Friday, June 02, 2000
Captain Napalm Goes To Court, II
I was stressing out. I left the house a bit too late and I'm stuck at a draw bridge not a quarter mile from the court house and it's 10:00 am.
Oh my God! I think. The Judge is going to throw contempt of court charges my way for being late. The bridge finally goes down, I drive to the parking garage, and by 10:15 am I show up in the Jury Reception Room where the officer tells me to wait, the bailiff will show up in a few minutes and collect me.
A few minutes later the bailiff comes around and leads me down several back corridoors behind the court room. My demeanor is one of doom—I'm sure I'm in trouble for being late, but the bailiff doesn't seem to be upset that I'm late and in fact, the impression is that I'm not late at all.
I'm releaved when I'm shown into the jury deliberation room and find the other six jurors sitting there, waiting.
So I sit down and start reading.
Around 10:40 pm, the bailiff comes in and escourts us to the court room where we take our seats. The judge then informs us he has good news and bad news.
The bad news? We are no longer required for jury duty.
The good news? We are no longer required for jury duty.
It seems the case was settled with the defendant pleading guilty and getting 15 years. The judge thanked us for our time and handed out certificates of appriciation.
I was upset that we had to return the official Jury PinsTM.
So that's that.
An Easy Way to Update your Webpage, II
After arriving home, I took a few hour nap then resumed work on the fun project for a friend. I only did the email interface and she requested a web interface as well.
Pretty easy work.
Saturday, June 03, 2000
Gurgle gurgle
Gurgle
Gurgle
Gurgle
By then the sound had finally penetrated my sleep and I thought Is something wrong with the toilet again?
Glub gurgle
Gaaah, I thought. I'll need to check this out. So I got up and headed towards the bathroom.
And stepped into a few millimeters of water pooling on the floor. Great! It apparently had just started happening so the damage to the books on the floor of the bathroom wasn't much, if any. And the rug had absorbed most of the water anyway. The toilet looked okay, so I did an experimental flush.
And watched in horror as the water filled right up to the brim before going all the way down. Very odd behavior. Then I noticed the shower stall was filled with water.
That's not a good sign.
I retrieved the plunger and started to plunge the drain in the shower stall. It didn't seem to be doing anything. Plunge plunge plunge, watch watch watch plunge plunge plunge watch watch watch. Then suddenly the water started draining out, but I'm still not convinced my plunging had anything to do with it.
I took an experimental flush of the toilet. It worked fine.
Now what was that all about?
An Easy Way to Update your Webpage, III
I finished and debugged the fun project today, and made a bunch of stupid mistakes while doing it. I have to remember to keep straight the fact which server I'm doing the testing from and compile the program appropriately.
Sunday, June 04, 2000
Everything you wanted to know …
I found
Dan Berstein's website via
a
Slashdot
discussion on exploits. His site has a lot of good technical
information about the various TCP/IP protocols like SMTP,
FTP and DNS. It's worth reading.
“Captain! We're being scanned!”
So I'm running monnet, a network monitor I wrote when I caught a
portscan of my network, using SUNRPC. Curious, I run nmap on the
offending machine and get the following:
Interesting ports on XXXXXXXX.XXXXXXXX.XXXXXXXX (XXX.XXX.XXX.XXX): Port State Protocol Service 21 open tcp ftp 23 open tcp telnet 25 open tcp smtp 53 open tcp domain 79 open tcp finger 80 open tcp http 98 open tcp linuxconf 111 open tcp sunrpc 113 open tcp auth 119 open tcp nntp 137 filtered tcp netbios-ns 138 filtered tcp netbios-dgm 139 filtered tcp netbios-ssn 513 open tcp login 514 open tcp shell 515 open tcp printer 520 filtered tcp efs 655 open tcp unknown 676 open tcp unknown 681 open tcp unknown 686 open tcp unknown 1024 open tcp unknown TCP Sequence Prediction: Class=random positive increments Difficulty=2284334 (Good luck!) Sequence numbers: C3909E99 C3E1B596 C3907551 C34F8007 C3F3F4E4 C3924E90 Remote operating system guess: Linux 2.1.122 - 2.1.130
Amazing. Simply amazing. I don't know what's worse—RedHat making their default installation
so open (and it was RedHat, I checked the web server running on the box and
it said as much) or that this person didn't realize what he (I checked
finger and it reported back a masculine name as being logged in)
got himself into when putting a RedHat box and the end of a cable modem.
So I wrote the person the following:
[spc]linus:/home/spc>telnet XXX.XXX.XXX.XXX smtp Trying XXX.XXX.XXX.XXX... Connected to XXXXXXXX.XXXXXXXX.XXXXXXXX Escape character is '^]'. 220 XXXXXXXX.XXXXXXXX.XXXXXXXXESMTP Sendmail 8.9.3/8.9.3; Sun, 4 Jun 2000 01:29:33 -0700 helo linus.slab.conman.org 250 XXXXXXXX.XXXXXXXX.XXXXXXXX Hello IDENT:XXXXXXXXXXXXXXXXXXXXXXXXX [XXX.XXX.XXX.XXX], pleased to meet you mail from:<sean@conman.org> 250 <sean@conman.org>... Sender ok rcpt to:<XXXXXXXX> 250 <XXXXXXXX>... Recipient ok data 354 Enter mail, end with "." on a line by itself From: sean@conman.org To: XXXXXXXX@XXXXXXXX.XXXXXXXX.XXXXXXXX Subject: Thanks for portscanning my network ... I'd like to thank you for port scanning my home network, especially from a system with FTP, TELNET, SMTP, DNS, FINGER, HTTP, LINUXCONF and a slew of other services open and running on your freshly installed RedHat installation of Linux. If you have no idea what I'm talking about, then let me inform you that your system may have been compromised by someone. Just letting you know. -spc . 250 BAA21935 Message accepted for delivery quit 221 XXXXXXXX.XXXXXXXX.XXXXXXXX closing connection Connection closed by foreign host. [spc]linus:/home/spc>
I'm wondering how he'll respond.
Monday, June 05, 2000
Meet Nova Dandyplanet
My Glam Name is apparently “Nova Dandyplanet.”
Putting Down Roots in Earthquake Country
I checked snail mail today and I received a package from my Dad in the mail. Various articles about making money on the Internet (“Are you a millionaire yet?” he keeps asking) along with a brochure: “Putting Down Roots in Earthquake Country.”
Dad, you see, lives in Califorina.
I wonder if he's trying to tell me something …
My Dad, the Golfer
Dad also called me today, wanting to know how I was doing (he does not, nor does he want to, own a computer) and what he's been up to.
It looks like this year he's trying out for the PGA Senior Tour. He said there are two qualifications to try out: You're over 50 (which he is) and you have a handycap of less than 3.5 (or something like that, which he does—he's a very good golfer). So if things work out, I'll get to see Dad on the TV, playing golf (which has to be the most boring thing in the world. But that's okay, because Dad considers this computer stuff the most boring thing in the world).
Freaky FreeBSD, now with LSD …
So I'm still working on this project for a client. I have the program done, I just need to recompile it for their platform, FreeBSD. No big deal, it's UNIX, right?
So I move over the two parts of the program, a library I wrote, and the main program. The library compiles fine. No problem. I then go to compile the program.
$ make gcc -I ../lib/src -DUNIX -DFREEBSD -g -c -o obj/calclog.o src/calclog.c gcc: src/calclog.c: No such file or directory gcc: No input files specified *** Error code 1 Stop. $
Odd, I think. What's going on?
$ ls -l src/calclog.c -rw-r--r-- 1 admin admin 3620 Jun 5 15:39 src/calclog.c $
It's there. Let me try it by hand …
$ gcc -I ../lib/src -DUNIX -DFREEBSD -g -c -o obj/calclog.o src/calclog.c $ ls -l obj/calclog.o -rw-r--r-- 1 admin admin 3364 Jun 5 21:37 calclog.o $
Okay, now I'm stumped.
Gurgle gurgle, II
My roommate Rob answered the door. An older gentleman there asks if we've been having any plumbing problems. Upon hearing this, I head towards the front door.
“Yes,” I said. “This past Saturday.”
“Okay, there's a problem with the sewer system here and we can't repair it until tomarrow, so until then if you can keep the water usage to a miminum that would help,” he says.
“Okay, will do,” I said.
Ah, so that explains the odd behavior I saw on Saturday.
make errors, not programs
Well, I found the
problem with FreeBSD. It seems that
make acts very oddly when a subdirectory called obj exists
and it changes into that directory before doing any compilations. And since
my makefile uses relative directories of course they're going to
fail since the directories are relative to the parent directory, not to the
one named obj.
Funny, I never encountered this problem before using make.
Then again, I never used a directory named obj before either, but I
didn't think that would matter.
While the man page for make(1) under FreeBSD makes mention of
obj it doesn't exactly describe this behavior. Sigh.
“I use Google … ”
Wow, lots happened today.
Anyway, I amble over to my roommate Rob's room to ask him something and see he's using GeoFind, a meta search engine I had worked on. We had the following exchange:
- ROB:
- Oh good, [GeoFind]'s working.
- ME:
- Why are you using [GeoFind]?
