< January 2008 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728293031  
Wed, 30 Jan 2008:

DHCP makes for bad routing. My original problems with DHCP (i.e name resolution) has been solved by nss-mdns, completely replacing my hacky dns server - ssh'ing into hostname.local names work just fine.

But sadly, my WiFi router does not understand mdns hostnames. Setting up a tunnel into my desktop at home, so that I could access it from office (or australia for that matter), becomes nearly impossible with DHCP changing around the IP for the host.

UPnP: Enter UPnP, which has a feature called NAT Traversal. The nat traversal allows for opening up arbitrary ports dynamically, without any authentication whatsoever. Unfortunately, there doesn't seem to be any easily usable client I could use to send UPnP requests. But nothing stops me from brute-hacking a nat b0rker in raw sockets. And for my Linksys, this is how my POST data looks like.

<?xml version="1.0" ?>
<s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s=
"http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body>
        <u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1">
            <NewRemoteHost/>
            <NewExternalPort>2200</NewExternalPort>
            <NewProtocol>TCP</NewProtocol>
            <NewInternalPort>22</NewInternalPort>
            <NewInternalClient>192.168.1.2</NewInternalClient>
            <NewEnabled>1</NewEnabled>
            <NewPortMappingDescription>SSH Tunnel</NewPortMappingDescription>
            <NewLeaseDuration>0</NewLeaseDuration>
        </u:AddPortMapping>
    </s:Body>
</s:Envelope>

And here's the quick script which sends off that request to the router.

--
Air is just water with a lot of holes in it.

posted at: 14:45 | path: /hacks | permalink | Tags: , , ,

Monday: I had this illusion that I had no jet lag after reaching melbourne. So, I headed out to the security miniconf. The WiFi wasn't up yet (it never is for the first day). The couple of talks I was really focussing on was the OpenSSH one and the 'aggressive' Network defense one.

The latter talk had some interesting 'facts' about ICMP. The ICMP host redirect used in the sense of "talk to the hand" packet dumping. Also suggestions for an ICMP quench message to be un-deprecated as well as a lot of ire directed at sysadmins who just drop ICMP at fire-walls.

The OpenSSH talk had a fair amount of detail about writing secure code and more importantly retro-fitting security into existing code. Ironically, it began by quoting a Microsoft research paper as inspiration for a lot of work. Moving on, it shows how different is sshd compared to the standard unix daemon. Rather than move ahead accept-fork model followed very successfully by apache, sshd uses accept-fork-exec to run a master and slave process. The master handles all the higher privilege functions while the latter handles the protocol/crypto/book-keeping functionality.

Tuesday: I slept off till late afternoon. Woke up in time to peek into the gaming miniconf and walk around between Lygon st. & Swanston st.

Still not adjusted to local time yet, but the extra coffee seems to be helping today.

--
So little time, so little to do.
                -- Oscar Levant

posted at: 12:13 | path: /conferences | permalink | Tags: , ,