Centroid.EU Blog

(this blog is mostly encrypted - adults only)
  

Previous Page


Random Hackepedia

August 28th, 2009

One major change I've noticed in Solaris 10 is that admintool is gone...

To read more about Solaris 10 go here

0 comments

It's donation time again

August 24th, 2009

A small amount goes to MARC mailing list archive for their superb archiving services, I use MARC regularely.

0 comments

The IPv4 Address Report

August 22nd, 2009

I came across this webpage called the IPv4 Address report. It predicts when we will run out of IPv4 space. At the time of this writing it was 694 days and I noticed over a couple of weeks that this number can grow or shrink as the prediction passes over time.

Running out of IPv4 space is hardly the end of the world. It just means that IPv6 will be a must have rather than a nice-to-have. This blog already is mirrored on ipv6 space at ipv6.solarscale.de . (you can only reach it if you have IPv6 configured).

0 comments

Random Hackepedia

August 21st, 2009

Encryption is the art of obfuscating information so that a third party cannot read its contents...

Read on, here.

0 comments

40 Years of UNIX

August 20th, 2009

This was in the BBC. Happy Anniversary UNIX!

0 comments

Freak for Numbers?

August 14th, 2009

I'm a freak for numbers and I recently came across this website: www.ipspotting.com. It rates your IP number through a CGI. My host proteus.solarscale.de got a score of 35 which was half interesting for it, my other static IP got a score of 23 and that wasn't so interesting, even though it had a prime number in the dotted quad. Check it out sometime.

0 comments

Random Hackepedia

August 14th, 2009

X is the X Window System as designed by Project Athena at MIT. It is a graphical user environment that allows cursor movement over windows as displayed on the monitor...

To read more about this hackepedia entry a go here.

0 comments

Random Hackepedia

August 7th, 2009

Hubs are devices that connect other devices together over a network. They are inherently a "broadcast" device, in that all devices see all traffic that passes through the hub, even if they are neither the sender nor receiver of the traffic....

To read more about Hubs go here.

0 comments

The stolen bytes

July 30th, 2009

According to my weblogs I was getting downloads from some IP addresses on the order of 80 GB a month. I found that hard to believe because my VPS provider charges shows that I only use about 50 MB a day when I'm not running natally.

To show you I have gathered the bytes from the "common" apache log for the highest downloader:

pjp@proteus:/usr/local/apache2/logs> zcat access_log.1.gz | grep Jul | \
grep 61.xxx.xxx.xx | awk '{ total += $NF } END { printf("total: %s\n", total);}'
total: 8432326849

So then I decided to do what he does, I make a HTTP 1.0 connection and download a large mp3, then I interrupt the download, and in the logs it says I have downloaded the entire file which is bogus:

212.xxx.xxx.xxx - - [30/Jul/2009:19:50:08 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370
212.xxx.xxx.xxx - - [30/Jul/2009:19:51:59 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370
212.xxx.xxx.xxx - - [30/Jul/2009:20:18:01 +0200] "GET /public/rfc1122nc.mp3 HTTP/1.0" 200 71848370
Everytime I interupted the download and everytime it said I downloaded 71 MB. This adds up, and I'm thinking if I had a webhoster that charges the traffic from the apache log files then there is a big problem as people may get overcharged traffic wise. The best thing to do is to get traffic logged at the router (by means of access lists perhaps) and not the apache log files.

Another thing I did was make sure that there is no transparent proxy anywhere and so on the last download I packet dumped the session:

proteus:~ # tcpdump -v -n -r apache.out -l | wc -l
reading from file apache.out, link-type LINUX_SLL (Linux cooked)
167
167 packets were logged and at an MTU of 1500 it doesn't get near the 71MB of the file, so the session isn't cheating me by buffering in between.

The nicest thing would be to patch this in apache.

0 comments

The stolen bytes (part 2)

July 30th, 2009

I've switched my webserver to lighttpd. The license seemed right, the coding style seemed fair, a lighter httpd is all we need. I checked the problem with the chinese log fakers (I whoised the IP) and it doesn't happen. The logs now properly tell that they are only downloading about 46K bytes instead of 70 MB. If it were all so simple as this.

Update: more comes to light. I noticed that the downloads come at a certain frequency and get stopped mostly at 40K or so. It's possible that the chinese firewall is stopping my RFC's that I recorded which are in the public section of this website. I used a testing website from shanghai to test and there definitely is a time-out when trying to access my .mp3's. Here is the website and the picture I made follows (so you don't have to try it out wasting bytes):

Update 2: I was able to get a packet dump of one host trying to download the mp3's from me and it's apparent that the great firewall of china cuts it off. Here it is. You'll see at the end there is 10 RST's, normally a host only does 1 RST to end a connection and that's it. I've heard about the firewall in china doing it exactly this way too. The clues just keep on coming in.

0 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS