Centroid.EU Blog

(this blog is mostly encrypted - adults only)
  

Previous Page


Someone is spoofing and it isn't me!

November 18th, 2019

I'm a good boy when it comes to forging source IP addresses. I have been getting these in my logs:

Nov 18 12:16:59 kite delphinusdnsd[90398]: request on descriptor 12 interface \
"5.9.87.75" from 45.144.2.100 (ttl=249, region=1) for "directedat.usa." \
type=ANY(255) class=1, edns0, answering "REFUSED" (43/32) 
Nov 18 12:16:59 kite delphinusdnsd[90398]: UDP connection refused on \
descriptor 12 interface "5.9.87.75" from 45.144.2.100 (ttl=249, region=1) \
ratelimit policy dropping packet              
For one it's an illegal DNS packet. But how do I know it's spoofed? The IP TTL is 249, meaning at the farthest point from me the spoofer started at 255 TTL or (255 - 249 = 6 hops), 6 hops away. He's not coming from the USA, or that IP because when I ping it, it reveals a TTL of 8 hops (64 - 56 = 8 hops).
kite$ ping -c 2 45.144.2.100
PING 45.144.2.100 (45.144.2.100): 56 data bytes
64 bytes from 45.144.2.100: icmp_seq=0 ttl=56 time=45.155 ms
64 bytes from 45.144.2.100: icmp_seq=1 ttl=56 time=42.906 ms

--- 45.144.2.100 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 42.906/44.031/45.155/1.125 ms
kite$ dc 
255 249 - p
6
64 56 - p
8
On top of that my regions indicate the source region is 1 which is ARIN. But 6 hops out is a little bit too close, I don't believe the USA starts within 6 hops from kite, it takes 4 hops alone to get to the border of this network in frankfurt. So to the script kiddie who is using me as a reflection attack, HOW YA FEEL! (smile, it's your 15 min of fame).

0 comments

strlnk is skynet!

November 16th, 2019

                              SpaceX    

                        s t [A] r l [I] n k 
                                 
                                 Y                      
                                                        
                                i s

                            S:K:Y:N:E:T

                              genesys

0 comments

The GoldFlipper Project has ended

November 14th, 2019

The domain goldflipper.de expires in april 2020. This gives half a year of this tiled collage on a 4x4 grid that I did. Check it out here. In three tiles there is the almost original goldflipper from OpenBSD. But I actually drew it off with my wacom tablet. It's not an original image it's drawn off. However I feel I have done enough with goldflipper for the past few years. I'm very proud of this collage and the individual (mostly 900x900 canvas) drawings. Anyhow enjoy.

0 comments

Upgraded this Server

November 13th, 2019

I have upgraded this server to OpenBSD version 6.6. It was mostly uneventful afaik. Only very little things left to do to complete the upgrade.

0 comments

Have a bad cold

November 12th, 2019

Yesterday I might have thought I may have the flu, but it's not that. I just have a bad cold. So...gute besserung to myself. I'm taking it easy.

0 comments

Turned off my Edgerouter 8 (octeon)

November 8th, 2019

The last little while I noticed a high pitched noise when I was sleeping. At first I thought it was a tinnitus but when I changed ends of the bed to sleep it wasn't as apparent. So yesterday I moved all functionality from my ER-8 router to a Unifi security gateway (also octeon). After a good nights sleep I am glad to report that it was the ER-8 and its fans. It is really a router that belongs into a data center or switch closet. However the door was always shut between the router and my bedroom but it was the vibration harmonics of the walls that likely caused this high pitched sound. I now have an ER-8 that I have to disassemble from the hallway cabinet, I also have only 1 router left (uranus see my computers in /private) as a cold-standby replacement router. It seems I may not have to retire all these computers come 2020, as I need them. As for the ER-8 I think I'm keeping it for a time when I may do colocation somewhere (whenever) but it's rather slow and would be only useful for 100 mbit networks.

0 comments

Coding a lot in the last little while

November 6th, 2019

If you haven't seen already I'm quite busy writing at the delphinusdns.org blog. It looks I'm on track for the delphinusdnsd release at new years 2020.

0 comments

Happy Hallowe'en

October 31th, 2019

I got treats this year, but only limited. I'm basing this on last years so hopefully it'll be like last year. HOohooo! I'm not dressing up though.

0 comments

Three days til Brexit, Goodbye UK! - EU

October 28th, 2019

When I returned to the EU from Canada, in 2002, I felt it was nice to have the UK in the European Union. I had actually started thinking of taking a trip to London per rail through the channel tunnel, but then Brexit came and I didn't feel such a need anymore. Too bad. The UK will be more like Canada in that it's a country next to a great Union (UK next to EU, and Canada next to USA), I wondered if this is the English way, when I made that comparison. One can also include Australia next to China but there is a bit of ocean between them. So well...I hope Britain does well and I hope they'll be able to open doors-of-thinking to the EU in terms of a different point of view. At first the UK rejoining the EU is probably not wise, I don't know if there would be retaliations from the EU if that were to happen. Let's be seperated for a bit, what comes next I hope will be positive. Goodbye UK - European Union Citizen.

0 comments

Caught in Holger's trap, patch produced

October 24th, 2019

I upgraded my octeon NAT router even though I knew someone was getting a panic condition. That was monday. What ensued was a 2 day mad hacking event to produce a patch. It was a guy named Holger that first reported the trap 2 upon a pppoe connect. This affects only octeon architecture in OpenBSD. My patch works but is probably not the fix that OpenBSD is looking for. Miod produced a patch but it didn't fix the trap condition. So this is what kept me on my toes in the last little while. It's awesome I have a patch to fall back on, and I made it!

0 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS