Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Previous Page

Pre-Ordered OpenBSD 5.6

September 30th, 2014

I have pre-ordered this from OpenBSDStore.COM, which is the old openbsdeurope.com website. Had some problems manouvering through their site at first but after an email and assurances that everything was alright from them, I managed to do my pre-order. Looking forward to having the three disks of freedom in my hands!


Two TCP traceroutes

September 30th, 2014

I have written two programs that do a tcp traceroute to a remote IP. I plan on finding the culprit at DTAG that gives me packet loss to my openbsd laptop from the host io.solarscale.de. I wrote on it most of yesterday and got it working somehow. Here is the source code for the server traceroute and here is the source code for the client traceroute. The server gets connected upon with telnet and it will spit back some data while tracing on its side (it doesn't fork), the client will connect to the echo port or discard port which ever one it finds first and will do a traceroute. Here a small demonstration of how the server tcp traceroute works:

root@galileo:/home/pjp/mytcptraced # ./mytcptraced
now sending from port 88 to port 55233, sending a few lines of test
sending testline 0 length 4
now starting the trace...
1           1292    1304
2        442     514
3       527     610
4        5129    5136
5         5223    5230
6           6095    6103
7       12422   13179
8       11944   12671
9       14382   14854

What's so cool about this is that it unearths routers behind NAT, as seen with the last hop. This is my home address at m-net. Unfortunately it can't unearth the RFC 1918 addresses due to some pretty good NAT on ICMP timex messages, but knowing that this network goes deep is interesting too. Anyhow enjoy the code, and play if you wish.


Wildcarddnsd Linux now relies on LibreSSL

September 28th, 2014

I have made wildcarddnsd's linux port rely on LibreSSL. This was not easy because libressl does not exist in ubuntu or raspbian (the flavours I use). So what I did was make it rely on libressl 2.0.5, and it extracts .o files from the .a archive with ar, for functions that it needs. This seems to go well. Just costs a bit of compile time. Roughly one hour on raspberry pi to compile libressl 2.0.5.

I also checked all architectures except NetBSD whether they compile so that I can release wildcarddnsd 0.9.0 in mid-November, as I don't know if I'll have much time in October to work on it.


Donated $5 to FreeBSD Foundation

September 24th, 2014

I was feeling a bit down and wanted to spend money. But not too much money either. Five dollars isn't gonna kill me. So I donated it to the FreeBSD foundation. Go Open Source!


OpenBSD blocked at the routers?

September 22th, 2014

When I spend my weekends at my parents I usually do all network things as usual on my netbook. Just that my parents have a different provider (DTAG or aka Deutsche Telekom). Here is a traceroute from my parents house to my VPS io.solarscale.de:

                                       Packets               Pings              
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev 
 1. fritz.box                         0.0%    28    7.5   7.5   6.1   8.5   0.3 
 2.                      3.7%    27   60.0  56.3  53.1  70.1   3.3 
 3.                       0.0%    27   57.5  58.2  51.7  73.2   3.9 
 4. f-ed4-i.F.DE.NET.DTAG.DE          0.0%    27   60.9  63.2  58.2  77.5   5.1 
 5.                     3.7%    27   61.0  60.1  57.3  62.1   1.0 
 6. core4.hetzner.de                  7.4%    27   61.0  60.6  58.0  64.3   1.2 
 7. core21.hetzner.de                 3.8%    27   64.6  65.6  61.6  79.8   3.3 
 8. juniper3.rz10.hetzner.de          0.0%    27   67.9  66.1  61.1  76.7   3.2 
 9. hos-tr1.ms-ex3k1.rz13.hetzner.de  7.4%    27   66.4  66.3  63.2  73.1   1.7 
10. io.solarscale.de                  0.0%    27   64.9  64.7  61.9  67.6   1.1 

The return route looks like this:

traceroute to (, 64 hops max, 52 byte packets
 1  static. (  0.914 ms  1.288 ms  0.909 ms
 2  hos-tr2.juniper3.rz10.hetzner.de (  0.319 ms  0.372 ms  0.291 ms
 3  core22.hetzner.de (  0.337 ms  0.334 ms
    core21.hetzner.de (  0.333 ms
 4  core4.hetzner.de (  4.976 ms  4.952 ms  4.961 ms
 5  juniper4.ffm.hetzner.de (  5.054 ms  5.036 ms  5.034 ms
 6 (  5.098 ms (  5.102 ms  5.059 ms
 7  f-sb1-i.F.DE.NET.DTAG.DE (  11.048 ms  13.225 ms  11.980 ms
 8  wue-ea1-i.WUE.DE.NET.DTAG.DE (  12.899 ms  12.667 ms  13.767 ms
 9  wue-sc2-i.WUE.DE.NET.DTAG.DE (  11.224 ms (  11.609 ms  11.867 ms
10  p54AAACEF.dip0.t-ipconnect.de (  56.456 ms !X  56.265 ms 

Now then I connected an SSH and ran tmux. Switching windows causes larger SSH packets and I noticed that they get re-transmitted, when dumping on the outgoing interface on io.solarscale.de (re0). Here is what they look like:

Notice on packets #378 through #388 there is three retransmissions of a 966 byte length packet. This was captured on io.solarscale.de. On #390 which was captured on fritz!box's interface it's sent out to the netbook in question. The fritz!box does not receive the three retransmissions on it's PPPoE interface as the next screenshot shows of it's PPPoE packet dump:

Notice on packet #175 the 984 byte length packet arrives. Why is it 8 bytes larger? Because of the nature of PPPoE. Notice in the #175 vicinity no retransmissions make it to the PPPoE interface. From this I can deduct that it is not the Fritz!Box router.

Now then. It gets worse. A Linux box on my parents' LAN has absolutely no problems with SSH on io.solarscale.de. It only affects my OpenBSD netbook.

Could there be something such as a TCP OS Fingerprinting firewall that uses discrimination against OpenBSD TCP stacks? It would need to be done on a flow basis if such a thing exists.

This is really annoying me as I'm inviting laughs and denial that anything is wrong.


Equinox in three days

September 20th, 2014

Equinox is in three days! At equinox the earth is exactly perpendicular if you were to draw a cross, with lines between the north and the south pole, and the equator and the sun. After equinox as this is the southward equinox favouring the direction of the tropic of capricorn, the northern hemisphere will fall into autumn, and countries north of the equator will have longer nights than days. The sun at high noon will continue to dip everyday as it has been since the June solstice, until the December solstice at which point it will start to rise again. Isn't the earth wonderful? I love this!


Purchased some Reggae

September 17th, 2014

I have purchased the downtown riddim from itunes. A long favourite of mine on youtube, I finally have it on my ipod now.


The Enforcers of the Internet?

September 12th, 2014

Some government body in Bavaria is writing warnings and threats to Internet companies that don't use STARTTLS in their mail servers. I don't think it's right to threaten Internet operators with fines when they don't encrypt. Instead they should give Incentives to Internet companies to start encrypting. Pretend you run your own mail server that doesn't have crypto built in... I think this is the wrong methods the state is using just to "protect" its citizens.


Moon finally gone

September 10th, 2014

The VPS in Hong Kong is gone. Here is the last message I saw from it.

You have new mail in /var/mail/pjp
[pjp@76er ~]$ Write failed: Broken pipe
that was from 76er.virgostar.net one of its jails.

I'd like to thank the people of Hong Kong, the city of Hong Kong, NTT and Host Virtual (vr.org) for making this VPS possible for me for 20 dollars a month. Hong Kong has good infrastructure IMO, especially near the HKIX internet exchange, although I can only guess about it really. It was my pleasure staying there for 2 years. As they would say in france, a bientot!

I'll now remove the mentions of moon.virgostar.net from my DNS.


Venus (computer) has 4 more interfaces

September 7th, 2014

This morning my dad and I transplanted my Soekris 6501 (aka venus) from its small case to a 19" rackmount case and added a lan1841 to it. It now has 8 gigabit interfaces. When I return home I'll have some time to configure the new ports and add my rpi to it. Giving me 3 open ports in the hallway and 2 open ports in my office (by taking the rpi out). I'm very happy.


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS