the vdsl uplink is completely full during the filetransfer. Maybe I need to slow down the backup process a bit and ratelimit the webdav transfer.

Tags: , ,
2016-11-07 The future of the Internet is IPv6 4 years ago
Just read Internet Architecture Board Statement on IPv6 with:
The IAB expects that the IETF will stop requiring IPv4 compatibility in new or extended protocols. Future IETF protocol work will then optimize for and depend on IPv6.

Preparation for this transition requires ensuring that many different environments are capable of operating completely on IPv6 without being dependent on IPv4 [see RFC 6540]. We recommend that all networking standards assume the use of IPv6, and be written so they do not require IPv4. We recommend that existing standards be reviewed to ensure they will work with IPv6, and use IPv6 examples. Backward connectivity to IPv4, via dual-stack or a transition technology, will be needed for some time.

Tags: , ,
2015-03-05 Am I part of an interesting attack? 5 years ago
Noticable traffic:
13:06:15.787470 IP (tos 0x0, ttl 110, id 27178, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0x48c7 (correct), 2310054019:2310054019(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.188187 IP (tos 0x0, ttl 92, id 14152, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0x2c3a (correct), 1627317698:1627317698(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.588698 IP (tos 0x0, ttl 96, id 64188, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0x6e9f (correct), 249296256:249296256(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.989469 IP (tos 0x0, ttl 97, id 54770, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0xa3fc (correct), 3532061815:3532061815(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.390192 IP (tos 0x0, ttl 92, id 5400, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0xaae9 (correct), 1786797457:1786797457(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.792734 IP (tos 0x0, ttl 81, id 42621, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0x925d (correct), 3619031271:3619031271(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:18.193910 IP (tos 0x0, ttl 81, id 6384, offset 0, flags [DF], proto TCP (6), length 52) > xx.xx.xx.xx.53: S, cksum 0x5712 (correct), 841083335:841083335(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
The variation in ttl values suggests a distributed denial of service attack trying to make me part of it.

Tags: , ,
2015-02-25 Samsung TV decides the Internet is broken 6 years ago
Currently our Samsung 'smart' TV is convinced the Internet is broken and refuses to start any of the applications. According to some network protocol sniffing the TV decides this purely based on a DNS query for which takes an interesting CNAME tour. According to what I can find this hasn't changed when the smart TV stopped working so this must be something in the software in the TV itself.
; <<>> DiG 9.4.2-P2.1 <<>> a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39167
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;               IN      A

;; ANSWER SECTION:        253     IN      CNAME 3171 IN    CNAME 253 IN      CNAME 2765 IN CNAME 853 IN CNAME 14      IN      A

;; Query time: 0 msec
;; SERVER: 2001:980:14ca:42::18#53(2001:980:14ca:42::18)
;; WHEN: Wed Feb 25 20:20:34 2015
;; MSG SIZE  rcvd: 244
Online there are some similar messages: Smart TV mayhem for Sony and Samsung users after central servers go down, Internet-Ausfall bei Samsung Smart-TV

According to some reports the fix is simple: Users fix Samsung Smart TV down time themselves – Two workarounds known which both hardcode an Akamai IP for and skip the CNAME chain. Remember when DNS manuals told you CNAME chains were a bad idea? They still are, I guess. I implemented the fix locally with pdns-recursor and the export-etc-hosts option which allows me to serve an A record for (the IP I get from the CNAME chain). And indeed, the smart TV applications work again.
Read the rest of Samsung TV decides the Internet is broken

Tags: , ,
2014-03-01 Netgear GS716Tv2 switch and IPv6 management 6 years ago
Sharing my earlier experiences with the hidden telnet interface on the Netgear GS716T switch was appreciated by someone else with a Netgear GS110p switch: "Hidden" CLI interface on Netgear GS110TP. So I guess this is a feature on multiple netgear switches.

