Category Archives: Network Management

I was a Zombie for a short while!

Posted on by
Reply

This is a good article to read to understand what is out there on the
Internet right now … a whole lot of Zombies!  For those of you
that do not know what a zombie is, it is a computer that has been
compromised … hijacked … infected … taken over.  In most
cases, this has been done without the owner of the computer even
noticing.  In fact … the people who are responsible for creating
these zombies do not want the owners to know, and in most cases do not
want to harm the owner or their data!

Zombie’d computers are platforms for launching a wide range of attacks
on other computers on the Internet.  They simply have some little
software processes that are running in the background … most of the
time unnoticed.  This software is like a virus, but not to impact
the machine it is running on, but instead to allow a malicious user to
use it to launch various types of attacks on other computers or web
sites.

I have read numerous article that talk about large numbers of zombies
being used to attack gambling sites on the Internet … to shut them
down and extort large sums of money from them.

What is interesting is my experience last week … I set up a new
computer and plugged it into my Internet connection.  It was only
booted for less than 30 minutes … and I was downloading the various
security patches and updates … when I noticed a lot of network
activity.  After checking my new system, I found three unknown
processes running … and also found that it had hundreds of
connections to other computers all over the planet!  In just a
short amount of time on the Internet, my brand new workstation had
become a zombie!  I thought about what to do, and ended up
reformatting the hard disk and starting over … no idea what else
might have been compromised on the machine.

Over a Million Zombie PCs [Slashdot:]

Slashdot slashdotted by eTech

Posted on by
Reply

When
I was reading my aggregator the last day of eTech, I found these
posts in my page of new articles.  I started to wonder “How the
heck is my aggregator
going crazy?  What is going on here?  I’m not doing this!”
… and then I realized what was up.  At eTech, all of the
attendees were on the wireless network behind a NAT.  To Slashdot,
it must have looked like a lot of requests for their RSS feed from the
same address.  Slashdot thought this was all traffic coming from a
single user … and so they pitched the error messages out.

It’s funny to see yet another way in which technology confuses
technology.  I’m not sure how this was solved … someone must
have contacted Slashdot to let them know.  To Slashdot, they only
saw the one “identity” and assumed that it was a single user hammering
their servers.  Yet another case where some sort of solution could
be developed to encode identity into the RSS request.

Funny …

Fedora Core 1 upgrades and Sendmail

Posted on by
Reply

I have slowly been upgrading all of my old RedHat boxes to Fedora Core
1.  I know that this is even old, however this is a tested
configuration for what we wanted to do on our wireless network
infrastructure, and there are some known problems with moving to the
v2.6.x Linux kernel.  I don’t want to deal with those yet.

I have now done three upgrades, using the anaconda installer that comes
with Fedora Core, and I have to say that I am impressed.  It just
works.  Except for Sendmail.  In each install that I have
done, sendmail just stops working, and begins to emit useless errors
into the log … or at least they are useless to me.  On this
latest upgrade, I have spent hours of time debugging the installation
over the last two or three weeks.

Today I was able to find a simple solution to debugging these
issues.  I’m not sure why I didn’t think of this before.  I
simply used “rpm” to erase/uninstall sendmail … and then used
“up2date”  to install it again.  Jackpot!  Sendmail is
now working on this newly upgraded server.  I’m not going to
forget this “solution.”

Wow … it’s almost like rebooting Windows!

Mesh Network Experimentation Grows

Posted on by
Reply

This announcement is yet another team of people who are capitalizing on
the continuing evolution of wireless hardware and software
capabilities. This team has created an almost “turn-key” solution
for creating wireless mesh networking nodes from inexpensive, and
possibly even older used, computer equipment. They claim to have
completely automated the configuration of the mesh … that is a big
deal. Expect to see more and more of this …

CUWiN Goes Public with Open-Source Mesh System.
The Champaign-Urbana Community Wireless Network (CUWiN) released the
fruit of their efforts at the end of the week: The project is an
open-source effort to provide mesh networking with no center. The
system is self configuring among nodes which need no non-volatile or
permanent storage. To set up a CUWiN network, you burn a CD with the
0.5.5 software later this week and use it to boot a computer with a
support wireless card. The system finds nearby nodes, creates tables,
and establishes itself as part of the network. The software is free and
open source. The full press release is after the jump…. [Wi-Fi Networking News]

More dynamic collage applications

Posted on by
Reply

My friend Todd Dailey just sent me a link to more applications similar to 10×10.
I have to warn that this one is very cool, however there are sometimes
images with nudity that some people would find offensive. It’s
not that it is designed to include these images … it’s just designed
not to discriminate.

