Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Previous Page

One router too many? The add-up.

May 7th, 2016

I have a unique home network. This is why I react allergic to people who want to force a router on me. Another device? And all the topological changes I have to do to my network! Here is a rundown of my devices:

  1. hallway - dumb ADSL bridge modem
  2. hallway - APU router
  3. hallway - NUC Core i3
  4. hallway - ASUS 5 GHz AP
  5. hallway - raspberry pi guest access point
  6. office - Lanner router
  7. office - computer 1
  8. office - macintosh mini (computer 2)
  9. office - house phone
  10. office - work phone
  11. office - fritz repeater
  12. livingroom - fritz repeater
  13. livingroom - soekris router
  14. livingroom - samsung tv
  15. livingroom - apple tv
  16. livingroom - fritzbox lte router
  17. livingroom - freifunk router
Now you may think that some of these can be consolidated into less devices but there is a problem. I need a firewall between play and work for one, that's the lanner router. It seperates the office from the rest of the networks. Where a lot of people who just have a network behind a fritzbox, my network goes deep. I think 3-4 hops deep between opposite points. I count on routing and not switching. Also re-routing it all through the hallway to the lte router requires one script on the APU to be run, which sets new routes out the fritzbox lte router. Highly complex! I solved this with a vxlan(4) which is layer 2 ethernet over layer 4 UDP. There is a bit of fragmentation in the wlan because of it but that's on the main wlan.

Now it goes on to say that without an OS such as OpenBSD I couldn't even do these network tricks such as vxlan, gif tunnel, ipsec over wlan to protect phone traffic from the already encrypted wifi. Since wlan is breakable with effort an ike'd ipsec will keep prying eyes out at first.

Since the computers sleep when I'm away or sleeping there is a bit of vampire power flowing to keep the RAM in S4 state. But the routers stay on 24/7. The most these consume I think is 20 watts, which will hopefully be halfed in 4 years when I'll be looking for replacements. In 2020 the Lanner for example will be 10 years old and will be retired.

I'm very happy about my network I have. But adding another fritzbox for example would ruin the entire setup. This is why I hate what we germans call "zwangsrouter" and I look sceptically at proposals to get routers certified. How will this help me at all, when most consumer routers are trash to begin with, security wise or functionality wise? Thanks for reading.


RPI Guest AP done, but not for 2.4 GHz

May 7th, 2016

Well the idea below I turned it around and it works. The AP is supposed to reboot at 4AM with a new password for the WIFI. However, the 2.4 GHz spectrum is used too much around here. So I'm steering clear of it all and using the 5 GHz spectrum, but for that I had to order a new wifi dongle. It'll be here by wednesday next week. What a neat project. Thanks Heise.de!


Not passing down my RPI after all

May 5th, 2016

I was going to hand down my RPI to someone as told on this website but noone was interested. So I'M going to make a guest Wifi AP out of it. The idea I got here. I have an external display for the RPI after all so it can display a QR code for the guest WIFI on a daily or semi-daily basis. I had never thought of this but it's so brilliant. I'll be testing it with my ipod which does have QR scanner afaik. The AP will reside beside my other AP and be plugged into it. I'll probably VLAN it though to the router which will firewall it away from the rest of my network. It truely will be a guest access point. Brilliant!


My dreamworld

May 3rd, 2016

When I dream at nights I think of the weirdest things, here is what I dream about occasionally:

  1. kiwi's - In my language in my dreams a kiwi is a green laser. These usually scare the hell out of me, for reasons unknown.
  2. escape - In my dreams I'm often trapped and what appears to be a mental institution. I often find myself escaping.
  3. masks - masks such as those worn in Shakespeare's Romeo and Juliet sometimes hide the identity of my counterparts in dreams.
  4. Computers - computers are a part in my dream but not always, subways, streets, and institutional buildings, military facilities as well.
  5. counting - I often miss an exit often I take the second chance to exit.
  6. vampires - I'm often a vampire in my dreams, but with fears, anxiety and I can't fly, I sort of float down.
  7. presidents - george w. bush often appeared in my dreams, angela merkel and barack obama not so much.
  8. deja vous - I sometimes redream going to a place which later makes me unsure if I went once or twice to that place.
  9. sex - sometimes I dream of a pretty blonde, very seldom


Blog's birthday

May 2nd, 2016

In 5 days is the 7th anniversary of this blog. Here is the first article I wrote as far as I can tell. If you've been reading my blog for a considerable time, I thank you. It's nice to be interesting. Or maybe you are just stopping by and found something you like? To be honest I think the mood of the blog changed a few times, at one time I wrote both german and english into it. I have settled on just english. This suits the EU readers of this blog more since english is the #1 EU language for ESL speakers. I also reported on changes to delphinusdnsd a lot, if you were following that perhaps you found what you were looking for.


Considering an SSD upgrade

May 2nd, 2016

I have had SSD's for close to 6 years now. One of the earliest occurences of me mentioning SSD's was here. I think it's time to upgrade my capacity on 3 computers with SSD and get appropriate hd backup storage. I'm thinking of replacing the 40 and 80 GB SSD's in my routers to 256 GB models. The main workstation that I use.. beta.virgostar.net, would get a 1 TB SSD and a 4 TB harddrive external backup drive. We're looking at about 500 euros in upgrades. Still considering it.


13,500 positions in the German Cyber Army

May 1st, 2016

The german bundeswehr is recruiting hacker talent. While this is a staggering high number I don't think it's enough and the approach is wrong. If you look at security, it is a chain. From the smartest to the dumbest person. If someone can break through the defenses at the weakest link, the entire chain collapses. That's why I think hiring talent like is done commercially will not work. Geeks and cyber enthusiasts work different on many levels. For one, there is no hierarchy everyone is equal to start. People are judged by their smarts and abilities not by their rank they might have gotten by looking pretty. So hacker culture and military hierarchy will clash. It won't work. Pretend they want to make it the best system on earth.

Pretend they want to build an OS that is secure for the military but they want to keep windows systems as before. That is what I call a condom solution, and condoms break. Ie. a firewall is a condom solution if it is designed to protect the network traffic of a weak windows system. Let me give you an example how that looks like in a wolf vs. the three pigs scenario. The wolf will be stopped by a firewall which is made of brick and the pigs are in a straw hut behind the firewall. If they happen to create a socket out to the big bad wolfland the chances that they are going to be compromised are high. So while the firewall sits there unknowingly the fire has burned down the pigs hut. That's what will happen. Pretend they replace all windows with this new military OS, chances are that the dumbest soldier will fall victim to outside elements.

It's like the enigma machine of world war 2. Soldiers back then had no clue how it worked, they blindly followed orders to use it. And they didn't second-guess it. They should have. I'm saying this not because I have nazi sentiments or that I wanted ww2 to last four years longer than it would have if the enigma was not used, but I'm saying this because I draw lessons out of history. What really needs to happen, if a nation is serious about cyber warfare, is that the entire army needs to be groomed around smarts, not muscles. But preferably both. A cyber culture needs to take over in the military, and decisions must come from the smartest in order to continue. In many cases the Internet is the weakest link in terms of keeping secrets. A smart army does not engage the Internet without having the right defensive mechanisms in place to thwart off an undermining from the Internet. The foes of a military on the Internet can't be categorized. For all we know they could be extraterrestrial aliens even, it's not impossible.

So where do I fit in to say these words? I never participated in cyber warfare. But I studied some weapons of cyber warfare. Code words such as smurf, fraggle, pepsi, land, teardrop are not foreign to me, although they date back to the 1990's. And in some regard the Internet hasn't changed much since the 1990's. I'm very careful with these tools, in fact if I ever had to actively use their concepts I would build my own tools as I distrusted the exploits posted to bugtraq (another ancient full disclosure site) one hundred percent. Even with the author of smurf who I was close to I disagreed with his idea of how to spoof an IP packet, but that's irrelevant now.

Now to use these concepts or to defend against them I do hope the military wants to hire 13000 programmers and 500 scripters because what it comes down to is programming and not scripting. It's a battle of the minds, productivity, and I fear the bundeswehr is not ready. We'll see though. Good luck!


Doing a training session this summer

April 22nd, 2016

I have booked a training session in the ruby programming language in august of this year. I'll be learning ruby for 4 days with an instructor. I already know ruby but not solid so I'm going to do this. Plus it's putting my feet in the water to more training that I hope to do. At the same time I'm going to have my vacation then. Looking forward to it.


Stand down! OK.

April 15th, 2016

The world is heading toward a conflict. It's time to stand down. It's time to look back in history and try to understand why people didn't stand down in the 1930's, and then do the the opposite they did. I shouldn't be even saying this but the warning signs are in the red. It's time to stand down.


12 months of Parship

April 13th, 2016

As you may know I'm single. Finding someone nice hasn't been my priority. So I'm trying to change that and find someone nice so I went to parship.de and got a years membership. They aren't cheap by no means. But my train of thought is, if I can find someone perhaps a gf or even a wife it will pay itself off 100x to what I'm paying for this. Years ago I tried other matchmaking services but I hope I have found the right one here. We'll see.


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS