DHCP makes for bad routing. My original problems with DHCP (i.e name resolution) has been solved by nss-mdns, completely replacing my hacky dns server - ssh'ing into hostname.local names work just fine.
But sadly, my WiFi router does not understand mdns hostnames. Setting up a tunnel into my desktop at home, so that I could access it from office (or australia for that matter), becomes nearly impossible with DHCP changing around the IP for the host.
UPnP: Enter UPnP, which has a feature called NAT Traversal. The nat traversal allows for opening up arbitrary ports dynamically, without any authentication whatsoever. Unfortunately, there doesn't seem to be any easily usable client I could use to send UPnP requests. But nothing stops me from brute-hacking a nat b0rker in raw sockets. And for my Linksys, this is how my POST data looks like.
<?xml version="1.0" ?> <s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s= "http://schemas.xmlsoap.org/soap/envelope/"> <s:Body> <u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"> <NewRemoteHost/> <NewExternalPort>2200</NewExternalPort> <NewProtocol>TCP</NewProtocol> <NewInternalPort>22</NewInternalPort> <NewInternalClient>192.168.1.2</NewInternalClient> <NewEnabled>1</NewEnabled> <NewPortMappingDescription>SSH Tunnel</NewPortMappingDescription> <NewLeaseDuration>0</NewLeaseDuration> </u:AddPortMapping> </s:Body> </s:Envelope>
And here's the quick script which sends off that request to the router.--
Air is just water with a lot of holes in it.
Monday: I had this illusion that I had no jet lag after reaching melbourne. So, I headed out to the security miniconf. The WiFi wasn't up yet (it never is for the first day). The couple of talks I was really focussing on was the OpenSSH one and the 'aggressive' Network defense one.
The latter talk had some interesting 'facts' about ICMP. The ICMP host redirect used in the sense of "talk to the hand" packet dumping. Also suggestions for an ICMP quench message to be un-deprecated as well as a lot of ire directed at sysadmins who just drop ICMP at fire-walls.
The OpenSSH talk had a fair amount of detail about writing secure code and more importantly retro-fitting security into existing code. Ironically, it began by quoting a Microsoft research paper as inspiration for a lot of work. Moving on, it shows how different is sshd compared to the standard unix daemon. Rather than move ahead accept-fork model followed very successfully by apache, sshd uses accept-fork-exec to run a master and slave process. The master handles all the higher privilege functions while the latter handles the protocol/crypto/book-keeping functionality.
Tuesday: I slept off till late afternoon. Woke up in time to peek into the gaming miniconf and walk around between Lygon st. & Swanston st.
Still not adjusted to local time yet, but the extra coffee seems to be helping today.--
So little time, so little to do.
-- Oscar Levant
We are all so much together and yet we are all dying of loneliness.
-- A. Schweitzer
LCA '08 beckons and so does a fairly long vacation down under. The blanks left behind have been filled up and I'm sitting in Singapore right now and as usual this trip was also run quite close to the wire in terms of scheduling. But I'm here and on my way.
I'll be reaching MEL by Sunday night (yes, sleepover at the SG transit hotel) and then the week goes into the conference. After which, I plan to hop onto a kangaroo and head off along the coast to Brisbane (that's about as clear my plans are).
If any of you feel like putting up this low-budget traveller somewhere on that coastal route, ping net dot php at gopalv (in reverse).--
Gosh that takes me back... or is it forward? That's the trouble with time travel, you never can tell.
-- Doctor Who, "Androids of Tara