-
-
-
- Austria (27)
- General (16)
- HowTo (122)
- IT Security (129)
- Linux (127)
- Networking (65)
- Other (3)
-
- CDemu - a free, gpl cd/dvd-rom device emulator for linux
- heatpumpMonitor - Monitoring a Stiebel Eltron LWZ
- ignis backup tool - the heat-strengthened backup tool
-
- December 2021 (2)
- September 2019 (1)
- May 2019 (1)
- April 2019 (1)
- January 2019 (1)
- October 2018 (1)
- August 2018 (1)
- February 2018 (1)
- September 2017 (1)
- August 2017 (2)
- May 2017 (1)
- April 2017 (1)
- February 2017 (1)
- January 2017 (2)
- December 2016 (1)
- November 2016 (2)
- October 2016 (1)
- September 2016 (1)
- August 2016 (1)
- July 2016 (2)
- April 2016 (1)
- March 2016 (3)
- February 2016 (4)
- January 2016 (2)
- December 2015 (2)
- November 2015 (2)
- September 2015 (2)
- July 2015 (5)
- June 2015 (4)
- May 2015 (2)
- February 2015 (1)
- January 2015 (4)
- December 2014 (1)
- November 2014 (5)
- October 2014 (4)
- September 2014 (1)
- August 2014 (4)
- July 2014 (3)
- June 2014 (5)
- May 2014 (5)
- April 2014 (1)
- March 2014 (2)
- February 2014 (3)
- January 2014 (5)
- December 2013 (2)
- November 2013 (3)
- September 2013 (3)
- August 2013 (2)
- May 2013 (4)
- April 2013 (1)
- March 2013 (1)
- February 2013 (3)
- December 2012 (3)
- November 2012 (3)
- October 2012 (1)
- September 2012 (2)
- June 2012 (1)
- May 2012 (1)
- April 2012 (1)
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (4)
- November 2011 (1)
- August 2011 (1)
- March 2011 (1)
- October 2010 (1)
- May 2010 (3)
- January 2010 (1)
- September 2009 (1)
- August 2009 (5)
- July 2009 (5)
- June 2009 (4)
- May 2009 (1)
- April 2009 (1)
- January 2009 (1)
- December 2008 (6)
- November 2008 (6)
- October 2008 (2)
- September 2008 (11)
- August 2008 (4)
- July 2008 (7)
- June 2008 (2)
- May 2008 (7)
- April 2008 (5)
- March 2008 (9)
- February 2008 (15)
- January 2008 (11)
- December 2007 (3)
A1 Telekom Austria uses internal IPs (10.x.x.x) for traffic between UMTS and DSL
December 25, 2011
When I tried to connect from my mobile phone to my DSL router at home and had tcpdump running on the router at the same time I though there is something wrong. I saw connection requests from an 10.62.35.x IP address from the Internet. My router was of course dropping these packets, as this IP address cannot arrive on the Internet uplink interface.
After some checking I realized that my mobile phone is the 10.62.35.x source address, and I needed to accept packets from on the Internet with the source address within the range of 10.62.0.0/16. It is good that I don’t use 10.62.0.0/16 subnets at home …. but if someone does, he has a problem. 😉
Anyway has anyone more information which 10.x.x.x IP addresses the A1 Telekom Austria (and Bob for my mobile) does use?
ps: The DSL router has a worldwide IP address but the mobile IP is local, surely to force businesses into more expensive plans to have a worldwide IP address. 😉
UPC (Austrian ISP) started using Sitefinder Service (Update)
September 3, 2008
The Austrian ISP UPC (Chello, Indo, Telesystem) has activated a system which sends your browser to UPC site if a domain could not be resolved. They say that this helps their less tech-savvy customers but I believe it helps them more. Because they can put some ads on this site. They are not the first to try this. 2003 Versign tried something similar (called Sitefinder) but it was stopped by ICCANN and user protests. But that was not a provider.
