Friday, September 2. 2022
IP Ping Tool
Saturday, May 28. 2022
df options
$ sudo df -Tlh Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 16G 0 16G 0% /dev tmpfs tmpfs 3.2G 1.6M 3.2G 1% /run /dev/nvme0n1p4 btrfs 94G 6.8G 85G 8% / tmpfs tmpfs 16G 85M 16G 1% /dev/shm tmpfs tmpfs 5.0M 4.0K 5.0M 1% /run/lock /dev/nvme0n1p6 btrfs 94G 898M 91G 1% /usr/local /dev/nvme0n1p7 btrfs 187G 14G 172G 8% /var ...
Wednesday, May 25. 2022
A Different Container Way
Admin magazine has an article called Create secure simple containers with the systemd tools Nspawnd and Portabled, which offers a mechanism different from my favorite LXC mechanisms. I'll have to give it a try for simpler projects.
They seem to be subsets of the templates and caching already available via LXC, but the one stand out is an added tool called mkosi, which stands for Make Operating System Image, and is a tool for precisely that: generating an OS tree or image that can be booted. It seems to be useful for creating container images as well as images which can be used in heavier virtualization environments such as KVM.
Tuesday, May 17. 2022
Small Cameras and c-mounts
From Using a "proper" camera as a webcam there were some references to some interesting inexpensive high resolution cameras and lenses. I can't vouch for quality, but I intend to give them a try.
- C920/C922/C930 enclosure kit for CS-type lens mk2 - with some references to lenses and IR-cut filters
- IMX477 Full Report – Datasheet, Specs, Technologies and Camera Modules - f you are considering the Sony IMX477 or IMX477R, then this is for you. datasheets, specs, and related informaiton
- ArduCam embedded camera solutions on Amazon
There are suggestions for teleprompters in there as well.
Monday, May 16. 2022
Linux DIMM Decoder
Interesting portions of the query:
# decode-dimms # decode-dimms version 4.3 Memory Serial Presence Detect Decoder By Philip Edelbrock, Christian Zuckschwerdt, Burkart Lingner, Jean Delvare, Trent Piepho and others Decoding EEPROM: /sys/bus/i2c/drivers/ee1004/3-0050 Guessing DIMM is in bank 1 Kernel driver used ee1004 ---=== SPD EEPROM Information ===--- EEPROM CRC of bytes 0-125 OK (0xB200) # of bytes written to SDRAM EEPROM 384 Total number of bytes in EEPROM 512 Fundamental Memory type DDR4 SDRAM SPD Revision 1.1 Module Type SO-DIMM EEPROM CRC of bytes 128-253 OK (0x2A87) ---=== Memory Characteristics ===--- Maximum module speed 2400 MT/s (PC4-19200) Size 16384 MB Banks x Rows x Columns x Bits 16 x 16 x 10 x 64 SDRAM Device Width 8 bits Ranks 2 Rank Mix Symmetrical Primary Bus Width 64 bits AA-RCD-RP-RAS (cycles) 14-14-14-35 Supported CAS Latencies 16T, 15T, 14T, 13T, 12T, 11T, 9T ---=== Manufacturer Data ===--- Module Manufacturer Kingston DRAM Manufacturer SK Hynix (former Hyundai Electronics) Manufacturing Location Code 0x01 Manufacturing Date 2018-W21 Assembly Serial Number 0xC22D6945 Part Number KHX2400C14S4/16G Number of SDRAM DIMMs detected and decoded: 1
Wednesday, May 4. 2022
LOC RR
IATA airport codes to LOC:
$ dig +short YYC.air.jpmens.net LOC 51 6 50.037 N 114 1 11.988 W 1084.00m 1m 10000m 10m
and more fun with an associated TXT:
$ dig +short YYC.air.jpmens.net TXT "cc:CA; m:Calgary; t:large, n:Calgary International Airport"
with more at Airports of the world, and other data in DNS
Thursday, April 28. 2022
systemd-resolved
Another from the email list (2022/04/22):
systemd-resolved is broken in many ways. I doubt it can forward correctly TSIG or SIG(0). If you have a proper DNS server running on your machine, there is not many reasons to run also systemd-resolved. If you need it, I suggest to write fixed /etc/resolv.conf pointing to 127.0.0.1 or ::1. Consider chattr +i /etc/resolv.conf afterwards. Do not use stub resolver provided by systemd if you have better caching server running on the same machine. I would even recommend to uninstall it on Fedora, where it is possible. Unless you use mdns on selected networks only, I don't think systemd-resolved provides you any benefit.
systemd-resolved strips in default configuration even DNSSEC signatures. I would doubt it can handle key signatures or even updates.
