evilrouters.net

I’d love to give credit for this because it’s awesome, but I have no idea where it originated.

'Twas the night before Christmas, when all through the LAN
No malware was stirring, not even LoveSan;
The firewalls were racked by the router with care,
In hopes that no hacker soon would be there;

The users were nestled all snug in their beds,
While visions of emails danced in their heads;
And me with my MacBook, and fresh packet cap,
Had just settled down for a long winter's nap,

When out from the pager there arose such a clatter,
I sprang to my desk to see what was the matter.
Away to the browser I flew like a flash,
Came through the VPN and refreshed the cache.

The sign on the certificate gave me to know
The session was safe, so I opened it - Lo!
When, what to my wondering eyes should appear,
But a miniature email, and in text that was clear,

With a new device driver, with a quick "ho ho ho",
I knew in a moment it was our CSO.
More rapid than eagles his memos they came,
And he whistled, and shouted, and called them by name;

"Now, firewall! now, filter! now, intrusion detection!
On, event correlation! deep packet inspection!
Build layered defense! to the top of the wall!
Now block away! block away! block away all!"

As alarms that before the wild network worm fly,
When they meet with my console, mount up to the sky,
So up to the network the sensors they flew,
With the rack full of gear, and the CSO too.

And then, with a twinkling, I heard on my cell
The custom ring-tone - the network was well.
As I drew in my hand, and was turning around,
Down to my inbox he came with a bound.

His message was brief, what was afoot?
Were servers and systems safe at the root?
A bundle of appliances stacked on his rack,
And he looked like a peddler just opening his pack.

Their lights -- how they twinkled! Their vendors - how merry!
They stopped all attacks, they paged my BlackBerry!
The poor little hackers were drawn up like a bow,
And tied up in knots in the honeypot below;

The stump of net packets held tight in our teeth,
With logs all analyzed, traceroutes were a breeze;
Our policies sound, vulnerabilities patched,
Our security systems just could not be matched.

He was chubby and plump, a right jolly old elf,
And I laughed when I saw him, in spite of myself;
A wink of his eye and a twist of his head,
Soon gave me to know I had nothing to dread;

He spoke not a word, but went straight to his audit,
tested the firewalls; then turned to report it,
And laying his finger aside of his nose,
And giving a nod, up our T3 he rose;

He sprang to his limo, gave his consultants a whistle,
And away they all flew like the down of a thistle.
But I heard him exclaim, ere he drove out of sight,
"HAPPY CHRISTMAS TO ALL, AND TO ALL A GOOD-NIGHT!"

To whomever wrote this, thank you. Excellent piece.

"A" is for Arrogance, properly done.
"B" is for Bastard, the New Zealand one.
"C" is for Cynic, jaded and tired;
    it's also for Caffeine, which keeps us all wired.
"D" for Delete, we'll do it to you;
"E" for 31337, the skr1pt-k1ddie's due.
"F" is for Format(1M), we use it on disks,
"G" is the middle name of the guy who does RISKS.
"H" for the Hubris that makes lusers luse;
"I"'m the Important one, the person who su(8)'s.
"J" is for Jaded, see "C" above;
"K" is for Kill(1), a command we all love.
"L" is for Luser, the sysadmin's bane,
"M" with a "4" keeps the mail gurus sane.
"N" is for No, whatever the question,
"O" is for Octal, the way of permissions.
"P" is for Password, have you changed yours lately?
"Q" is for Quotas, which simplify greatly.
"R" is for Random, a most useful quality,
"S" I can't tell you, it's against policy.
"T" is for TECO, a very old editor,
"U" is for Unix, which has no competitor.
"V" is the System whose Release 4 we wrestle with,
"W" is for W(1), to see who(1) we nestle with.
"X" is the windowing system from Hell,
"Y" do we use it?  The rest suck as well!
"Z" is for Zero, indicating success
    It terminates programs -- and alphabets, yes.

