Another +ESP8266 gizmo, this time to automatically reboot your router if connection is lost in order to get 24/7 connectivity. – Jean-Luc Aufranc – Google+
Source: Another +ESP8266 gizmo, this time to automatically reboot your router if…
Archive for the ‘Network-and-equipment’ Category
Another +ESP8266 gizmo, this time to automatically reboot your router…
Posted by jpluimers on 2016/10/28
Posted in Internet, Power User, routers | Leave a Comment »
I don’t have #IoT. I have #LoT. LAN of things.
Posted by jpluimers on 2016/10/24
Interesting thought:
Devices in a separate LAN (or VLAN) with no default gateway and some firewall rules to access them from your regular LAN and update them through FWUPD an open source firmware update.
Sounds like a dream? We should all make it come true!
Read I don’t have #IoT. I have #LoT. LAN of things. for more ideas.
–jeroen
Share this:
Posted in IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »
The IoT strikes back again: half a million IoT devices killed DYN DNS for hours, but fixing this will be hard
Posted by jpluimers on 2016/10/22
Less than a month after The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week the IoT struck back again: an estimated half a million IoT devices was used to perform multiple DDoS attacks against Dyn Managed DNS that took around 11 hours to resolve.
Google DNS appears to “live” near me in Amsterdam
High availability usually involves a mix of DNS TTL and/or BGP routing. That’s typically how CDN providers like Cloudflare work (it’s one of the reasons that global DNS servers like Google’s 8.8.8.8 appear near to you and over time routes – some MPLS – to it change). Short DNS TTL can help CDN, requires a very stable DNS infrastructure and is similar to but different from a Fast Flux network.
Last months attacks were on a security researcher and a single ISP. The Dyn DNS attack affected even more internet services (not just sites like Twitter, WhatsApp, AirBnB and Github). So I’m with Bruce Schneier that Someone Is Learning How to Take Down the Internet.
Handling these attacks is hard as the DDoS mitigation firms simply cannot handle the sudden increase of attack sizes yet. BCP38 should be part of mitigation, but the puzzle is big and fixing it won’t be easy though root-causes of bugs change as a lot of research is in progress.
I’m not alone in expecting it to get worse though before getting better.
On the client side, I learned that many users could cope by changing their DNS servers to either of these Public DNS Servers:
- OpenDNS 208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222
- OpenDNS does a good job of handing “last known good” IPs when they can’t resolve.
- Google Public DNS 8.8.8.8, 8.8.4.4
- Level 3 DNS 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6
Some more interesting tidbits on the progress and mitigation on this particular attack are the over time heat-maps of affected regions and BGP routing changes below.
Share this:
Posted in CDN (Content Delivery Network), Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, IoT Internet of Things, Network-and-equipment, Opinions, Power User | Leave a Comment »
The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week
Posted by jpluimers on 2016/09/30
Many people – me included – complain about the sadness of IoT device security.
It seems the hackers found out it’s time to take advantage of that as within a week both these attacks by IoT devices took place:
- 650 Gigabit/second attack at the Krebs on Security [WayBack]
- 1 Terabit/second attacks at OVH [WayBack]
The first already suspected IoT devices, the latter confirmed it were ~ 150-thousand hijacked cameras and DVRs [WayBack] performing the attack.
Or in short:
The IoT strikes back
Few parties can cope with this kind of traffic (Akamai had to stop their pro bono servicing of Krebs on Security; it took a few days and a lot of effort for Google’s Project Shield to take over).
So I’ve a few questions for anyone running IoT devices:
- How secure are your IoT devices?
- Have you confined them to a network that’s easily filtered/shut-down in case of emergency?
Edit 20161004:
- Source Code for IoT botnet responsible for World’s largest DDoS Attack released Online [WayBack] via Joe C. Hecht on G+: Coming to a Toaster new You.
- Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security [WayBack]
–jeroen
Source: Da ist einiges neu an dem Fall: 1) Ein bisher unbekanntes Botnetz. a) Das neue…
Share this:
Posted in IoT Internet of Things, Network-and-equipment, Power User | 1 Comment »
Some cURL links with tips I used doing some Fritz!Box scripting research
Posted by jpluimers on 2016/09/29
I needed to script a few things on my Fritz!Box. Here are the cURL links that I used to research some Fritz!Box scripting.
My first try was wget, but that didn’t do everything I need, so cURL came to the rescue.
In the end, I didn’t need cookies (a post request with an MD5 based handshake sufficed to get a session SID which is not stored in a Cookie), but that surely will come in useful another time.
- scripting – cURL and click a button in a website – Stack Overflow.
- linux – CURL to access a page that requires a login from a different page – Stack Overflow.
- How do you handle authentication via cookie with CURL? – php | Ask MetaFilter.
- How to get past the login page with Wget? – Stack Overflow.
- http – What is the cURL command-line syntax to do a POST request? – Super User.
- web standards – Is it a good practice to use an empty URL for a HTML form’s action attribute? (action=””) – Stack Overflow.
- Difference between id and name attributes in HTML – Stack Overflow.
- Curl: Re: How to POST to a page with multiple forms.
- FRITZ!Box Backup mit curl (Bash) [Daniels Braindump].
Curl man page entries:
The script is and docs are here: jpluimers/bash-fritzclient.
–jeroen
Share this:
Posted in *nix, bash, cURL, Development, Fritz!, Fritz!Box, Network-and-equipment, Power User, Scripting, Software Development, wget | Leave a Comment »
Jark/FTDISample: Note: As of version 10556.0 the ftdi driver does no longer seem to work. A sample application showcasing the FTDI D2XX driver use in Windows Universal projects (UWP). This sample is tested on the Raspberry PI 2 with Windows IOT installed and a FTDI FT232R usb-to-serial adapter.
Posted by jpluimers on 2016/09/22
Yeah, I couldn’t get this working either. I’m not sure where ReadTimeout is actually used by the SerialDevice class internally. But I did end up getting something working by copying the timeout to a
Source: c# – Unable to use SerialDevice.ReadTimeout in Windows 10 IoT – Stack Overflow
Source: Raspberry Pi • View topic – Windows 10 IoT Core Simple Serial Example not working
Share this:
Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Software Development | Leave a Comment »
Olive – Juniper Clue
Posted by jpluimers on 2016/08/19
The original http://juniper.cluepon.net/index.php/Olive is gone, but the WayBack machine sitll has it: Olive – Juniper Clue
It describes how to install JUNOS on x86/x64 (or emulated) hardware.
–jeroen
via: Can I learn Juniper? : networking
Share this:
Posted in Internet, Juniper, Olive - JUNOS, Power User, routers | Leave a Comment »
Remote VPN to Fritz!Box from Mac OS X: don’t forget to set your Group Name to be the same as the User Name
Posted by jpluimers on 2016/08/01
With en empty Group Name you get this:
No Group Name means no connection
The bad thing is: the Fritz!Box will not tell you this in any of the logs.
So don’t forget to set the Group Name to be the same as the Account Name in the ….:
Always enter the Group Name in the Authentication Settings
Then you can successfully connect:
VPN connection succeeded!
–jeroen
Share this:
Posted in Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »
Windows PPTP – How to Create a VPN Server on Your Windows Computer Without Installing Any Software
Posted by jpluimers on 2016/07/18
Windows has the built-in ability to function as VPN server, although this option is hidden. This trick works on both Windows 7 and Windows 8. The server uses the point-to-point tunneling protocol (PPTP.)
Source: How to Create a VPN Server on Your Windows Computer Without Installing Any Software
One day this might come in handy though I need to investigate a bit more on PPTP security issues first: might need to go for L2TP/IPsec instead.
Later: indeed, I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
Share this:
Posted in IPSec, Network-and-equipment, Power User, PPTP, VPN, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | 1 Comment »
Multi-WAN routers compared
Posted by jpluimers on 2016/05/20
Mikrotik have statistics and way more features. Of the not so good features on the TP-LINK ER-5120 multi-WAN router (none of which are mentioned in their documentation), the worst 2 are:
- Virtual-Server table can only handle 32 incoming port redirects
- no IPv6 support
- both incoming WAN and outgoing NAT isn’t very stable (my guess it’s a NAT table filling up)
Source: Gigabit Load Balance Broadband Router TL-ER5120 – Welcome to TP-LINK
Source: MikroTik – Forum – Tweakers
RouterBoard RB3011UiAS-RM description. The RB3011 is a new multi port device, our first to be running an ARM architecture CPU for higher performance than ever before. The RB3011 has ten Gigabit ports divided in two switch groups, an SFP cage and for the first time a SuperSpeed full size USB 3.
Source: RouterBoard.com : RB3011UiAS-RM (link has high res images)
Source: RB3011UiAS-RM – MikroTik RouterOS
The CCR1009 will always be faster, even passively cooled: Source: RB3011 Fan Notice compared to CCR 1009 – MikroTik RouterOS. The passively cooled versions run at a lower clock-speed which you can even make lower yourself:Source: CCR1009-8G-1S-1S+PC lower clock – MikroTik RouterOS. On the active cooled CCR1009, you can replace the fans to make them more quiet: Source: CCR1009-8G-1S-1S+ General info & Questions – Page 2 – MikroTik RouterOS
Note the ports in/out the switch groups on the CCR1009: Source: CCR 1009 switch chip menu – MikroTik RouterOS
RouterBoard CCR1009-8G-1S-1S+PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.
Source: RouterBoard.com : CCR1009-8G-1S-1S+PC
RouterBoard CCR1009-8G-1S-PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.
Source: RouterBoard.com : CCR1009-8G-1S-PC
Source: Advise: CCR1009-1S-PC – MikroTik RouterOS
Source: CCR1009-8G-1S-1S+ is a BEST ROUTER !!! – MikroTik RouterOS
When the power supply breaks: Source: CCR1009-8G question about part number – MikroTik RouterOS
The actively cooled CCR1009 with lots of pictures and screenshots: Source: CCR1009-8G-1S-1S+ General info & Questions – MikroTik RouterOS
Mikrotik with xs4all
Source: Eigen router achter een XS4ALL-VDSL-aansluiting (2) | Harold Schoemaker
Source: xs4all ftth en Mikrotik router – Google Groups
Heeft iemand van jullie ook ervaring met IPv6 van XS4all met een fritzbox? Ik wil namelijk achter deze fritzbox een mikrotik plaaten en IPv6 door routeert.
Source: IPv6 mikrotik router achter een fritzbox.
Source: [Ervaringen/discussie] MikroTik-apparatuur – Netwerken – GoT
–jeroen
Share this:
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
The Wiert Corner - irregular stream of stuff 