The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Network-and-equipment’ Category

« Previous Entries
Next Entries »

Just blocked 95.131.[184|185|186|190|191].0/24 on my firewall because suspicious port scanning @WillHillBet

Posted by jpluimers on 2016/11/02

I just blocked these IP subnets on my routers:

  • 95.131.184.0/24
  • 95.131.185.0/24
  • 95.131.186.0/24
  • 95.131.190.0/24
  • 95.131.191.0/24

Within a day they managed to get 60+ IP addresses from these subnets into my port-scanner blacklists because of suspicious port scanning activities.

They mostly belong to Whg (International) Limited, Gibraltar and Whg (International) Limited, United Kingdom  which seem to be related to William Hill Organization Ltd, United Kingdom that I just blocked before.

If the situation continues I’m going to block the 95.131.184.0/26 superblock as well:

–jeroen

Continuation of Just blocked 141.138.130.0/24 and 141.138.131/24 on my firewall because suspicious port scanning @WillHillBet « The Wiert Corner – irregular stream of stuff

Posted in Internet, Network-and-equipment, Power User | Leave a Comment »

Just blocked 141.138.130.0/24 and 141.138.131/24 on my firewall because suspicious port scanning @WillHillBet

Posted by jpluimers on 2016/11/02

I just blocked these IP subnets on my routers:

  • 141.138.130.0/24
  • 141.138.131.0/24

Within a day they managed to get 80+ IP addresses from these subnets into my port-scanner blacklists because of suspicious port scanning activities.

They all belong to William Hill Organization Ltd, United Kingdom.

If the situation continues I’m going to block the superblock as well:

–jeroen

Posted in Network-and-equipment, Power User | 5 Comments »

Comcast: a tool to similate network problems on BSD and Linux – tylertreat/comcast

Posted by jpluimers on 2016/11/01

At first I thought Comcast was a really good joke by Kristian Köhntopp, but it is actually a really cool open source tool with an appropriate name:

Comcast is a tool designed to simulate common network problems like latency, bandwidth restrictions, and dropped/reordered/corrupted packets.

It is written in go and works on BDS and derivatives (including Mac OS X). It could probably made to work on Windows too.

The source is on Github: tylertreat/comcast

–jeroen

via: »Comcast is a tool designed to simulate common network problems like latency,…

Posted in Communications Development, Development, Internet protocol suite, Network-and-equipment, Software Development, TCP | Leave a Comment »

Another +ESP8266 gizmo, this time to automatically reboot your router…

Posted by jpluimers on 2016/10/28

Another +ESP8266 gizmo, this time to automatically reboot your router if connection is lost in order to get 24/7 connectivity. – Jean-Luc Aufranc – Google+

Source: Another +ESP8266 gizmo, this time to automatically reboot your router if…

Posted in Internet, Power User, routers | Leave a Comment »

I don’t have #IoT. I have #LoT. LAN of things. 

Posted by jpluimers on 2016/10/24

Interesting thought:

I don’t have #IoT. I have #LoT. LAN of things. My gadgets have no default gateway and cannot talk to the internet. Simple. Now I’m hoping for broad supp… – Jan Wildeboer – Google+

Devices in a separate LAN (or VLAN) with no default gateway and some firewall rules to access them from your regular LAN and update them through FWUPD an open source firmware update.

Sounds like a dream? We should all make it come true!

Read I don’t have #IoT. I have #LoT. LAN of things. for more ideas.

–jeroen

Posted in IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

The IoT strikes back again: half a million IoT devices killed DYN DNS for hours, but fixing this will be hard

Posted by jpluimers on 2016/10/22

Less than a month after The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week the IoT struck back again: an estimated half a million IoT devices was used to perform multiple DDoS attacks against Dyn Managed DNS that took around 11 hours to resolve.

Google DNS appears to

Google DNS appears to “live” near me in Amsterdam

High availability usually involves a mix of DNS TTL and/or BGP routing. That’s typically how CDN providers like Cloudflare work (it’s one of the reasons that global DNS servers like Google’s 8.8.8.8 appear near to you and over time routes – some MPLS – to it change). Short DNS TTL can help CDN, requires a very stable DNS infrastructure and is similar to but different fromFast Flux network.