- ROB:
- Why not? I always use it for my searches as it usually finds what I'm looking for. Why? Don't you use it?
- ME:
- No, I use Google.
- BOTH:
- [Both start laughing at the situation]
I suppose it's a bad sign when even I don't use something I wrote anymore, but that's because there's no real insentive for me to work on GeoFind. I don't own the code (so I can't release it) and the company that currently owns it isn't doing anything with it right now and the search engines have changed how they work (for the most part) so it pretty much fell into disuse.
Besides, when I first started writing the program there weren't that many metasearch engines around (this was in 1996) but now … there are dozens if not hundreds.
They're not hard to write.
Being John Malkovich's Production Assistant
“Come to think of it, this whole PA thing is going to get in the way of my upcoming Mexico pharmaceutical foraging adventure. Why, I've been stretching my anal cavity for weeks! What a waste.”
So, I guess that's what it's like being John Malkovich's Production Assistant.
Tuesday, June 06, 2000
A Land Line is still superior to that wireless crap
While the phone system doesn't suck, most phones do.
My phone is an older phone, probably made during the mid 80s (around the time of the AT&T breakup—it has “BELL SYSTEM PROPERTY” stamped on the bottom) and the thing is rock solid. I've dropped the phone from desk hight plenty of times and it still looks new (if a bit yellowed).
Yet I'm talking on the phone with someone using a piece of crap and it sounds like it. Must be one of those cordless phones be cause the voice quality of the person I'm talking to is staticy and muddled and half way through the conversation the connection is lost.
And people put up with this.
He still hasn't called back, probably not aware that I've been disconnected. I can imagine him, shouting over the static, “Hello? Hello? Are you still there?”
“If you can't force it, source it!”
It seems that that latest version of sendmail doesn't like executing
programs from /etc/aliases except if it's majordomo.
I'm helping my roommate Rob install some mailing list
software. I use something other than majordomo which works for me
and is rather simple to configure and use.
Only he's running Sendmail 8.9.3 and when we put the appropriate magic in
/etc/aliases I keep getting back:
sh: mailserv not available for sendmail programs 554 "|/home/mailserv/bin/mailserv nnnnnnn-l request"... Service unavailable
Which is new to me.
So I'm downloading the source code to Sendmail to see why it's failing.
Wednesday, June 07, 2000
“Ouch. Ouch. Ouch.”
I'm watching the Discovery Channel and I see these new commercials they have advertising themselves (and their website). They're great! Cheesy costumes, bad acting and non-existant special effects. I really found the one with the meteorite one very funny.
- 1ST METEORITE:
- [monotone voice] I learned that most meteorites burn up in the Earth's atmosphere. [All burst into flames]
- 2ND METEORITE:
- [also monotone voice] Ah. Atmosphere. Ah.
- 1ST METEORITE:
- Ah. Atmosphere.
Very funny stuff.
Electric Network
Reading the Slashdot thread on networking via electrical outlets there was mention of the Intelogis PassPort Powerline Adaptor which allows data transfer over existing electrical wiring and apparently available at CompUSA and other like stores. It's a bit late to head over to CompUSA, but tomarrow I'll see if I can pick it up if it's cheap enough. At 300kbps it won't be fast, but it's fast enough for what I want to use it for.
Thursday, June 08, 2000
The Persistant FAX
Ring.
Is that the alarm clock? I thought.
Ring.
Oh, it's the phone. Still half alseep I reached over and answered the phone. “Hello?”
Beep.
Beep.
Beep. Great, I thought. Someone dialed the wrong number and I'm talking to a fax machine. I hung up and went back to sleep.
A few minutes later. Ring.
Ring.
I pick up the phone. “Hello?”
Beep.
Beep.
I hung up again. Went back to sleep. A few minutes later.
Ring.
Ring.
I answer the phone.
Beep.
Beep.
I hung up.
Three more times that happened. Three! Almost made me wish I had a fax machine just to accept the fax, then fax back “WRONG NUMBER!”
The Electric Network, II
I went to CompUSA and picked up a few Intelogis PassPort units. The package included two PC units and a printer unit and the price wasn't all that bad. I was able to install the Linux drivers for the PassPort on the laptop easily enough, as the Linux kernel was compiled to support modules (because of the PCMCIA support).
Try to install the modules on the primary system here. Oops, I don't have module support in the kernel.
Recompile recompile recompile lilo reboot.
Try to install the modules on the primary system here. Oops, seems I included the parallel port driver in the kernel and that's grabbing the port. Need to remove that driver.
Recompile recompile recompile. That's where I'm at right now.
Compile Compile Compile
Now, while I'm waiting for the Linux kernel to finish compiling, I might as well review the Intelogis PassPort. Well, at least what I've worked with so far.
The package I picked up included three units—two for PCs and one for a printer. It included two cables for the PC connections and two power strips. I found the included power strips to be rather odd because you can't plug the units into the power strips, or any power strips for that matter. And I already have power strips and UPSes. Oh well.
Ah! Compile is done. Time for another test …
The Electric Network is Online
Well, it worked! Not bad at all. The only thing left to do is figure out some routing issues so I can access the outside world from the far end of the Intelogis PassPort network. And possibly move the connection from my primary machine to a secondary machine.
Oh, and rewrite the Computer Room again to resolve the Power Outlet Shortage. That's the only bad thing about the PassPort—you can't plug it into a power strip.
Or at least it recommends against doing that.
Monday, June 12, 2000
Better living through chemistry
I am a chemical and sleeping wreck right now.
Friday night (like around 11:30 pm or there abouts) my friend Greg calls. He's still at work but he wants to know if I want to head on over for a night of Quake. Sure. I head on over there.
So it's Greg, Marty and myself. 7:30 am Saturday we leave Greg's office and head to Denny's for breakfast. I'm in bed by 10 am. So therefore my sleeping schedule has been shot to hell and back.
I get up in time to meet some friends for dinner, then I get with some other friends later in the evening and I manage to get to bed around 6:00 am Sunday.
I barely manage to get up for the weekly Sunday gaming session and to help stay away, I drink a bottle of Bawls Soda. So now I'm doped up on caffeine. The Coke, Pepsi, iced tea, Oreo Double Stuffs, Tootsie rolls and other assorted junk food at the gaming session didn't help either.
By 5:00 pm I'm buzzing.
By 9:00 pm I can feel the crash coming on.
At “dinner” (at a local IHOP) I had toast and lots of water.
By 2:00 am Monday I've crashed.
Which is good, since I have a 1:00 pm meeting with a client.
Which I barely make.
The alarm clock goes off and I'm just dead. It takes me nearly an hour to get somewhat functional and off to the client's office.
By 4:00 pm (I'm home by now) I crash again. For three and a half hours.
I get up, still sluggish and get dinner with my roomate, Rob. I feel wierd. I want to sleep, yet my body feels like it could run a couple of marathons and still compete in the Iron Man Triathalon. I'm still buzzing. And tired.
Bzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz!
Tuesday, June 13, 2000
What a strange attack this is …
Watching monnet again I see some odd activity coming from an IP
address. Random TCP packets with the Reset bit set to random TCP ports on
my primary machine. I try to trace back the connection and it goes nowhere,
so the source address seems to be forged.
I might have to talk to my upstream provider on what to do.
New net-based attack?
In looking closer at the forged TCP packets I'm getting, I'm
wondering if this is some very subtle attack going on.
The sequence I'm seeing is a TCP packet from the forged address
with the FINISH flag set. My system then tries to repond to the
packet (why? It's not a valid connection to begin with) but the data it
sends back contains garbage from previous IP packets, not
neccessarily just other TCP packets.
Now, could it be that somewhere along the path some host's NIC is in
promiscuous mode and can read the packets, and with a long enough sample of
data, might be able to determine information from the partial garbage
packets sent back? For instance, I'm seeing my system send back garbage
packets with part of my SNMP community string.
Monday, June 19, 2000
… and other things
Sorry for the lack of entries recently, but the past week I've been busy with installing software, installing servers, writing documentation and other things.
A Network Black Box
Just saw a program on the Discovery Channel about black boxes on airplanes. Cool stuff, even if the re-enactments were a bit gut renching.
But I started thinking about what it would take to construct a black box for a network. With large fast drives it might be possible to record packets for a network and store them for a period of time. The airline black boxes only record the previous two hours worth of material, continuously overwriting the older material.
The largest ethernet frame is 1514 bytes, so let's round that up to 2K to make it easy to record to disk. Twenty gig drives are pretty common now and fairly cheap. Well, doing the math shows that we can record 10.5 million packets to a 20G drive (using 2K per packet).
So I checked some stats at Atlantic Internet, my current ISP. I checked the primary ethernet network interface and it's currently averaging 6400 packets a second.
The math shows I can store about 27 minutes worth of traffic per 20 gigs.
That's pretty sobering. Ouch.
Monday, June 26, 2000
A Lick of Flames
Kelly, Koecher and I were at Mark's for a small BBQ. We were lighting the coals and they kept going out. We poured quite a bit of lighter fluid and I was lighting the matches to light the fire.
So I toss in the match when it ignited. The flames blew out, knocking me over, and even Koecher, standing behind me, felt it.
No one was hurt, but I did feel the heat across my face.
Oh, and the food was good.