–Unknown

Several weeks ago, Chris at IIS Hacks posted a rant entitled “What Ruined the Internet?”. I just came across it and am linking to it just because of the awesome intro paragraph that took me on a quick trip down memory lane:

“I’ve been around the Internet since long before the “Dot-Com Bubble”, when we had to get our MP3s from IRC and use Blade’s Encoder for the command line. Slashdot was just starting up, ICQ was the only instant messenger around, and Winamp really did whip the Llama’s ass. Those were the days…or were they?”

I don’t necessarily agree with the rest of his rant, but he got one thing right: Those really were the days…

Two 7200s connected back to back via their serial 2/0 ports. Bring up a link, establish a BGP neighbor relationship between them and then kill your router. The cool thing is, you can even do it from unprivileged mode:

c7200-b# conf t
c7200-b(config)# int loopback 0
*Dec  6 19:36:57.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
c7200-b(config-if)# ip address 192.168.1.1 255.255.255.0
c7200-b(config-if)# interface serial 2/0
c7200-b(config-if)# ip address 10.0.0.2 255.255.255.252
c7200-b(config-if)# no shutdown
c7200-b(config-if)#
*Dec  6 19:37:13.875: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
c7200-b(config-if)#
*Dec  6 19:37:13.879: %ENTITY_ALARM-6-INFO: CLEAR INFO Se2/0 Physical Port Administrative State Down 
c7200-b(config-if)#
*Dec  6 19:37:14.883: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
c7200-b(config-if)# do ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/24 ms
c7200-b(config-if)# router bgp 65001
c7200-b(config-router)# neighbor 10.0.0.1 remote-as 65000
c7200-b(config-router)# network 192.168.1.0 mask 255.255.255.0
c7200-b(config-router)# end
c7200-b#
*Dec  6 19:37:36.911: %SYS-5-CONFIG_I: Configured from console by console
c7200-b#
*Dec  6 19:37:40.919: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up 
c7200-b# show ip bgp
BGP table version is 3, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.0.0      10.0.0.1                 0             0 65000 i
*> 192.168.1.0      0.0.0.0                  0         32768 i
c7200-b# exit

Then, while in unprivileged mode…

c7200-b> show ip bgp version 3

…and that’s it. From the other router, we see that it’s down:

c7200-a> ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
c7200-a>

And a moment later we’ll see the BGP adjacency go down:

*Dec  6 19:42:59.419: %BGP-5-ADJCHANGE: neighbor 10.0.0.2 Down Interface flap
c7200-a>

I’m real tempted to ditch Twitter.

I interact with Twitter in three ways:

• through their web site
• through SMS
• through ping.fm

Most of my interaction with Twitter is through SMS. Nearly all of the updates that I receive from Twitter are via SMS. I “follow” a number of people (74, as I write this) but receive updates via SMS for perhaps only a third of those. I started out having everyone’s updates sent to me via SMS, but some people either 1) post way too frequently and end up annoying the shit out of me or 2) just don’t say enough interesting things (e.g., the “signal-to-noise” ratio is way outta control).

Most (but not all) of my updates are done through ping.fm. My BlackBerry has an AIM client and that’s how I communicate with ping.fm. I send updates to “pingfm” on AIM and those are broadcasted out to Facebook, Pownce (which I hardly ever use), and Twitter. This is nice because I can update Twitter and Facebook at the same time. Because I don’t want every update going to Facebook (e.g. “@ replies”), I usually send those back to Twitter as an SMS.

Last, if I’m at home and on the computer I usually keep Twitter open in a tab and occasionally refresh it, just to keep up on everyone that I don’t receive SMS updates for.

When I first signed up for Twitter, my primary method of interacting with it was via IM. The “track” feature was awesome and allowed me to find others who had similar interests as mine. Once the shit hit the fan with regard to IM (in other words, when it became massively unreliable), they pulled support for it. Suckage.