The system is an Opt-Out one and not Opt-In. You need to perform 5 clicks, fill out a form and time to wait for a support employee to get it deactivated. You should really Opt-Out as the system can lead to problems if an DNS server is responding too slow and the system tells you you’ve a wrong domain name. The other question is what happens with the data gathered by the search engine on this site, which tries to guess what you meant.
Update:
This site (german) contains all info how you can Opt-Out.
EU Member States Data Retention Transposition Measures
July 12, 2008
I got my hand on this list which is out of a PDF from the European commission, and I though it maybe also interests others. It shows the status of data retentions laws in the EU member states. So here is the list. (The list is sorted by the native names of the nations and not the English ones I used here, e.g. Deutschland vs Germany)
.
Finally – Austria gets its own CERT
February 22, 2008
Many European nations have Computer Emergency Response Teams (CERT) for years now and finally Austria is on the way to play catchup. nic.at, the Austrian domain registry, plans to create it together with the Federal Chancellery of the Republic of Austria with four employees at the beginning. The Chancellor Alfred Gusenbauer declared: “The internet is a valuable infrastructure, which needs to be protect”. (Wow he truly go it!)
So much for the official version of it, but there is not all gold. The CERT should only be a information hub which provides international networking. So far so good, but what would be needed is a own infrastructure to react in cases of emergency otherwise no defense can be coordinated. But this is a typical Austrian solution, we will have our own CERT but it should not be that expensive as a real one.
A1 UMTS card under Linux – just works
January 27, 2008
I got my hand onto an A1 UMTS PC-CARD and I did some research on how to use it with Linux. At first just plug the card into your Notebook and look at the logfile (/var/log/syslog on Debian based distributions). On a Kubuntu Feisty and newer Kubuntu versions and Debian Etch it is supported as /dev/USBtty0. This worked for all Huwai based cards I got my hands on, also the USB versions.
You have now 2 possibilities:
The first is to use the official Linux drivers from Vodafone which work also for A1. Just go to http://www.vodafonebetavine.net/web/linux_drivers/
The advantage of the official closed source program is that it ships with a special program which shows you how good the reception is and if it’s using GPRS or UMTS – but it is closed source and maybe not available for your hardware and/or software platform. And specially it is an GUI application you may want the UMTS internet access for a display less router. The following describes how I did it on an Debian Etch based router.
First you need to install the pppd
# apt-get install ppp
Than you create following files with the shown content:
# cat > /etc/ppp/peers/a1
hide-password
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/a1"
debug
/dev/ttyUSB0
115200
defaultroute
noipdefault
user "[email protected]"
remotename a1
ipparam a1
replacedefaultroute
usepeerdns
# cat > /etc/ppp/pap-secrets
"[email protected]" a1 "www"
# cat > /etc/chatscripts/a1
# ispauth PAP
# abortstring
ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT 'NO DIALTONE' ABORT 'NO DIAL
TONE' ABORT 'NO ANSWER' ABORT DELAYED
# modeminit
'' ATZ
'' AT+CGDCONT=1,"IP","A1.net"
# ispnumber
OK-AT-OK "ATDT*99***1#"
# ispconnect
CONNECT \d\c
# prelogin
# ispname
# isppassword
# postlogin
Now download this perl script and change the PIN code (line 11) to the one of your card. Don’t forget to set the executable flag. Now you can go online with
# ./setpin.pl
# pon a1
The setpin.pl script needs to be called once each time you inserted your UMTS card. This setup is mostly identical for the other Austrian UMTS provides as they sell the same Huwai cards A1 does, just some Init commands are different. It is easy to find the correct ones for your provider with Google.
Active attacks on home routers underway
January 23, 2008
Only last week I posted about the UPnP attack vector on home routers and now Symantec is reporting active attacks on Mexican internet users. The purpose of this attack is to manipulate the DNS settings of the router so the user is directed to the phishing site for a popular Mexican bank. As there is no change on the computer itself, security software will have a hard time to detect such attacks. Sure the SSL certificate the fake site will provide is most likely faked, but most users just click Ok anyway. But my guess would be anyway that the phishing site is just plain HTTP.
