Tom Hayward

This blog covers some of my thoughts and interests, including software development, system administration, and amateur (ham) radio.

Check me out:

Facebook
Flickr
Last.fm
Del.icio.us
Twitter @thayward

Comments:

I just added LineBuzz for comments. Just highlight the phrase you want to comment on, and click "Post an inline comment". You will need be registered with LineBuzz, but luckily this is simple and quick.

Local Links:

Friend's Blogs:

Mon May 4

Get APRS status via SMS/email

I wrote an email system that will email you a APRS station’s info (last heard time, position, and APRS status).

To use the system, just send an email or SMS (text message) to aprs@tomh.us with the station’s callsign at the start of the message. Emails must be in plain text format, not multipart/HTML.

You should receive a response in about a minute. It will look something like this:

WA7RVV-12 6min ago:
Saltese, Mt 59867, USA
/W2,MTN,LOOKOUT PASS
47.454167,-115.658333

Tue Feb 3

I made you a 1234567890 countdown timer

Unix time will reach 1234567890 on 2009-02-13 15:31:30. I made a countdown timer in bash.

#!/bin/sh
printf "\tUNIX TIME\t TO GO:\tDAYS\tHOURS\tMINUTES\tSECONDS\n"
while true;
	DATE=`date +%s`
	SECONDS=$[1234567890-$DATE]
	MINUTES=$[$SECONDS/60]
	HOURS=$[$MINUTES/60]
	DAYS=$[$HOURS/24]
	printf "\t%s\t\t%4s\t%5s\t%7s\t%7s\r" "$DATE"	"$DAYS" "$[$HOURS%$DAYS]" "$[$MINUTES%$HOURS]" "$[$SECONDS%$MINUTES]"
	sleep 1
done
Mon Feb 2

Send a file to a process by writing to /proc

I’d like a way to “write” to a Linux filesystem, but rather than write the file, have the file sent to a process (so that it can be sent to another server over the network). I think this is possible with a kernel module by writing to /proc/mykernelmodule/filetosend, but I don’t know of any good resources that teach this. Any ideas?

Edit: This seems like a pretty good resource (haven’t started hacking on it yet): http://tldp.org/LDP/lkmpg/2.6/html/x810.html.

Sat Jan 24

Blocking Recursive Root DNS Queries with iptables

Around Jan 18th,

Several folks are reporting odd queries hitting their DNS servers at a steady rate of about two per second.  The queries invariably ask for the name server of the domain “.” (NS query for a single dot).   Since “.” is a query for the root name servers, it has a very short query packet but a pretty long answer. Our current theory therefore is that this is a denial of service (DoS) attack in progress, where the DNS servers are used as “amplifiers” and unwittingly flood the (spoofed) source by providing a long answer to a system which never asked.
http://isc.sans.org/diary.html?storyid=5713

I noticed one of the servers I am responsible was getting hit with this query about four times a second. The server was already configured to reject the query, but with each one it logged a warning. named (bind DNS server) and syslogd were now the second and third largest resource users on the server.

I’m sure there are other system administrators dealing with the same problem, so I’m going to outline the process I went through to eventually drop them with iptables (the server is not protected by a hardware firewall, so I had to use the linux firewall iptables). Note, the system is Ubuntu Server 7.10, so the paths used here should be accurate for related systems.

First of all, to survey the damage:

thayward@sea1:~$ tail /var/log/syslog
Jan 24 11:52:28 sea1 named[23890]: client 206.71.158.30#43845: query (cache) './NS/IN' denied
Jan 24 11:52:29 sea1 named[23890]: client 206.71.158.30#43332: query (cache) './NS/IN' denied
Jan 24 11:52:29 sea1 named[23890]: client 206.71.158.30#23849: query (cache) './NS/IN' denied
Jan 24 11:52:29 sea1 named[23890]: client 206.71.158.30#65188: query (cache) './NS/IN' denied
Jan 24 11:52:29 sea1 named[23890]: client 206.71.158.30#45150: query (cache) './NS/IN' denied
Jan 24 11:52:30 sea1 named[23890]: client 206.71.158.30#1362: query (cache) './NS/IN' denied
Jan 24 11:52:31 sea1 named[23890]: client 206.71.158.30#39496: query (cache) './NS/IN' denied
Jan 24 11:52:31 sea1 named[23890]: client 206.71.158.30#27892: query (cache) './NS/IN' denied
Jan 24 11:52:31 sea1 named[23890]: client 206.71.158.30#52019: query (cache) './NS/IN' denied
Jan 24 11:52:32 sea1 named[23890]: client 206.71.158.30#36766: query (cache) './NS/IN' denied