A solution:
sudo systemctl disable systemd-resolved.service sudo service systemd-resolved stop
And then mask: systemd masking
GeoFeed / GeoLocation
From an email list 2022/04/21:
Geofeed is specified in RFC 8805. Finding and using Geofeed data is described in RFC 9092.
Example in the wild:
$ whois -h whois.ripe.net 146.75.0.0 | fgrep geofeed: geofeed: https://ip-geolocation.fastly.com/
Another example below, in this instance the geofeed information is stored in a 'remarks:' attribute. Unfortunately this particular RIR does not (yet?) properly support the native RPSL geofeed attribute for IPv6 /48 PI blocks.
$ whois -h whois.ripe.net 2001:67c:208c::/48 | grep geofeed remarks: Geofeed https://sobornost.net/geofeed.csv
Both approaches work.
----
Besides geofeed, there are also geoidx records in IRRs but whether geolocation services actually use geofeed or geoidx remains to be seen. You can see some geoidx: at this IRR entry in TC: bgp.net example
----
A helpful resource: Geo & VPN Services - the RFC only works if they're pulling your feed and they'd only know that if you contact them in the first place.
----
- RFC 3693: Geopriv Requirements
- RFC 5870: A Uniform Resource Identifier for Geographic Locations
- RFC 6288: URN Namespace for the Defence Geospatial Information Working Group (DGIWG)
- RFC 6397: Multi-Threaded Routing Toolkit (MRT) BGP Routing Information Export Format with Geo-Location Extensions
- RFC 6772: Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information
- RFC 7942: The GeoJSON Format
- RFC 8142: GeoJSON Text Sequences
- RFC 8805: A Format for Self-Published IP Geolocation Feeds
- RFC 9092: Finding and Using Geofeed Data
Wednesday, April 27. 2022
quad9 Threat Blocking
Heard on an email list:
There are public and commercial offerings for "DNS based protection".
e.g. 9.9.9.9 automatically generates NXDomains for suspected malicious DNS Names even in their free service.
They have a page where you can check if you have been blacklisted (see Threat blocking).
Tuesday, April 12. 2022
Definition of Email List Washing
From an email list, the definition of email list-washing:
Trying to identify the addresses in a spam list that will get you in trouble, e.g., spam traps and people with a history of complaining, so that you can mail to what's left. And also, by implication, dealing with complaints by saying "we took you off the list" without looking at the overall list quality.
The technical methods for removing stale bouncing addresses from a legitimate list are somewhat similar but the motivation is not.
Sunday, April 10. 2022
Mail Flow Settings to Consider
- IP -> PTR lookup -> that hostname lookup, and match to IP again
- SPF
- DKIM - one possible implementation: OpenDKIM - opendkim is an excellent tool, which helped find the real problem with a simple "Diagnostics yes" in the config file.
- DMARC
- ARC (for mailinglists)
- SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that)
- Decent TLS
- MTA-STS
- DANE
Use a site like internet.nl for testing mail server configuration and capabilities
Follow up comment: Google at least adds ARC headers in Gmail, and did the editing of RFC8617. ARC – Authenticated Received Chain
Follow up comment: Bimi Group - is snakeoil, or well, a scam is more like it: if you can pay and they like you, you get a logo, anybody else is out... marketing companies of the world (and the once earning money for bits ala domains and worse EV SSL certs... rejoice)
Follow up link: mailing lists are the ugly stepchild
Settings for mailing list:
We have SPF, DKIM signing, and a DMARC policy that sets p=none.
We're not setting p=reject, considering the number of mailing lists our users are on that are outdated or based on EOL software (including this one which depends on python 2.7, and including our own which have the same problem). It's impossible to know, from the outside, how mailing lists are configured. Mailman3 is...special. That's a rant for another time.
We get about an email a week from someone emailing security-officer@ trying to get a bug bounty telling us we should set p=reject. There's an ecosystem for this stuff.
Note: Yup. Gmail has made it quite clear that they will not accept v6 mail that isn't SPF or DKIM authenticated. DKIM is more work but works more reliably.
ARC: It's certainly not a magic ticket into an inbox but it is slowly helping undo DMARC mailing list damage. It's not important unless you forward mail like a mailing list does.
What ARC does:
ARC addreses the problem that mailing lists do a lousy job of spam filtering, A list that usually sends lovely clean mail sometimes doesn't, since a typical list forwards anything with a subscriber's address on the From line including spam from cleverish spammers who take pairs of from/to addresses from stolen mailboxes.
ARC lets the recipient system look back and do what we might call retroactive filtering, using info about messages as they arrived at the previous forwarder. While it would be nice if lists did a better job of spam filtering, they don't, and ARC is a reasonable remedy for that.
Additional protection settings:
I run my own mail server and have no trouble at all delivering mail to Gmail over IPv6. I do have SPF, DKIM, DNSSEC and DANE on my mail servers. My DMARC policy is p=none. If it matters, the MTA is a heavily hacked version of qmail.
Someone mentioned nullmailer as a small mail program that allows you (or your system) to send mails through an existing email account (using an SMTP server).
In response to "Clearly, someone used the reputation of ImprovMX.com to deliver emails by forging them before delivery., "DKIM replay attacks preventative measures
2022/04/24 added - DMARC Domain Checker
2022/06/12 added - Email Audit - Check the DNA of your email against important best practices.
Saturday, April 9. 2022
P4 integration with BATMAN mesh network
From the P4-dev mailing list, an interesting tool which deep dives wifi, P4, the kernel, ...
you may want to look at the BATMAN and P4 examples in Mininet-WiFi: Manet Routing Protocols or P4 Programming Protocol-Independent Packet Processors .
BTW, we recently fully open-sourced here: mn-wifi-ebook.
The English version of the Mininet-WiFi book: The Mininet-WiFi Book
RBL, Reputation
look at Hetrixtools - It's not IP Reputation Service, but this tool can you can an idea with RBL Blacklist monitor maybe ?
There are only two IP-based reputation services that are truly widely used, world-wide, ours and Validity's (nee ReturnPath).
IADB (ISIPP Accreditation Database, now known to consumers as the Good Senders List, or GSL) - Ours have *always* been free for receivers to query, and always will be, as our primary reason for having been in business for going on 20 years is to provide a way for *receivers* to determine the ham from the spam (making it easier for them to reject spam). I'm surprised to hear that *any* of the others are charging for access for querying - shocked in fact. More general information about the IADB is here: for ISPs
FWIW - spamassassin checks the ISIPP by default since 3.10 and reduces the score if your address is found there.
2022/04/09 - E-Mail Reputation – Protect against false positives - reputation data services - has a link to applications using the data, one of which being rspamd -- but note: "gmail's lack of cooperation with the dns good list means inbound from them gets dropped when one of their outbound smtp senders gets badlisted, which they often do. " -- followed up by: [How about using their SPF records as automation input? Their MXes are inside those blocks right now at least.]
2022/04/09 - HetrixTools - Uptime Monitor & Blacklist Monitor
Building Kernel for Debian
- download kernel 5.17 source tar.gz file from kernel.org
- Unpack the source and apply the patch with cd linux; patch -p1 < patch_file
- Run "make localmodconfig"
- Compile (run "make")
- Install: sudo make modules_install install
- reboot and choose the new kernel in grub
Friday, April 1. 2022
BGP Local Preference vs MED
Seen on a mailing list, some comments regarding local preference vs MED.
Unfortunately, the reason crazy-long prepends actually propagate so widely in the internet core is because most of those decisions to prefer your peer's customers are done using a relatively big and heavy hammer.
> IOW if your peer or customer has prepended 5 times or more, dont LOCAL_PREF or maybe even de-LOCAL_PREF it
LOCAL_PREF is, in my opinion, the wrong tool to use, but it's what most of the networks out there seem to have settled on, to the point of having published BGP communities to use for controlling the LOCAL_PREF setting on received routes: https://onestep.net/communities/
I've long practiced, and advocated for, the use of MEDs or tweaking origin codes as a better way to nudge traffic towards customers, peers, customers of peers, etc., because it still allows as-path to be a factor in nudging traffic away. Prepend inbound 3 times on routes learned from your transit provider, but not on your peers, listen to MEDs from your peers, and enable always-compare-med and deterministic-med to allow values to be compared across different pathways.
That way, someone trying to say "don't use this path" can do a simple triple-prepend, and see their traffic shift. In our current world of using LOCAL_PREF, however, the poor customer keeps prepending more and more, and never sees their traffic shift. In desperation, they prepend the maximum number of times allowed, hoping that maybe this will somehow do the trick...not understanding that no matter what they do in the prepend realm, so long as their upstreams are using the LOCAL_PREF hammer, their prepends will fall on deaf ears.
For the most part--if you think LOCAL_PREF is the right knob to use for moving traffic, it probably means you need to go back and rethink your traffic engineering approach.