But this is not the only attack vector even if a password is set for the router (not counting the default password). If a router allows the user to authenticate himself via a cookie, than an attacker needs only to provide an URL which includes the commands for the router. Sure the attacker needs to know the router which is used by the user, but thats not that complicated as you might think. For example in Austria an attack would be best done against Alcatel SpeedTouch router (configured to multi user mode) which used by the Telekom Austria since the start of DSL in Austria. And to make it worse, there is no password defined by default, so we don’t need a cookie attack at all.
It is therefore important to change the default password and to make sure the router requires a password each time you start your browser. It is also a good idea to restart your browser after you authenticated yourself against the router and before you surf through the internet.
You ask yourself how to attacker knows the IP address of the router? Thats easy – following possibilities exist:
- just try 192.168.0.1 (or what is default setting for the router, which should be attacked)
- get the IP address of the computer, and replace the last number of it with an one. (java script?)
- use a applet (flash, java, ….) to get the default gateway or DNS server IP address – you’ve your router
The first one is the easiest one, but also the easiest to defeat. Just change the network to a new C-Class network out for 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8. eg. 10.133.122.0/24. So lets change to following mantra a little bit. Recommended steps for setting up your home router:
- Unbox
- Throw the disk away
- Plug in your machine, Turn on the router and navigate to the Web-GUI
- Turn off UPNP
- Change the subnet of your router
- Change default name and password, set WPA-PSK
- Check that remote management is disabled
- ….
I’ve changed the subnets of my routers for years, just because the 192.168.0.0/24 stuff didn’t look cool – so be cool and change yours too.
PPTP DSL Linux mini howto
January 12, 2008
I live in Austria and the only broad band Internet connection (not including the UMTS stuff) I can get is from the Telekom Austria and it is PPTP based and I’m using AON as Provider. I often hear from new guys in the LUGT (Linux User Group Tirol) that it is hard to set it up with Linux. It is not! I will explain here how to setup a PPTP tunnel to an Alcatel Speed Touch Ethernet modem on a Debian based distribution.
First we need to install some packages:
# apt-get install ppp pptp-linux
Than we need to set following IP on the network interface which is connected to the modem:
10.0.0.1/255.255.255.0
after this is done following should work:
ping 10.0.0.138
If not check if the LED for the LAN connection on the modem is on and that you’ve configured your interface correctly with “ifconfigâ€. It is now possible to use something like knet oder kppp to make the tunnel but I describe here the manual way for an small Linux server/router). Create a file
/etc/ppp/peers/aon with following content:
user your_long_aon_number (e.g. 49373880000)
noipdefault
defaultroute
hide-password
connect /bin/true
noauth
persist
debug
And /etc/ppp/pap-secrets with following:
49373880000 aon secret_password
Replace the number above with our own. If you’ve done this you just need to type following to make the connection:
# pptp 10.0.0.138 call aon
As this connection should be persistent we need to add a fail save script which monitors the pppd daemon. With this reconnect script, which I have running for > 5 years, I never had problems even if the tunnel stalled it was discovered and the tunnel reestablished. The content of the /usr/local/sbin/reconnect script is:
#!/bin/bash
/usr/bin/killall pppd 1>/dev/null 2>/dev/null
/bin/sleep 3
/usr/bin/killall pptp 1>/dev/null 2>/dev/null
/bin/sleep 3
/usr/bin/killall -9 pppd 1>/dev/null 2>/dev/null
/usr/bin/killall -9 pptp 1>/dev/null 2>/dev/null
/bin/rm /var/run/pptp/10.0.0.138 1>/dev/null 2>/dev/null
/bin/sleep 2
/usr/sbin/pptp 10.0.0.138 call aon
and in the crontab I’ve:
# m h dom mon dow command
0,30 * * * * ping -c 2 195.58.160.194 > /dev/null || ping -c 2 195.58.161.122
> /dev/null || /usr/local/sbin/reconnect
Powered by WordPress
Entries and comments feeds.
Valid XHTML and CSS.
30 queries. 0.065 seconds.