You can see named goes to a lot of effort to get these denials logged. While I figure out how to drop the packets, let’s set bind’s log level to something that won’t log this attack. The system’s bind configuration file is located at /etc/bind/named.conf. I added these lines:

logging{
    channel default_syslog {
        syslog daemon;
        severity notice;
        };
};

This changes the default syslog behavior of bind from info to notice. This stops logging of the denial messages.

Okay, now that we’ve avoided the problem, let’s try to actually block it. The simple solution is to block the source IP address. In this case, that is spoofed as it is the IP address of the victim. Blocking this will keep me out of the attack for now, but when they choose a new victim I could begin sending more refusals.

To block the source IP, I issued this command for each of the offending IPs:

sudo iptables -I INPUT -s 206.71.158.30 -j DROP

This calmed things down a bit, but still wouldn’t protect me against future attacks. For this I would need to do some investigation and learn how to block the packets more specifically.

I started a packet capture on the server with tcpdump.

thayward@sea1:~$ sudo tcpdump -i eth0 -s 1500 -w dump4

eth0 specifies the network adapter to capture from; size of 1500 tells tcpdump to cature the full packet (by default, tcpdump only captures the first 68 bytes); and dump4 is the file I saved the capture to.

I downloaded dump4 and loaded it into Wireshark. A filter expression of “dns” filters out what I need.

I knew these packets would be port 53 because they are DNS queries. I also knew they would be UDP because it is a short DNS query. What I wanted to know was the length of the packet (the tiny packet length is what makes this attack work). I experimented with some of the values I found in Wireshark, I found one that matches iptables’ length rule:

Wireshark screen capture: "Total Length: 45"

Under Internet Protocol, I found Total Length to be 45, and used this in the iptables rule:

sudo iptables -I INPUT -p udp --dport 53 -m length --length 45 -j DROP

This will drop all root DNS queries.

To test it out:

dig . NS @yourserver.com

If dig just hangs without returning a result, the request was dropped and it’s working.

Sun May 11

Sat Oct 13

Take that Apple: hacked VPN on iPod touch

I guess if Apple can’t do it properly I’ll just have to do it myself. I jailbreaked my iPod touch. This made it easy to copy over Mail.app and MobileMailSettings.bundle from the iPhone firmware. After a quick restart my iPod touch had full VPN support! Works like a charm on campus!

This makes my iPod about twice as useful–I hope Apple understands this and decides to put in a VPN client legitimately.

Thu Sep 6

Confirmed: VPN on iPod Touch

Update: Apple lied: No VPN client on iPod touch 

First of all, if you haven’t seen the new iPods (including lowered price for the iPhone), you’re missing out. Check them out: www.apple.com. Apple finally did it right: solid-state widescreen/touchscreen iPod. No more dead hard drives.

I just got off the phone with Apple. They confirmed for me that the iPod Touch indeed has the same VPN support as the iPhone.

When I ordered my 16GB iPod Touch last night I didn’t think about the fact that the software might be different than the iPhone. For the most part it’s not, but Apple has chosen to leave a few things out (like Mail, Stocks, and Weather). But would they leave out a system feature like VPN? No, apparently not. So it will work with campus Wi-Fi–perfect.

On a further note, I’ve heard that the software is exactly the same as the iPhone. This means that the missing applications should be easy to install with Installer.app once someone with an iPhone leaks them. Third-party iPhone apps should work too (like Sudoku and OpenSSH).

Thu Aug 23

Technology in the Classroom

Classes started this week. I’m taking 17 credits, including 3 labs. To keep up with this load I’m trying to keep everything as organized as possible. Everything goes into the computer where it’s easy to access, search, and back up. This plan worked well until Wednesday at 2:10 when I had my first GenEd 110 lecture.

