Another similar way to create a backchannel but without transmitting anything is to introduce delays in the receiver and measure throughput as observed by the sender. All we need is a protocol with transmission control. Hmmm.
more...
There are any number of ways to exfiltrate data via covert channels. For example, a popular technique is to make DNS lookups for a series of hostnames like “attack.example.com”, “atdawn.example.com”, etc. which will be passed through most firewalls. For a long time DNS requests weren’t monitored, but savvy network operators have grown wise. So if we wanted to beam some data off a device surreptitiously, what else can we do?
more...
Werner Herzog reflects on the reveries of the connected world. There’s a lot of short sequences here, but not much tying it together.
more...
A continuation, perhaps culmination, of a series that includes rough idling, firefox vs rthreads, and browser ktrace browsing.
more...
For the past few months, my iPhone has had a peculiar bug. Apple services didn’t work in my house. I could listen Amazon music, but not Apple music. I could update my Facebook status, but not the Facebook app itself. I could read Apple’s website and learn about security updates in the latest version of iOS, but not download them.
more...
Some recent flak outages were mysterious. One day things would be working, but the next they wouldn’t. All the flak.lua processes had disappeared. No error messages were reported in any observable location. No unusual looking requests were observed in any recorded location. Sometimes a process would survive days of heavy traffic. Other times it would die after only a few hours of light traffic. It was as if the process involved simply lost the will to live.
more...
A short program to demonstrate network filtering with Lua. Although the kernel provides pf filtering and some bandwidth shaping facilities, they don’t cover every scenario. For example, consider the case where our server is connected to a network port where we pay for some amount of bandwidth, but have burstable speeds much faster than that. Commonly seen as 95th percentile billing. As long as we’re under our five minute quota, we want to pass traffic full speed, but as we approach that mark, we want to start clamping down. The pf.conf burst queueing rules can’t quite handle this situation.
For more flexibility, we can pass all our network traffic through userland using tun and have an arbitrary program analyze and shape it. This setup requires a whole mess of virtual interfaces to be configured with ifconfig, but it’s really not so bad. We want to pass ethernet frames, so we use the link0 flag.
ifconfig tun0 create link0
ifconfig bridge0 create add em0 add tun0
ifconfig tun1 create link0
ifconfig vether0 create
ifconfig bridge1 create add vether0 add tun1Now we have a vether interface connected, via bridges and tuns, to the network. We configure this interface with our IP (run dhclient if you like), and it effectively replaces em0 as the primary interface. This is an endpoint configuration; vether can be replaced by a physical interface for a router. All that’s missing is a program to pass traffic between the two tun interfaces.
Here’s a short Lua (luajit) program. It reads from the two tun interfaces and passes packets between them as they arrive. As the amount of traffic passed approaches our five minute quota, it starts probabilistically dropping packets. As written it lets you use 75% of your quota at full speed before rather sharply curtailing it. (As a bonus, it will occasionally print a frequency count of each byte to demonstrate other uses.)
See also trickle.
Despite their wonky customer service, I have generally been happy with Comcast’s technical service. Occasionally though, I have to question what in the world is going on with their network. Recently I noticed that my internet connection would alternate between working and not on roughly a two minute interval. One minute things work fine, the next minute nothing works at all, the next minute everything is fine. During the blackout minutes, making a new connection would timeout, but established ssh connections would remain up, but nothing would happen until the blackout was over. Here are a few pings I sent out (2014-02-13).
more...