The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Internet’ Category

« Previous Entries
Next Entries »

The IoT strikes back again: half a million IoT devices killed DYN DNS for hours, but fixing this will be hard

Posted by jpluimers on 2016/10/22

Less than a month after The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week the IoT struck back again: an estimated half a million IoT devices was used to perform multiple DDoS attacks against Dyn Managed DNS that took around 11 hours to resolve.

Google DNS appears to

Google DNS appears to “live” near me in Amsterdam

High availability usually involves a mix of DNS TTL and/or BGP routing. That’s typically how CDN providers like Cloudflare work (it’s one of the reasons that global DNS servers like Google’s 8.8.8.8 appear near to you and over time routes – some MPLS – to it change). Short DNS TTL can help CDN, requires a very stable DNS infrastructure and is similar to but different fromFast Flux network.

Last months attacks were on a security researcher and a single ISP. The Dyn DNS attack affected even more internet services (not just sites like Twitter, WhatsApp, AirBnB and Github). So I’m with Bruce Schneier that Someone Is Learning How to Take Down the Internet.

Handling these attacks is hard as the DDoS mitigation firms simply cannot handle the sudden increase of attack sizes yet. BCP38 should be part of mitigation, but the puzzle is big and fixing it won’t be easy though root-causes of bugs change as a lot of research is in progress.

I’m not alone in expecting it to get worse though before getting better.

On the client side, I learned that many users could cope by changing their DNS servers to either of these Public DNS Servers:

  • OpenDNS 208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222
    • OpenDNS does a good job of handing “last known good” IPs when they can’t resolve.
  • Google Public DNS 8.8.8.8, 8.8.4.4
  • Level 3 DNS 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6

Some more interesting tidbits on the progress and mitigation on this particular attack are the over time heat-maps of affected regions and BGP routing changes below.

Read the rest of this entry »

Posted in CDN (Content Delivery Network), Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, IoT Internet of Things, Network-and-equipment, Opinions, Power User | Leave a Comment »

Olive – Juniper Clue

Posted by jpluimers on 2016/08/19

The original http://juniper.cluepon.net/index.php/Olive is gone, but the WayBack machine sitll has it: Olive – Juniper Clue

It describes how to install JUNOS on x86/x64 (or emulated) hardware.

–jeroen

via: Can I learn Juniper? : networking

Read the rest of this entry »

Posted in Internet, Juniper, Olive - JUNOS, Power User, routers | Leave a Comment »

Remote VPN to Fritz!Box from Mac OS X: don’t forget to set your Group Name to be the same as the User Name

Posted by jpluimers on 2016/08/01

With en empty Group Name you get this:

No Group Name means no connection

No Group Name means no connection

The bad thing is: the Fritz!Box will not tell you this in any of the logs.

So don’t forget to set the Group Name to be the same as the Account Name in the ….:

Always enter the Group Name in the Authentication Settings

Always enter the Group Name in the Authentication Settings

Then you can successfully connect:

VPN connection succeeded!

VPN connection succeeded!

–jeroen

Read the rest of this entry »

Posted in Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »

domain name system – How to test DNS glue record? – Server Fault

Posted by jpluimers on 2016/05/26

Thanks Adrian W for providing the below example in your answer about obtaining GLUE record information for a domain.

It is an excellent showcase for the $IFS Internal Field Separator available in any nx shell.

In this case it is used to get the TLD (top-level domain) from the domain name specified at the command-line.

After that, it obtains the name servers for that TLD, and queries the glue records there, both using dig.

Here is a little shell script which implements Alnitak’s answer:

#!/bin/sh
S=${IFS}
IFS=.
for P in $1; do
  TLD=${P}
done
IFS=${S}

echo "TLD: ${TLD}"
DNSLIST=$(dig +short ${TLD}. NS)
for DNS in ${DNSLIST}; do
  echo "Checking ${DNS}"
  dig +norec +nocomments +noquestion +nostats +nocmd @${DNS} $1 NS
done

Pass the name of the domain as parameter:

./checkgluerecords.sh example.org

–jeroen

via domain name system – How to test DNS glue record? – Server Fault.

Posted in *nix, Apple, bash, Development, DNS, Linux, Mac, Mac OS X / OS X / MacOS, Mac OS X 10.4 Tiger, Mac OS X 10.5 Leopard, Mac OS X 10.6 Snow Leopard, Mac OS X 10.7 Lion, openSuSE, OS X 10.10 Yosemite, OS X 10.8 Mountain Lion, OS X 10.9 Mavericks, Power User, Scripting, Software Development, SuSE Linux | Leave a Comment »

Multi-WAN routers compared

Posted by jpluimers on 2016/05/20

Mikrotik have statistics and way more features. Of the not so good features on the TP-LINK ER-5120 multi-WAN router (none of which are mentioned in their documentation), the worst 2 are:

  • Virtual-Server table can only handle 32 incoming port redirects
  • no IPv6 support
  • both incoming WAN and outgoing NAT isn’t very stable (my guess it’s a NAT table filling up)

Source: Gigabit Load Balance Broadband Router TL-ER5120 – Welcome to TP-LINK

Source: MikroTik – Forum – Tweakers

RouterBoard RB3011UiAS-RM description. The RB3011 is a new multi port device, our first to be running an ARM architecture CPU for higher performance than ever before. The RB3011 has ten Gigabit ports divided in two switch groups, an SFP cage and for the first time a SuperSpeed full size USB 3.