While doing my best to take detailed notes, Dr. Swan started into a lecture about how electronics in the classroom are distracting, impractical (“you won’t be wired in the real world”), stunt critical thinking, and just aren’t fair. She finished, looked at me, asked if I understood, then asked if I would put away my laptop computer. I said I just wanted to finish up these notes, then I would put it away. She wasn’t pleased, so I packed up my things and left. I’m not willing to make the time investment required for paper notes.

Not only did I disagree with her rule, I don’t understand the reasoning. Distracting, maybe; if students are surfing the web or watching a movie the computer could definitely be a distraction. However, I obviously wasn’t doing either of those things, just taking notes.

I really enjoyed her comment about the real world not being wired, particularly an hour later. My next class was EE 214. One of the first things the professor (Dr. Clint Cole) said was that we’ve reached a point in electronics design where we can no longer use paper, the only way to manage all that information is on a computer. I almost laughed out loud. The other ironic part about her comment was that my laptop was completely wireless. It was (at the time) running on battery power, and if I were using the internet, it would have been wireless too–I understand this wasn’t her point, it’s just funny.

I have absolutely no idea how electronics could stunt critical thinking. Although this may be because I’m around electronics so much they’ve stunted my critical thinking beyond the point of understanding her point. /sarcasm

And how in the world are computers unfair? I work my ass off during the summer so that I have enough money to afford things like electronics. I paid for my laptop with my own hard earned money. Anyone can look for and get a job. The economy can be unfair, but if you really want a laptop computer, it’s not a terribly hard goal to achieve.

Now that I’ve torn apart Dr. Swan’s arguments and have had a chance to vent a bit, I’d like to mention the positive. In my free time after walking out of class, I contacted the head of the General Education (GenEd) department, Dr. Law. He had me transferred into a different section, conveniently at the same time. No harm, no foul. My trust in the university is restored (though I’ll remain bitter toward Dr. Swan).

Sat Jul 21
Fri Jul 6

Linux Lately

For years I’ve been using Linux on servers, but in the past few weeks I’ve found myself using it quite a bit more. If fact, this post comes to you from my newly Linux-loaded laptop.

 The other night I decided that although Vista has it’s place, it wasn’t on my laptop. Thinking about it, I’m surprised I held out on Vista for a whole six months–it never did run very well. Anyway, Ubuntu 7.04 is my laptop’s OS now. I was quite impressed by the install process. If you’ve ever installed Ubuntu before, you know that it’s a live cd, meaning you don’t have to install the OS to start running it and using applications–just pop in the CD. This is neat, but the best part is that it really works and everything is fully supported. I popped in the CD, waited 30 seconds, it found my laptop’s WiFi hardware, configured the drivers, and asked me which network I wanted to connect to. This amazed me. Even on Windows XP and Vista I had to search for drivers on the internet with another computer, then transfer them via USB thumb drive, before manually installing them. Bravo Ubuntu! More progress like this and you will be [more] mainstream in no time.

 Though not the primary operating system, Ubuntu 7.04 is now being virtualized on both my desktop and my work desktop (Mark (the boss) got was a little annoyed today when he couldn’t figure out how to get out of Linux mode) using VMware Server (newly free!). This works much better than I would have guessed. There’s a very slight delay between input and output, but it’s very usable and very convenient. The ability to boot Linux in a window within Windows eliminates all the short-comings of a dual-boot setup. At both work and home, I find myself using virtual Ubuntu almost as much as I do Windows. There just aren’t many things that can’t be done with Linux or can be done better by Windows.

 The other place I use Linux is the most interesting to me, but I’ll understand if most readers don’t share this passion. I’ve started working on an embedded Linux system at Harbortronics for–you guessed it–time lapse. So far it’s a neat little package, and easier to work with than I expected.  It’s basically just a circuit board based around a 180MHz computer-on-a-chip. It has USB, Ethernet, serial ports, a card reader: basically everything you need in a computer. It runs a form of Debian Linux (kernel 2.6). Currently, I have a web server, SSH server, LCD text output, and serial terminal running on it. I’m pretty optimistic about the future of this project, if I ever get some more development time. >

 Bleh: conclusion. So yeah, Linux, try it: ubuntu.com. It’s easier than you think and, did I mention, free?