I was lucky enough to score a ticket to ShmooCon and spent most of my weekend there. I did miss the big party on Saturday night because I had other obligations but having been to Heaven and Hell more than once in the 90s I don’t feel like I missed too much. Drunken hackers and nerds are usually a pretty fun crowd though…

I was generally pleased with content at the conference, there were some very good talks. In particular I liked:

Cyber Fast Track - I was impressed to see DARPA embracing the hacker community and making it easier to get .gov funding for infosec related work. My wife does work for DARPA and it was cool to see our worlds collide.

Building Measurement and Signature Intelligence (MASINT) Capabilities on a Hacker’s Budget: Tracking and Fingerprinting RF Devices for Fun and Profit - I thought this was pretty groudbreaking work. This stuff in the hands of common folk is exciting.

Soft Markers in Attack Attribution - I like the anthropologic nature of this talk. The national / culteral breakdown of attackers and types of attacks is really fascinating.

TTL of a Penetration - Good talk, good speaker, he knew his material and he was great at working the crowd. .

There were other talks that I liked quite a bit too, disposable spybots, java and android exploitation, more reasons why RFID is horrible. So many interesting sessions to attend… The only thing I felt was missing were IPv6 specific talks. I heard people asking IPv6 questions in various sessions but I did see any speakers talking about IPv6 security specifically. There is an opportunity to present IPv6 topics at shmoocon. There is so much meat there! Perhaps I’ll try to put something together for next year. Another area I would like to see more focus is in physical security, datacenter, cage, rack and host security in meatspace. I think this is an area where there has been little focus which presents an opportunity to learn more. I’ve worked with a lot of the big retail datacenters and many of them have weak spots in their security practices. The biggest providers are the worst offenders too.

Over the holidays I was monkeying around with dnspython, a seriously cool Python module created by the fine folks at Nominum. This toolkit implements almost all of the DNS protocol and comes with many convenient helper methods to get DNS stuff done. I actually wrote a few different tools over the holiday for various purposes but one stands out in its usefullness, dnsupdate.

I wrote dnsupdate with the idea of replacing nsupdate, the standard DDNS update tool created by BIND authors ISC. I’ve never been fond of nsupdate, it does the job and is functional but it is awkward to wrap in scripts and its usage in general is just not very intuitive. I wrote dnsupdate to work well from the comamnd line or from scripts and to be easy to use. It also does some nice things like automatically create PTRs for a given A or AAAA record.

It seems that every couple of years I have to throw away the old blog and start a new one. I have to satiate that desire to try new things so it’s less about the inadequecies of my old blog than my desire to try something new.

The new blog! So this time I’m using something called Octopress. Octopress is a bit different from Wordpress, Drupal or other blogging software I’ve used in the past. It is based on Ruby and Jekyll. Octopress has no database backend and allows me to use my local git repository for change management. I can use any editor I like (Vim!), use conditionals, macros and other neat tricks all while using a very familiar interface. Generally it is simple and fits well in to the way I have been doing things for quite some time now. I think the clencher for me is the ability to use a revision control system to manage my content. The general Unix friendliness is something that I appreciate a lot too. It will be easy to automate aspects of this blog without relying on a bunch of other peoples plugins.

I’m looking forward to playing around with Octopress over the coming months. Let’s see how long this one lasts!

I’ve been horrible about updating this space for a long time now. New job, busy, busy, busy…..

Anyway, when I have had spare time I’ve penned several more articles for The IPv6 Experts dot Net:

Using an IPv6 Tunnel Broker With Linux IPv6: Configuring Debian and Using Sysctl Configuring IPv6 on Redhat (CentOS) Linux

Check them out and while your there read some of the other articles. There is some great stuff there….

I contributed an article a new blog dedicated to discussing the depletion of IPv4 and the IPv6 transition. The blog is The IPv6 Experts .net

My article, “What does the IPv4 Exhaustion Mean to the End-user?” can be found here.

This is the first of many articles I will be writing for The IPv6 Experts. There is a lot of other content by some really smart people so please check back there every now and then.

I’ve been speaking, writing and talking about IPv6 a lot lately. One of the questions I get a lot is “Where can I find out more about IPv6”. There are many good books you can buy but there are also some great sources that are freely available on the Internet. To start with the IPv6 article on Wikipedia is very informative. There is also a great article over at Ars Technica called “Everything you need to know about IPv6”. This article gives great background and is a quick read. If you want more details about specific issues you can check our ARIN’s IPv6 Wiki. It contains a lot of information contributed by members of the ARIN community. Many of these people run ISPs or other large networks. Their real world experience is reflected in the content on this website. Last but not least there are the RFCs that define various aspects of the IPv6 protocol. There are many RFCs related to IPv6. An incomplete list can be found here. It is missing many newer IPv6 RFCs though. For those, probably the best place to go is straight to the source at the IETF.

A while back I was deploying a new high volume TCP application and I was interested in the number of connections from particular hosts I was seeing over a period of time. Who was connecting the most, that kind of thing. This one liner accomplishes that rather well. Replace 70.164.19.160 with your servers IP address and should get a list of top connecting hosts and the number of times each host as connected in ascending order. Alter -c 100 to specify the number of packets to capture. Basically what this does is capture the fist 100 SYN sent to the destination host, extract the send IP, sorts them and then counts the number of SYN packets from each host. Simple but effective. I love one liners like this.

1

time tcpdump -ieth0 -c 100 -nn dst 70.164.19.160 and 'tcp[13] & 2 == 2' | awk 'split($3,ip,".") {print ip[1] "." ip[2] "." ip[3] "." ip[4]}'| sort | uniq -c | sort -n

Here’s a quick and dirty shell script that will attempt get the correct IMDB link based on a files name. I use this to copy media into the appropriate places on my media server along with an NFO file that xbmc can use to download the appropriate movie info. This technique can be used to fetch links from google for a lot of different things from the command line. Be careful though, if you use this too many times (1000s?) in a short amount of time google will ban you for a while. I think the correct thing to do is use their API. I did say quick and dirty though :) Adjust path’s, etc. accordingly and try your luck.

1
2
3
4
5

#!/bin/bash

SEARCHSTRING=`echo $1|cut -d. -f1|sed 's/ /_/g'|sed 's/-/_/g'|sed 's/_/+/g'`
IMDBURL=`curl -iIs -A "Mozilla/5.0" "http://www.google.com/search?&q=site+www.imdb.com+$SEARCHSTRING&btnI" | grep Location | awk {'print $2'}`
echo $IMDBURL

Here’s a script I wrote that will check the IP address of my FIOS connected firewall, update DNS and IPv6 tunnel settings and send me an email. This script assumes you have control of a DNS server somewhere that has resource records related to your firewall host. I use he.net’s tunnelbroker for my IPv6 tunnel and this script uses their facility to update the tunnel end point configuration and then restarts the tunnel on my side. Details and script are below.

A friend asked me about this the other day and I told him to google it. Unfortunately I was unaware that there is a lot of bad information out there about how to achieve an “open NAT” status on your xbox 360. The only ports you need to forward to your xbox are:

1
2
3

TCP port 88
TCP port 3074
UDP port 3074