Source: RouterBoard.com : RB3011UiAS-RM (link has high res images)

Mikrotik RB3011 product page is finally up!
byu/matthaios637 inhomelab

Source: RB3011UiAS-RM – MikroTik RouterOS

The CCR1009 will always be faster, even passively cooled: Source: RB3011 Fan Notice compared to CCR 1009 – MikroTik RouterOS. The passively cooled versions run at a lower clock-speed which you can even make lower yourself:Source: CCR1009-8G-1S-1S+PC lower clock – MikroTik RouterOS. On the active cooled CCR1009, you can replace the fans to make them more quiet: Source: CCR1009-8G-1S-1S+ General info & Questions – Page 2 – MikroTik RouterOS

Note the ports in/out the switch groups on the CCR1009: Source: CCR 1009 switch chip menu – MikroTik RouterOS

RouterBoard CCR1009-8G-1S-1S+PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.

Source: RouterBoard.com : CCR1009-8G-1S-1S+PC

RouterBoard CCR1009-8G-1S-PC description. Our popular 9-core Cloud Core Router is now available in a new passive cooling enclosure. This CCR1009 unit is equipped with two heat-pipes and a specially designed heat-sink, so its completely silent.

Source: RouterBoard.com : CCR1009-8G-1S-PC

Source: Advise: CCR1009-1S-PC – MikroTik RouterOS

Source: CCR1009-8G-1S-1S+ is a BEST ROUTER !!! – MikroTik RouterOS

When the power supply breaks: Source: CCR1009-8G question about part number – MikroTik RouterOS

The actively cooled CCR1009 with lots of pictures and screenshots: Source: CCR1009-8G-1S-1S+ General info & Questions – MikroTik RouterOS

Mikrotik with xs4all

Source: Eigen router achter een XS4ALL-VDSL-aansluiting (2) | Harold Schoemaker

Source: xs4all ftth en Mikrotik router – Google Groups

Heeft iemand van jullie ook ervaring met IPv6 van XS4all met een fritzbox? Ik wil namelijk achter deze fritzbox een mikrotik plaaten en IPv6 door routeert.

Source: IPv6 mikrotik router achter een fritzbox.

Source: [Ervaringen/discussie] MikroTik-apparatuur – Netwerken – GoT

–jeroen

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

Buffalo WLAE-AG300N DHCP client is buggy and adds a NULL character to the host name.

Posted by jpluimers on 2016/05/13

Buffalo WLAE-AG300N is one of those buggy DHCP clients… Even running firmware Ver.1.85 (R1.05/B1.00)), it gets the length of the DHCP host name wrong so adds a bogus NULL byte to that name.

@Buffalo: please fix this.

The DHCP client options are of structure Type/Length/Value so a client is supposed to set the length of the hostname to exactly the number of characters.
However there exist buggy clients that either send a length of 1 more and a \00 at the end of the name, or send a fixed length and pad it with \00 as necessary.

Source: DHCP server: Odd active hostname behaviour: some views have null character at the end, some don’t. – MikroTik RouterOS

Fromt a packet capture:

Buffalo WLAE-AG300N gets the length of the DHCP name wrong and inserts an extra NULL character.

Buffalo WLAE-AG300N gets the length of the DHCP name wrong and inserts an extra NULL character.

This besides these devices also not automatically powering up when power goes out and comes back up

Mikrotik packet capture and viewing it in Wireshark

Anyway: getting and displaying the packet capture was quite easy:

  1. In Winbox (or from the console):
    1. Tools ->
    2. Packet Sniffer ->
    3.  General tab: set filename and file limit, then click Apply
    4. Filter tab: choose the interface, protocol (UDP) and port (67), then click Apply
    5. Click Start
    6. Wait for the DHCP refresh to happen
    7. Click Stop
  2. In Winbox (or from the console):
    1. Files -> Choose the captured file -> Download
  3. In your file manager, ensure the downloaded file gets the .pcap extension
  4. In Wireshark: load the .pcap file and inspect it

 

–jeroen

Posted in Access Points, Buffalo, Internet, MikroTik, Power User, routers | Leave a Comment »

MikroTik CHANGELOG_6 link

Posted by jpluimers on 2016/05/06

In the absence of http://www.mikrotik.com/download/CHANGELOG_6 (somehow it’s unreachable where I live) here links that do work:

–jeroen

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

Happy birthday .nl top-level domain for getting 30 today

Posted by jpluimers on 2016/04/25

I remember this happening when I was almost starting the studies at University: the Netherlands getting their country code top-level domain in 1986: at first mostly universities and research institutions were getting their .nl domains.