As long as you are ok with a wide range of possible images, then you can go and look at WebCollage … an application developed by Jamie Zawinski.
Unlike 10×10 where the images are grabbed from news services,
WebCollage grabs images by doing random searches on various search
engines, and then finding the images on the resulting pages.
These images are then combined into a collage that updates about once a
minute.

Unlike visual collages, there are also the written collages … like DadaDodo. This project is creating text based on other text, in a format that is designed to “Exterminate All Rational Thought”. To see a sample you can click here.
I see this as a variation, at a lower level, to the concepts of
“multidisciplinary exposure” … something alluded to in the recent
book Medici Effect – Breakthrough Insights at the Intersection of Ideas, Concepts, and
Cultures.

Lastly, Jamie also refers to DriftNet … something I really want to install and play with! A version of EtherPeg for UNIX/Linux.

It’s not just Bluetooth …

Posted on by
Reply

I have been reviewing Kim’s posts about the issues with Bluetooth and privacy/private identity. I have been meaning to comment about the fact “It’s not just Bluetooth!”

My deep networking experience from my time at Novell taught me a lot
about the inner workings of networking hardware and protocols.
Anyone familiar with how networks work knows that the first ‘key’ to
communications on Ethernet (actually any of the IEEE 802 standard
networks) is the MAC address. MAC addresses are assigned to every
networking adapter … and they are globally unique by default.
Each vendor who is manufacturing networking hardware is assigned a 3-octet IEEE assigned Organizationally Unique Identifier (OUI).
This OUI is then used by that vendor as the first 6 hex digits of every
networking adapter that they create. During manufacturing, most
vendors then simply tack on 3 more octets (6 more hex digits) and
increment the value for each board or device they manufacture.
What you end up with is a 12 hex digit number that is globally unique –
the first 6 identify the manufacturer, and the second 6 identify the
unique adapter.

You can actually go and search the OUI database here. A sample of this would be to search for ‘00022d’
– the first 6 digits from my Orinoco wireless card. The point is
… these MAC addresses are globally unique and can identify your
specific machine.

Now, one of my other occupations is being the founder of a wireless
Internet company. We operate a series of Internet Cafes, and also
offer some residential wireless. Using MAC addresses, we are able
to determine how many repeat customers we have. This MAC address
is what is used at the lowest levels of networking to obtain an IP
address. When you use DHCP, you are assigned an IP address that
is then associated with your MAC address. All DHCP servers
remember your MAC address to renew your DHCP lease.

Wireless is really where this becomes an issue with identity.
When you turn on your 802.11a/b/g wireless, you are now exposing
yourself to be tracked via the MAC address of your wireless card.
Now for those of you paying attention, you would realize that this goes
for wired Ethernet as well … when you plug into any Ethernet network,
you are leaving traces of your visit. In our wireless network, we
could easily have a script that would notify us of any particular MAC
address when it was detected at any of our Internet access
locations. In the case of 802.11 wireless, you don’t even have to
be assigned an IP address or use DHCP … if your card simply
‘associates’ to our access point we know you are there. This is
equivalent to the ‘Bluetooth bomb‘ that was talked about.

Now there are some ways around this. With more modern Ethernet
and wireless adapters, you are able to ‘override’ the default MAC
address that is provided by the vendor, but I have found very few
software packages or operating systems that take advantage of
this. I saw a “security tool” for Windows a few weeks ago that
picks a random MAC address each time you boot, and assigns it to your
networking card … but this is not a standard feature.

There are several identity issues that arise with wireless devices and
identity. This first one is a big issue since it is a globally
unique ID that the average person is not aware of. There are
others that can also be trouble … I’ll write more in another post …

Installing qmail

Posted on by
Reply

I’m going to be writing a series of posts that detail my experiences in
installing a new mail server on Linux.  I have been running a mail
server called the Mercury Mail Transport System on Novell NetWare for a long time.  The NLM version of Mercury
has been robust and works … although it is lacking in some more
recent innovations in e-mail systems.  On top of that, I want to
get rid of my NetWare servers … they just aren’t what I want to be
running any more.

I have installed a server with Fedora Core 2, and as of this weekend I
finally dove in and began the actual installation of the mail
server.  After a lot of looking around, I chose qmail – “Second most popular MTA on the Internet” – and I also wanted to add the TMDA anti-spam solution.

