Centroid.EU Blog

(this blog is mostly encrypted - adults only)

40 Years of UNIX

August 20th, 2009

This was in the BBC. Happy Anniversary UNIX!

0 comments

I'm a freak for numbers and I recently came across this website: www.ipspotting.com. It rates your IP number through a CGI. My host proteus.solarscale.de got a score of 35 which was half interesting for it, my other static IP got a score of 23 and that wasn't so interesting, even though it had a prime number in the dotted quad. Check it out sometime.

0 comments

Random Hackepedia

August 14th, 2009

X is the X Window System as designed by Project Athena at MIT. It is a graphical user environment that allows cursor movement over windows as displayed on the monitor...

To read more about this hackepedia entry a go here.

0 comments

Random Hackepedia

August 7th, 2009

Hubs are devices that connect other devices together over a network. They are inherently a "broadcast" device, in that all devices see all traffic that passes through the hub, even if they are neither the sender nor receiver of the traffic....

To read more about Hubs go here.

0 comments

The stolen bytes

July 30th, 2009

According to my weblogs I was getting downloads from some IP addresses on the order of 80 GB a month. I found that hard to believe because my VPS provider charges shows that I only use about 50 MB a day when I'm not running natally.

To show you I have gathered the bytes from the "common" apache log for the highest downloader:

pjp@proteus:/usr/local/apache2/logs> zcat access_log.1.gz | grep Jul | \
grep 61.xxx.xxx.xx | awk '{ total += $NF } END { printf("total: %s\n", total);}'
total: 8432326849

So then I decided to do what he does, I make a HTTP 1.0 connection and download a large mp3, then I interrupt the download, and in the logs it says I have downloaded the entire file which is bogus:

212.xxx.xxx.xxx - - [30/Jul/2009:19:50:08 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370
212.xxx.xxx.xxx - - [30/Jul/2009:19:51:59 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370
212.xxx.xxx.xxx - - [30/Jul/2009:20:18:01 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370

Everytime I interupted the download and everytime it said I downloaded 71 MB. This adds up, and I'm thinking if I had a webhoster that charges the traffic from the apache log files then there is a big problem as people may get overcharged traffic wise. The best thing to do is to get traffic logged at the router (by means of access lists perhaps) and not the apache log files.

Another thing I did was make sure that there is no transparent proxy anywhere and so on the last download I packet dumped the session:

proteus:~ # tcpdump -v -n -r apache.out -l | wc -l
reading from file apache.out, link-type LINUX_SLL (Linux cooked)
167

167 packets were logged and at an MTU of 1500 it doesn't get near the 71MB of the file, so the session isn't cheating me by buffering in between.

The nicest thing would be to patch this in apache.

0 comments

The stolen bytes (part 2)

July 30th, 2009

I've switched my webserver to lighttpd. The license seemed right, the coding style seemed fair, a lighter httpd is all we need. I checked the problem with the chinese log fakers (I whoised the IP) and it doesn't happen. The logs now properly tell that they are only downloading about 46K bytes instead of 70 MB. If it were all so simple as this.

Update: more comes to light. I noticed that the downloads come at a certain frequency and get stopped mostly at 40K or so. It's possible that the chinese firewall is stopping my RFC's that I recorded which are in the public section of this website. I used a testing website from shanghai to test and there definitely is a time-out when trying to access my .mp3's. Here is the website and the picture I made follows (so you don't have to try it out wasting bytes):

Update 2: I was able to get a packet dump of one host trying to download the mp3's from me and it's apparent that the great firewall of china cuts it off. Here it is. You'll see at the end there is 10 RST's, normally a host only does 1 RST to end a connection and that's it. I've heard about the firewall in china doing it exactly this way too. The clues just keep on coming in.

0 comments

TCP Wrappers to protect ssh

July 23rd, 2009

In the last few days there was a rumour of an openssh exploit, and also a worm that would spread from openssh'ed computers. One thing I did was change the default port so that an automated worm going to port 22 would go nowhere. I also applied TCP wrappers to my hosts, I'll give you an example of a host I use only for IPv6.

$ more /etc/hosts.allow
sshd : [2001:a60:f074::]/48

$ more /etc/hosts.deny
sshd : ALL
$

The host in question was a FreeBSD host and they require those weird square brackets with the prefix behind. An OpenBSD host doesn't require these square brackets.

What the rules do is they allow my IPv6 subnet to connect via SSH and deny the rest.

0 comments

40 Years ago (Apollo)

July 22nd, 2009

The first man in orbit was Yuri Gagarin and that was in 1961. Eight years later we had the first man on the moon. That tells you that it's not all too hard to get to the moon considering 30 years of development since the V2 rocket that Wernher von Braun designed in world war 2. The Chinese have a space program and even put people into orbit before. Whether they can land a man on the moon in 8 years remains to be seen. But it's not impossible.

0 comments

Random Hackepedia

July 17th, 2009

Distributed Denial of Service (see DoS). A distributed denial of service is many computers on the Internet coordinating a Denial of Service attack (DoS) against a single host, network or network infrastructure....

To read more about DDos go here.

0 comments

Removed link

July 13th, 2009

In a commit Theo de Raadt points out that OpenBSD does not link to sites filled with hatred. I am following suit by removing this link from the SolarScale blog. I don't exactly know what the offending message was but I have some idea of it.

0 comments