And that article made me look at the firmware version, finding in the release notes for the newer version:
New Features:
* Add IPv6 management, IPv6 ACL, and IPv6 DiffServ support.
I like that feature a lot! And indeed, after upgrade and setting the IPv6 management address:
Read the rest of Netgear GS716Tv2 switch and IPv6 management

Tags: , ,
2013-12-16 (#) 7 years ago
Ik vroeg me recent af wat het aanbod is in access-points voor thuis met dual-radio support, dus tegelijkertijd actief op 2.4 GHz en 5 GHz. Op de 5 GHz band is minder storing maar niet alle apparaten die wifi gebruiken ondersteunen 5 GHz. En 802.11n op 2.4 GHz doen is volgens mij asociaal omdat je dan helemaal andere netwerken in de buurt stoort.

Toevallig blijkt het agentschap telecom het met me eens te zijn: Met een combi-router ben je goed voorbereid op de Wi-Fi van de toekomst - Agentschap Telecom.

Dus liefst heb ik een access-point met dual-radio, 802.11n ondersteuning alleen op 5 GHz, WPA2 en niet te veel stroomgebruik. Het lijkt soms dat 2 access-points met verschillende settings wel eens goedkoper in aanschaf kunnen zijn dan eentje met al deze opties, alleen dan vast in stroomgebruik niet.

Tags: , , ,
2013-12-10 (#) 7 years ago
Conrad maakt in z'n laatste mailing reclame voor een Conrad POF thuisnetwerkkabel starterkit. Alleen ik kan nergens terugvinden hoe snel data over plastic optic fiber (POF) kan. Ik dacht uit het verleden dat dit beperkt was tot 100 megabit maar misschien is er een nieuwe standaard die wel tot gigabit gaat.

Plastic optic fiber kan een goeie aanpak zijn om in huis langere afstanden te overbruggen zonder terug te vallen op ethernet over stroomnet. In de voordelen van plastic optic fiber noemt Conrad ook Geen afstraling (elektrosmog). Ik zou 'geen radiostoring' een betere omschrijving vinden, maar dit spreekt natuurlijk meer aan.

Tags: , ,
2013-11-19 (#) 7 years ago
Interesting DNS problem:
hout0101@monitoring:~$ getent hosts
hout0101@monitoring:~$ telnet 80
telnet: Name or service not known Unknown host
Found out after serious searching that this was caused by the /etc/resolv.conf line:
options rotate
Of the 3 available nameservers, numbers 2 and 3 decided to negatively cache for good reasons earlier. Options rotate counts per program which means the impact isn't that big for short-lived programs. I guess telnet does a query before querying the nameserver for the needed address to connect to.

Tags: , ,
2013-07-19 (#) 7 years ago
My speedtest on T-Mobile umts The predicted change from KPN to T-Mobile took a bit longer than predicted but it has finally happened. Network speed is now 1 mbit down and 32 kbit up according to speedtest.

Somebody I spoke about it wondered whether there was a data subscription included at all or this was the rate at which things could get expensive fast but the T-Mobile business website confirms that this is the slowest data subscription available from T-Mobile NL.

Tags: , , ,
2013-05-29 (#) 7 years ago
I checked for updates of NDPMon, an IPv6 neighbour discovery protocol monitor and noticed I was way behind the current times. I also found out it can now monitor multiple network interfaces in once instance of the program, so I can keep an eye on both wired and wireless networks at home.

Do take the advice of using the 'learning' mode of NDPMon as mentioned in the documentation for NDPMon. It makes getting the entire correct router advertisment correct into the datafile correctly so much easier. Downside is you have to run at a quiet time and after each IPv6 network reconfiguration.

It would also be nice if NDPMon would report on which interface certain traffic was seen.

Update: Ok, NDPMon still manages to warn about a router configuration it has learned itself. I found a remark in the NDPMon documentation/configuration page:
Under the tag addresses are listed the IPv6 global addresses of the router. This is not required for the tool to work properly, but can be useful is the router send NA messages for its global addresses (to avoid raising NA router flag alerts).
So I added the global IPv6 addresses of the routers, let's see if this decreases the noise.

Tags: , , ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newstag.cgi,v 1.34 2020/12/31 15:36:31 koos Exp $ in 0.018529 seconds.