I read through the qmail installation instructions and have to admit
that I was a little worried … until I found the “lazyinstaller for
qmail” at lazyinstaller.net
This is one amazing script, and it made the entire process a
breeze.  Once I had the script on my machine, I simply edited a
few parameters to define my primary domain, some paths, and a few other
items.  (NOTE:  I noticed later that I could have used their
on-line generator to create my customized script ready to download!)

Once I had customized the lazyinstaller script, I ran it and was
impressed.  It downloaded all of the source tars, unpacked them,
built the projects, customized configuration files, and set-up qmail
complete with smtp, pop3, imap (both SSL and non-SSL!) and web-based
administration tools.  There was only one error in the script that
I ran (v2.0.2) where a directory was not created for binqimap … I
created the directory and copied the contents of the config file from
the script into the new directory.  At the end of the install,
there was a short note on creating the start-up and shut-down scripts
… and I was ready to go.  I started up the services, and
everything has been running smoothly!

I have already started testing with some virtual domains, and
everything seems to be working fine.  As of tonight, I installed
TMDA, and have now started my testing with that.  I just completed
the first tests there, and it’s working great.

I have a total of ~15 mail domains with 40-50 users that I have to move
to this new server.  I’m looking forward to moving one of those
tomorrow … I’ll post more about my success!

The power of MRTG …

Posted on by
Reply

The Multi Router Traffic Grapher (MRTG)
is an elegent piece of Open Source software. It is amazingly
simple, yet powerful … a great combination. I first became
aware of MRTG years ago when working on network management
software. The foundation for a lot of network management and
monitoring is the Simple Network Management Protocol (SNMP)
protocol. MRTG was designed to provide trend graphs of SNMP
variables that were being polled. Well, it actually started as a
tool to graph some specific variables – the Interface statistics of
data going in and out of a network Interface.

What is great about MRTG is that is was then extended to go beyond it’s
roots … and into a couple of different directions. The first
area that I really like is that I can add scripts to MRTG that return
values to be graphed … anything that I want. You can only graph
two variables per graph … but it can be any type of data.

I have now written a variety of MRTG scripts to scrape web interfaces
for a variety of devices and applications. For example, I wrote a
MRTG script to scrape the status screen of my ActionTec GT701 DSL
modem. With this ActionTec MRTG script I can now see up to date trend graphs of the traffic going through my DSL modem.

Another example is this NoCat MRTG script that I wrote for the NoCat
project – an Open Source network authentication application. It
also scrapes the web page generated by the NoCat Gateway
software. In both of these examples, I am able to extend the
functionlity of MRTG using Perl and wget …

Now I’m also using MRTG as a primitive OLAP tool … to graph the
results of queries to a MySQL database. In the backend systems
that run our wireless network – 80211.net
– I am writing records to a SQL table to track our sales of Internet
Access. I’ve now written a quick Perl script that does a query of
the database, finds all of the records of sales this month, and then
calculates the revenue that has been generated … and outputs it in
the correct format for MRTG. And so now, I have several graphs
that show our month-to-date sales so that I can see our progress each
day … and throughout the day. What is interesting is to be able
to see the trends of when people purchase Internet Access …

MRTG allows me to easily visualize any type of information … in a very simple and elegent way.

Posted on by
Reply

The Operating System Monoculture dilemma
It is often fun to speculate and point at problems … the solutions, however, do not always come easy. This article is about the issues surrounding a paper written about the “Windows Monoculture” … proposing that so many people are running Microsoft Windows products that a single major flaw could be discovered that causes massive damage (to the entire human race?) when millions of computers are effected.

There are a number of “flaws” with this model, although it points at some potential issues to be learned from. One thing is that no real solution is outlined … and the “obvious” solution is that the world ought to be running on tens or hundreds of different operating systems to solve this dilemma.

Replacing one ‘monoculture’ with a different ‘monoculture’ is not a solution. So having GNU/Linux dominate the earth would simply spawn a new group of “anti-GNU/Linux” people who would call that wrong, and create their alternative. There are only two real ways out … to create something within the technologic substrate that is superior to what is possible in the biologic substrate … or to have a large and diverse number of operating systems.

I actually think that what we are going to find is that the technologic substrate will allow for the emergence of entities that far exceed the capabilities of the biological world that we are a part of.

Warning: Microsoft ‘Monoculture’. A security expert warns Microsoft’s dominance of software is a set-up for global disaster — and promptly loses his job. His comparison is to biology, where species with little genetic variation are vulnerable to catastrophic epidemics. [Wired News]