Today 30 years ago .nl came into existence and the first research institution domain here was cwi.nl (the research institution for math and informatics) as it handled the registrations (for years Piet Beertema did that, even before he hooked CWI to NFSnet in 1988).

This was the era of uucp – way before the web – which handled a lot of the mail traffic, but not the only one as back-then my HLERUL5.bitnet email address wasn’t even tied to the .nl dmain back then: it ran over DECnet based Mail-11 software. So it took a few more years before I got a .nl email address that the university and one of the reasons I still use a jeroenp account on many systems, for instance a few more years later when I got jeroenp@dragons.nest.nl at home.

This was way after the first commercial companies got their .nl toplevel domains, for instance and.nl was registered very early on (and Jos Horsmeier was very active).

So: happy birthday .nl and a bit thank you for all the people involved in getting .nl into existence.

–jeroen

Source: .nl – Wikipedia, the free encyclopedia

Posted in History, Internet, Power User | Leave a Comment »

“Comprehensive Guide to pfSense 2.3” and “pFsense Firewall setup and Features in depth March 2016”

Posted by jpluimers on 2016/04/25

Now that pfSense 2.3 is out some videos:

–jeroen

Read the rest of this entry »

Posted in Internet, pfSense, Power User, routers | Leave a Comment »

difference between ADSLfiber and fiberfiber when both are @xs4all.

Posted by jpluimers on 2016/03/28

20150412 ping statistics from WiFi -> ADSL -> VPN -> fiber (where ADSL and fiber both are Fritz!Box machines having LAN-LAN VPN to each other):

PING 192.168.71.1 (192.168.71.1): 56 data bytes
64 bytes from 192.168.71.1: icmp_seq=0 ttl=63 time=19.190 ms
...64 bytes from 192.168.71.1: icmp_seq=1 ttl=63 time=18.905 ms
64 bytes from 192.168.71.1: icmp_seq=2 ttl=63 time=19.261 ms
64 bytes from 192.168.71.1: icmp_seq=3 ttl=63 time=19.982 ms
64 bytes from 192.168.71.1: icmp_seq=4 ttl=63 time=19.332 ms
64 bytes from 192.168.71.1: icmp_seq=5 ttl=63 time=26.800 ms
64 bytes from 192.168.71.1: icmp_seq=6 ttl=63 time=20.139 ms
64 bytes from 192.168.71.1: icmp_seq=7 ttl=63 time=19.498 ms
64 bytes from 192.168.71.1: icmp_seq=8 ttl=63 time=18.915 ms
64 bytes from 192.168.71.1: icmp_seq=9 ttl=63 time=19.200 ms
64 bytes from 192.168.71.1: icmp_seq=10 ttl=63 time=18.948 ms
64 bytes from 192.168.71.1: icmp_seq=11 ttl=63 time=19.524 ms
64 bytes from 192.168.71.1: icmp_seq=12 ttl=63 time=19.511 ms
64 bytes from 192.168.71.1: icmp_seq=13 ttl=63 time=20.417 ms
64 bytes from 192.168.71.1: icmp_seq=14 ttl=63 time=19.350 ms
64 bytes from 192.168.71.1: icmp_seq=15 ttl=63 time=18.690 ms
64 bytes from 192.168.71.1: icmp_seq=16 ttl=63 time=18.632 ms
64 bytes from 192.168.71.1: icmp_seq=17 ttl=63 time=18.912 ms
64 bytes from 192.168.71.1: icmp_seq=18 ttl=63 time=19.397 ms
64 bytes from 192.168.71.1: icmp_seq=19 ttl=63 time=19.257 ms
64 bytes from 192.168.71.1: icmp_seq=20 ttl=63 time=18.147 ms
64 bytes from 192.168.71.1: icmp_seq=21 ttl=63 time=18.601 ms
^C
--- 192.168.71.1 ping statistics ---
22 packets transmitted, 22 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 18.147/19.573/26.800/1.657 ms

same but LAN –> fiber -> VPN -> ADSL

Pinging 192.168.24.1 with 32 bytes of data:
Reply from 192.168.24.1: bytes=32 time=19ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=18ms TTL=63
Reply from 192.168.24.1: bytes=32 time=18ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=18ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=18ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63
Reply from 192.168.24.1: bytes=32 time=17ms TTL=63

Ping statistics for 192.168.24.1:
    Packets: Sent = 24, Received = 24, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 19ms, Average = 17ms

–jeroen

Posted in ADSL, fiber, Fritz!, Fritz!Box, Internet, Network-and-equipment, Power User, routers, VPN | Leave a Comment »

« Previous Entries
Next Entries »