Then, several months ago, the Twitter service as a whole became extremely unreliable for a good period. A number of folks jumped ship then. I almost did, but I stuck around.

Today, I read on the Twitter blog that they pulled support for receiving SMS updates in Canada (due to rising costs). Since Twitter has no apparent business model (and, it seems, isn’t generating any revenue), it makes sense to assume that eventually the cash supply will be running low. At some point, they’ll pull support for SMS updates in the U.S. as well, at which time I’ll really have no use for the service anymore.

Maybe I should just get out now.

Are there any viable alternatives? It’d be nice to be able to send and receive updates via SMS. I’d be content with receiving updates via SMS and sending updates through another method (e.g. ping.fm, web only, etc.). What are my choices?

While browsing through my archives tonight, my thoughts went back to the reliable little Buffalo WHR-G125 router/access point over in the corner. Back in January, I wrote about having issues with my MacBook’s wireless and upgrading to — at the time — the latest version of DD-WRT to see if it would help with the issues.

Many months have passed since then and the wireless issues have went away. Unfortunately, I don’t really remember when they went away. I’m not sure if it had anything to do with the firmware upgrade or not.

Regardless, I browsed over to the DD-WRT site again to see if there was newer firmware available. There was, so I decided to upgrade. Upgrading to the latest version was really easy:

[jlgaddis@cleveland ~]$ ssh root@ap
root@ap's password:
root@router:~# cd /tmp
root@router:/tmp# wget http://tinyurl.com/5qv69u
root@router:/tmp# write dd-wrt.v24_vpn_generic.bin linux

At this point, we have a few minutes to kill. The flash memory isn’t the fastest in the world, and it’ll take a bit to save the file to flash. Once it’s done and our prompt has came back back, we just need to reboot.

root@router:/tmp# reboot

Give the router a minute or two to reboot, and we should be able to login again:

[jlgaddis@cleveland ~]$ ssh root@ap
DD-WRT v24 vpn (c) 2008 NewMedia-NET GmbH
Release: 07/27/08 (SVN revision: 10011)
root@ap's password:
==========================================================

 ____  ___    __        ______ _____         ____  _  _
 | _ \| _ \   \ \      / /  _ \_   _| __   _|___ \| || |
 || | || ||____\ \ /\ / /| |_) || |   \ \ / / __) | || |_
 ||_| ||_||_____\ V  V / |  _ < | |    \ V / / __/|__   _|
 |___/|___/      \_/\_/  |_| \_\|_|     \_/ |_____|  |_|

                       DD-WRT v24
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.11.1 (2008-07-27 16:20:53 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@router:~# exit
Connection to ap closed.
[jlgaddis@cleveland ~]$

until a few minutes ago, i had a cisco 3620 acting as my internet router. i pulled it out of commission and put a cisco asa 5505 in its place. i decided to run a speed test, and here are the results:

i thought i only had 10 mbps downstream, which is pretty much the limit on the 3620’s nm-1e2w network module i was using to connect to the cable modem. i’m glad i swapped ‘em out!

who can identify this gear? we’re moving into a new building and all this telecom gear is in there. i’m curious what each and every piece is/what it does.

if you can identify it, please leave a comment below. thanks!

you can view the originals photos (higher resolution) on my flickr photostream.

if you need a beta code for ping.fm, use “pingofpings”. it worked for me a few minutes ago.

what is ping.fm?

ping.fm was created for the sole purpose of making it as easy as possible to share your posts with the world. now you don’t have to fumble around the web in order to post anymore, you can just post once, and be done with it.

the idea came about when making some posts to twitter and tumblr . the idea of posting the exact same information in two places seemed a bit tedious, so ping.fm was born.

if you happen to be going to cfunited (like me) next week, be sure to read through the cfunited attendee packet — some good info in there to know ahead of time.

this will be my first time attending cfunited and my first time in washington, dc, in about 15 years. anything i should know beforehand? =)