Time To Name And Shame The “Bad” ISPs – It’s Not Just NTP DDoS!

 Computing, Security  No Responses »
Feb 222014
 

Having had a wee bit of fun at work dealing with an NTP DDoS attack, I feel it is long past time to tackle the root cause of the problem – the ISP’s who have neglected to implement ingress/egress filtering despite it being considered best practice for well over 15 years. Yes, longer than most of us have been connected to the Internet.

It is easy to point at the operators of NTP services that allow their servers to be used as attack amplifiers. And yes these insecure NTP servers should be fixed, but given the widespread deployment of NTP in everything it could take up to a decade for a fix to be universally deployed.

And what then? Before the widespread use of NTP for the amplification distributed denial of service attacks, DNS was commonly used. And after NTP is cleaned up? Or even before? There are other services which can be exploited in the same way.

But the way that amplification attacks are carried out involves two “vulnerabilities”. In addition to the vulnerable service, the attacker forges the packets they send to the vulnerable service so that the replies go back to the victim. Essentially they trick the Internet into thinking that the victim has asked a question – millions of times.

Forging the source address contained within packets is relatively easy to do, and it has been known about for a very long time and the counter-measure has also been known for nearly as long. To put it simply, all the ISP has to do is to not allow packets to exit their network(s) which contain a source address that does not belong to them. Yet many ISPs – the so-called “bad” ISPs – do not implement this essential bit of basic security. The excuse that implementing such filters would be impossible with their current routers simply doesn’t wash – routers that will do this easily have been on the market for many years.

It is laziness pure and simple.

These bad ISPs need to be discovered, named, and shamed.

Mining The ฿itcoin “Bubble”

 Computing, General, Security  No Responses »
Feb 102014
 

So I’ve heard about this strange Bitcoin stuff for ages, but never found the time to look into it, until now. It cropped up at work, s I thought I should get acquainted. And this blog posting is an expression of my level of understanding, so it could well be wrong in places.

Certainly don’t take any of this as financial advice!

Bitcoin is a digital cash currency, but what does that mean?

Well the “cash” bit is understandable; it is normally expressed as a ‘peer-to-peer’ currency but essentially I hand over to you a certain number of bitcoins in exchange some agreed goods or services. Just the same as if I paid you in an ordinary currency in the form of cash.

It is a bit more complex than that as transactions have to be computationally confirmed. Or to put it another way, once you transfer the bitcoins, the transfer has to be independently verified which takes some time. The average seems to be about 8 minutes. So not quite the same as cash then; on the other hand it should be as anonymous as cash – perhaps even more so.

The “currency” bit is a tad more controversial. There’s more than a few governments that declare that bitcoins aren’t a currency but behaves more like a commodity (like gold). Of course they may be speaking with a forked tongue, or simply warning of the dangers of using bitcoins. Fundamentally a currency is a medium of exchange – so if you can find something to buy with your bitcoins, or you are prepared to sell goods or services for bitcoins, it is a currency for you.

Lastly the “digital” bit is where it can get a bit complex, so I won’t be trying. To put it very briefly, a bitcoin is a long string of digits that has been “discovered” (or more accurately mined) according to some complex calculation and then independently verified. It also includes details of all previous transactions that have occurred. The obvious question here is how is it that bitcoins cannot be forged?

There is no answer to that question without getting involved in the details of how bitcoins work computationally, but it is commonly held to be impossible without access to enough computational power to overwhelm the combined computational power of the bitcoin miners.

The Bitcoin “Bubble”?

In conventional economics a bubble is essentially some activity that becomes massively over valued and eventually loses it’s value. Examples include the South Sea Bubble, and the dot-com bubble. There are those who claim that bitcoin shares characteristics with famous historical bubbles, which is a very easy thing to say.

After all, no bubble is a bubble until it has been popped; at least in economics.

The trouble is that bitcoins are essentially worth what people agree they are worth. If everyone turned around tomorrow and agreed that they were worthless, you wouldn’t be able to spend them.

Which makes them the same as practically all modern currencies – the pound, the dollar, the euro. They are all backed not by silver or gold, but people’s confidence. Bitcoins are subject to much larger fluctuations than ordinary currencies which is at least partially a result of the small size of the bitcoins marketplace and the effect of external events such as China banning bitcoins.

The Wallet

To make use of bitcoins, you need a wallet to put them into. This is essentially an application that processes bitcoin transactions and keeps a record of how many bitcoins there are in the wallet. Full-blown wallets (such as one of the earliest – Bitcoin-QT) keep a full record of the bitcoin transactions to fully verify bitcoins; mobile wallets are less capable. Whilst there are still protections in mobile wallets, you may wish to be less trusting with mobile wallets until you know more about this than I do!

Once you have a wallet fully set up – which can take several days due to the large number of transactions it needs to download – you can start using it. Of course initially it will be empty, so you will be unable to buy anything, but you will be able to set up addresses for people to send you bitcoins which will look like 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa.

Yes that’s a real address – it’s my “donation” address – and you are more than welcome to send me a coin or two. Or more realistically a tiny fraction of a coin.

Once you have something in your wallet, you can send bitcoins to addresses like the one above … or perhaps another address in return for something useful!

