Opensourced my s/RTBH implementation
Tuesday April 10th 2012, 6:07 pm
Filed under: Writings

Finally, after 2.5 years of trying, coding, refactoring and rebuilding, I’ve finally released my s/RTBH implementation. This implementation is built using python/postgresql, is feeded through regexp-based rules on top of a syslog-feed together with a cli-tool to list ip’s. The actual s/RTBH implementation uses templated bird configuration files to insert new ip’s into iBGP.\

This implementation is hosted on github. When writing this, I didn’t want to release this, but since there isn’t any implementation of it, I’ve decided to release it as-is. This means that you will run into a *lot* of trouble getting this to run, unless you’ve replicated the configuration that’s on my OpenBSD/Alpha box I used to develop this. Work is being done to port the code to a ‘generic’ debian-squeeze-amd64 box, but this will take quite some time.

For the future I’m going to maintain this release, but I’m also going to try PoC’s in switching from Django to Bottle, and from PostgreSQL to MongoDB. This will be handled in a different release.



Replaced GnuPG key
Friday March 09th 2012, 12:50 pm
Filed under: Writings

Due to an issue with my laptop, I’ve lost my previous GnuPG key (0xE335B1F1). I’ve created a new key and uploaded it to the keyservers, so it should be synchronized within a couple of hours. This also means that if you’re currently in posession of my public key, you’ll have to replace it. The key details are:

ID: 0x11FCBF2A
Fingerprint: 756E 845C 0A88 75FF C750 1E7E 9723 E0DF 11FC BF2A

A copy of this public key can be found here.



New howto section
Thursday March 31st 2011, 2:52 pm
Filed under: Writings

I’ve added a new section to this website containing links to howto’s I’ve written. You can find it here or by clicking the link on the left. The first howto is about using an Alladin eToken Pro 72k with Debian, which you can find here.



BGP4-MIB support for Bird
Thursday February 24th 2011, 4:05 pm
Filed under: Software

I’ve written a small python daemon which exposes parts of Bird through an AgentX interface under the BGP4-MIB. This allows you to poll the BGP status of your Bird installs through SNMP, which in turn allows you to import this status information into applications (for instance, Observium). Unfortunately, BGP4-MIB does not support IPv6, so this daemon doesn’t do that either.

The following objectTypes are supported:
– bgpLocalAs
– bgpPeerFsmEstablishedTime
– bgpPeerHoldTime
– bgpPeerHoldTimeConfigured
– bgpPeerIdentifier
– bgpPeerInUpdates
– bgpPeerKeepAlive
– bgpPeerKeepAliveConfigured
– bgpPeerLocalAddr
– bgpPeerLocalPort
– bgpPeerOutTotalMessages
– bgpPeerOutUpdates
– bgpPeerRemoteAddr
– bgpPeerRemoteAs
– bgpPeerRemotePort
– bgpPeerState
– bgpVersion

To use this program, you need the following packages:
– Net-SNMP
– Python
– Bird

The script uses the bird cli client to fetch most information, but since the script also parses your Bird configuration file, it can be picky about the way you layout this file. For now, you’ll need the following structure within your BGP protocol statements. The fields between [ and ] are required:

protocol bgp [name] {
local as [asnum];
neighbor [ipaddr] as [asnum];
}

Also, since this script uses the protocol timeformat to report the uptime of the BGP session, you need a modified timeformat in your configuration. Add the following global option:

timeformat protocol "%s";

Download the code here, and verify it’s MD5 sum.



Wikileaks unreachable?
Friday December 03rd 2010, 11:11 am
Filed under: Writings

This morning, everydns.com stopped providing service for wikileaks.org, on the count that:

EveryDNS.net provided domain name system (DNS) services to the wikileaks.org domain name until 10PM EST, December 2, 2010, when such services were terminated. As with other users of the EveryDNS.net network, this service was provided for free. The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy.

More specifically, the services were terminated for violation of the provision which states that “Member shall not interfere with another Member’s use and enjoyment of the Service or another entity’s use and enjoyment of similar services.” The interference at issues arises from the fact that wikileaks.org has become the target of multiple distributed denial of service (DDOS) attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites.

Thus, last night, at approximately 10PM EST, December 1, 2010 a 24 hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website. Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider.

Think about this how you will, but you can use the following entry in your hosts file to circumvent DNS and still be able to reach wikileaks.org:

Under Windows:
Edit C:\Windows\System32\drivers\etc\hosts
Add the following line:
91.121.133.41 cablegate.wikileaks.org cablegate.wikileaks.ch
88.80.13.160 wikileaks.org wikileaks.ch

Under Linux/BSD/OSX:
Edit /etc/hosts (as a superuser)
Add the following line:
91.121.133.41 cablegate.wikileaks.org cablegate.wikileaks.ch
88.80.13.160 wikileaks.org wikileaks.ch

A more complete list of available domain names can be found here. Furthermore, if you want to have your own copy of the cablegate database, check out this python script, provided by sxpert.

Furthermore, you can also use the following url’s:
http://wikileaks.r3blog.nl/ (DNS A record pointing to the original server)
http://cablegate.r3blog.nl/ (Local mirror of wikileaks.org)

Update: added the .ch domain names, a link to the mirror list, a link to sxpert’s script and the two local links.