Last months attacks were on a security researcher and a single ISP. The Dyn DNS attack affected even more internet services (not just sites like Twitter, WhatsApp, AirBnB and Github). So I’m with Bruce Schneier that Someone Is Learning How to Take Down the Internet.

Handling these attacks is hard as the DDoS mitigation firms simply cannot handle the sudden increase of attack sizes yet. BCP38 should be part of mitigation, but the puzzle is big and fixing it won’t be easy though root-causes of bugs change as a lot of research is in progress.

I’m not alone in expecting it to get worse though before getting better.

On the client side, I learned that many users could cope by changing their DNS servers to either of these Public DNS Servers:

  • OpenDNS 208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222
    • OpenDNS does a good job of handing “last known good” IPs when they can’t resolve.
  • Google Public DNS 8.8.8.8, 8.8.4.4
  • Level 3 DNS 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6

Some more interesting tidbits on the progress and mitigation on this particular attack are the over time heat-maps of affected regions and BGP routing changes below.

Read the rest of this entry »

Posted in CDN (Content Delivery Network), Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, IoT Internet of Things, Network-and-equipment, Opinions, Power User | Leave a Comment »

The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week

Posted by jpluimers on 2016/09/30

Many people – me included – complain about the sadness of IoT device security.

It seems the hackers found out it’s time to take advantage of that as within a week both these attacks by IoT devices took place:

The first already suspected IoT devices, the latter confirmed it were ~ 150-thousand hijacked cameras and DVRs [WayBack] performing the attack.

Or in short:

The IoT strikes back

Few parties can cope with this kind of traffic (Akamai had to stop their pro bono servicing of Krebs on Security; it took a few days and a lot of effort for Google’s Project Shield to take over).

So I’ve a few questions for anyone running IoT devices:

  1. How secure are your IoT devices?
  2. Have you confined them to a network that’s easily filtered/shut-down in case of emergency?

Edit 20161004:

–jeroen

Source: Da ist einiges neu an dem Fall: 1) Ein bisher unbekanntes Botnetz. a) Das neue…

Posted in IoT Internet of Things, Network-and-equipment, Power User | 1 Comment »

Some cURL links with tips I used doing some Fritz!Box scripting research

Posted by jpluimers on 2016/09/29

I needed to script a few things on my Fritz!Box. Here are the cURL links that I used to research some Fritz!Box scripting.

My first try was wget, but that didn’t do everything I need, so cURL came to the rescue.

In the end, I didn’t need cookies (a post request with an MD5 based handshake sufficed to get a session SID which is not stored in a Cookie), but that surely will come in useful another time.

Curl man page entries:

The script is and docs are here: jpluimers/bash-fritzclient.

–jeroen

Posted in *nix, bash, cURL, Development, Fritz!, Fritz!Box, Network-and-equipment, Power User, Scripting, Software Development, wget | Leave a Comment »

Jark/FTDISample: Note: As of version 10556.0 the ftdi driver does no longer seem to work. A sample application showcasing the FTDI D2XX driver use in Windows Universal projects (UWP). This sample is tested on the Raspberry PI 2 with Windows IOT installed and a FTDI FT232R usb-to-serial adapter.

Posted by jpluimers on 2016/09/22

Source: Jark/FTDISample: Note: As of version 10556.0 the ftdi driver does no longer seem to work. A sample application showcasing the FTDI D2XX driver use in Windows Universal projects (UWP). This sample is tested on the Raspberry PI 2 with Windows IOT installed and a FTDI FT232R usb-to-serial adapter.

Yeah, I couldn’t get this working either. I’m not sure where ReadTimeout is actually used by the SerialDevice class internally. But I did end up getting something working by copying the timeout to a

Source: c# – Unable to use SerialDevice.ReadTimeout in Windows 10 IoT – Stack Overflow

Source: Raspberry Pi • View topic – Windows 10 IoT Core Simple Serial Example not working

Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Software Development | Leave a Comment »

Olive – Juniper Clue

Posted by jpluimers on 2016/08/19

The original http://juniper.cluepon.net/index.php/Olive is gone, but the WayBack machine sitll has it: Olive – Juniper Clue

It describes how to install JUNOS on x86/x64 (or emulated) hardware.

–jeroen

via: Can I learn Juniper? : networking

Read the rest of this entry »

Posted in Internet, Juniper, Olive - JUNOS, Power User, routers | Leave a Comment »

« Previous Entries
Next Entries »