Mining Bitcoins

Previous sections have indicated that there is something called “mining” and that a great deal of computational power is behind the workings of the bitcoin network. Numerous volunteers contrib computer power – almost always using special hardware to do so – in the hope of making money.

Can you make money? Yes, but probably not enough to pay for the increased electricity bill and almost certainly not enough to pay back the initial hardware investment. People who got into mining earlier may have made a bit of money – when you could effectively mine with ordinary computer power, but unless you are prepared to invest many thousands of pounds on a regular basis it is unlikely that you will see anything like a reasonable return.

And this is probably bitcoin’s biggest weakness. The bitcoin network needs miners to validate all of the transactions that go on, and in the future, there may be a lack of volunteers if the return is not reasonable.

But of course I might be discouraging you as I’m mining a bit myself – and the more miners there are, the fewer bitcoins there are for me 🙂

“Mounting” A VDI Image Under Linux

 Computing, Working Notes  No Responses »
Feb 042014
 

So I found myself in the position of wanting to poke around the file system of a virtual Windows machine – the kind of poking around you would prefer I didn’t if it were your Windows machine – and needed to make a VDI disk image available as a block device under Linux so it could be mounted in the normal fashion.

Googling around found some instructions; which didn’t work properly. Solutions were also available, but I’m writing up the ‘fixed’ instructions here to save myself time in case I need it again.

First step is to become root; if you need help doing that, this is probably the wrong page for you!

Next step is to install the Debian package qemu-utils which contains the tool qemu-nbd which we’ll need later. We also need to load the network block device module with a parameter :-

apt-get install qemu-utils
modprobe nbd max_part=16

This parameter is the key here – for some reason the default on at least some of my Linux machines is not to create additional block devices for any additional partitions that show up.

The next step is to ‘attach’ the VDI image (or presumably anything supported by qemu-img which covers pretty much everything popular) and tell the Linux kernel that there may be some new partitions to create device files for :-

qemu-nbd -n -c /dev/nbd0 disk.vdi
partx -a /dev/nbd0
partx: /dev/nbd0: error adding partitions 1-2

(Added the “-n” flag after reading about some more problems and a work-around; as I haven’t tested it, be careful!)

The error from partx indicates that qemu-nbd managed to create the partitions itself, but there are hints that this sometimes doesn’t happen so I’ve included the command here “just in case”. Once the partition block devices are present, they can be used as any ordinary devices.

Once finished, unmount anything mounted and release the block device with :-

qemu-nbd -d /dev/nbd0
rmmod nbd

The New Cold War

 Computing, General, Politics, Security  No Responses »
Jan 272014
 

I’m old enough enough to remember the tail end of the real cold war between the West and the old Soviet Union when we were waving nuclear missiles at each other. And threatening each other with nuclear annihilation.

So it is a bit of an exaggeration to speak of a new cold war when the threat is nowhere near as apocalyptic. But if you take a look at how the old cold war was fought – with espionage, and signals intelligence – you begin to realise we do have a new cold war. Intelligence agencies around the world are cooperating in fighting against a new enemy.

Us.

Oh, they’ll defend themselves by saying that it’s not the normal man or woman in the street they are worried about, but but the terrorists in our midst they are targeting. But to do that they have to spy on us.

They’ll say that they are not spying on the people in their own country; just on those sneaky foreigners. But when GCHQ spies on US citizens, they pass the information they obtain to the NSA; and the NSA passes information on their spying activities to GCHQ.

Which means that what little protection we have against our own intelligence agencies spying on us is effectively meaningless.

How Old Is The Internet?

 Computing, History  No Responses »
Jan 172014
 

There is no clear answer to the question of how old the Internet is. For different definitions of the “Internet”, there will be different starting dates.

For instance, it is commonly held that the pre-cursor to the Internet – ARPANET – could not be called the Internet. And it is true that ARPANET was not the same as today’s Internet even at the lowest possible level. But there is a commonality to ARPANET standards through Internet standards – the very first RFC (issued in 1969) to one of the very latest (RFC7115) are all part of the same body of work.

And whilst the overwhelming majority of ARPANET era standards have been superceeded, there are a few that are still valid today. For example, an early standard for the names of hosts which restricts what characters can be used is still valid and (for example) restricts the names that can be used in email addresses – see RFC608 (it has been updated but the essential restrictions remain).

The next milestone in the history of the Internet came when the older NCP protocol was replaced with TCP/IP in 1982 (actually the “flag day” was 1st January 1983); this immediately raised the possibility of joining networks together and to route between them. Previous to this, different networks had gateway machines which were connected to two (or more) networks. Before the Internet took off, there were more than a few precursor networks – MERIT, JANET, BitNET, …; all of which used different network protocols.

Gateway machines would typically only gateway certain kinds of application traffic from one network to another; typically email was the bare minimum leading to services which would send information via email – at one point you could even “browse” the web using email!

Routing on the other hand allowed end to end communication so it was possible to use applications directly.

The next milestone was allowing commercial traffic on the Internet. The earliest networks were founded for research purposes by the American military or academic organisations, and prohibited commercial traffic Until the core networks allowed commercial traffic we wouldn’t have seen the Internet as we see it today.

There are plenty of other milestones – some would include the foundation of the world wide web (in 1991 and not 1993) as one of the most important. I don’t; simply because it was something that was bound to happen in one way or another.

 Older Entries  Newer Entries