Kyle Anderson

Custom Arp Alerts II!

Published on August 21, 2008 in linux. 0 Comments

So I’ve found a better way to do what I did in the previous post. Instead of running a separate script to parse the arp alert logs, I have arp alert itself send the alerts! The key is this line in the arpalert.conf

action on detect = “/etc/scripts/arp-alert”

Its so simple, it just runs that script sending the information about the alert as certain arguments. With this I have more control over the formatting of arpalert messages:

In order to do this, I had to write that script, and make it executable of course. Also I had to change the running user of arpalert to root, because the “arpalert” user didn’t have permission to notify my user “kyle”. This is a much more clean solution, allowing me to make different types of alerts look different, having different timeouts and such. If you want my /etc/scripts/arp-alert you can download what I have so far here.

Custom Arp-Alerts

Published on August 20, 2008 in linux. 0 Comments

So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert - Monitor ARP changes in ethernet networks

You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/

So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the ”

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert - Monitor ARP changes in ethernet networks

$ sudo apt-get install libnotify-bin

Try it! run “notify test”. A popup should show up! Simple! Now, we need a small program to put the pieces together and glue it. I want my popup when odd things happen. Here is the glue I wrote, modify at will:

tail -n 0 -F /var/log/arpalert.log | awk -W interactive ‘{print $8, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12}’ | \
while read heading message
do notify-send -t 3000 — “Arp Alert” “${heading} ${message}”
done

I don’t think I’m done with it yet. (I want to make it give different time outs for different types of messages, and I want it to change the heading to something dynamic instead of the Arp Alert, but yea) So put that in a .sh and run it! Nothing may pop up! Try putting something new on the network and seeing if something shows up in the log. Its pretty easy to troubleshoot and modify to your liking.

DNS Cache Poisoning

Published on July 31, 2008 in linux. 1 Comment

Recently a DNS expert found a flaw in the way that DNS servers talk to other DNS servers to get records that allows interested parties (hackers) to insert their own records. If you need a primer: the Wikipedia link.

Well… a DNS flaw is no fun without a tool to use it. So this guy “HD Moore” wrote a program (script) that takes advantage of this and makes it relatively easy for someone to use something called Metasploit to tinker with it. Cool!

Turns out that it works, and people are fixing their DNS servers so that this can’t happen. (I fixed mine as soon as the fix was out.) But not everyone can fix their own, often they are at the mercy of their ISP’s. (Have you ever called up your ISP’s help desk and told them they need to upgrade their DNS servers to protect them against cache poisoning? Heheheh.. right)

So one day, Mr. Moore goes to google.com on his computer at work, and guess what, its not the real google.com…

The news article

Well played sir. Well played.

Failing Hard Drives

Published on March 26, 2008 in Personal and linux. 1 Comment

So lots of people use computers, and lots of people have harddrives.

At my work I deal with lots and lots of computers and lots and lots of drives. So during a week I see plenty of failing drives, just because of the statistics.

So now-a-days I run a “smart test” on the drive to see how it is. Unfortunately most drive testers and smart tests are crap. So I made my own and I want to share it with you….

It runs in Linux of course, and all it needs is a program called smartctl. (If you don’t have it and you are running Ubuntu, just run “apt-get install smartmontools” )

Here is how you can get it and run it:

$ wget a.xkyle.com/smarttest
$ bash smarttest

Thats it! Just give it about 2 minutes to run. Here is an example output:

Hours: 27519
SMART Errors: 0
Reallocated / Pending: 2 / 0
Read Speed: 41 MB/s

WARNING: This drive has over 26,280 (3 years) hours on it and should not be used as a Primary
WARNING: This drive has some reallocated sectors, this shouldn’t be used as a primary and requires judgment if it is to be used for a secondary

Its pretty self explainitory if you know about drives. If you want to know more about smart paramaters, check out the wikipedia article.

Putting the Clock Together

Published on December 14, 2007 in Clock. 0 Comments

We have finally built enough pieces of the clock together to get some digits!
It basically comes down to a white wooden box, a piece of cardboard with the LEDs wired, running to a RJ45 jack. Then a stryofoam cutout painted black, with a white piece of paper and plexyglass on top for a face.

Here is the template with wired LEDS:

A multitude of completed digits (still missing the blank faceplate).

Painting the boxes:

This is an experiment with reflective tape: (didn’t make a difference)

And yet even more boxes are coming:

Here is the magic controller: (A little messy, not finished)

And the outputs of the controller: (Just cat5 connectors, cheap!)

Blogging = Human Salvation

Published on October 9, 2007 in Personal. 0 Comments

Now hear me out, I used to be a hater. It seems that the more people blog, the more the internet is loaded up with wasted bandwidth and ad space. The truth is that blogging has a very small marginal cost, and usually blogging occupies time that would not otherwise be spent doing “productive” things.

But! What if all of humanity blogged, and then we could aggregate all blogs on the internet. Now, what if a mother of a special-needs child is having a hard time putting her child to sleep, so she blogs about it. Then the blogging software analyzes the blog and finds similar posts from other authors (Google plugin?) and she reads about the other experiences of other mothers. Can you see how the sum of human experiences, not just book knowledge (like Wikipedia) are tagged, sorted and searchable.

That is what I think blogging is all about, not hits. I don’t care how many people read my blog. None for all I care. Its the sum of all blogs that adds to our collective experience repository called the internet which is important.

Another way to think about it is like this: imagine a graph where number of reads is the Y axis and you lined up webpages on the X. Sort it and it would look something like this:

(From the Wikipedia Article)

So most people read the most popular websites. My blog, your blog, your moms blog, they are all in the yellow. Guess what? The sum of the yellow is more than the sum of the green! (Sometimes) That is the true power of the internet, is the capability of supporting an infrastructure for the tail end. How? You guessed it: blogs, wikis, and other user generated content. (I hate to say, web 2.0? ::shivers::)

Clock Primer

Published on May 1, 2007 in Uncategorized. 0 Comments

Here is the intro to the clock project:

We start with a template made at a sign shop, and the cover the edges with aluminum tape to protect them from the heat from the hot wire.

I’ve pushed out holes with a strait wire and a blow torch to give my entry points for my hot wires. Its going to be a plunge and cut job.

The laserpointer helps guide the hot wire because it inevitably bends and makes crooked cuts. Following the point makes straiter cuts. The laser isn’t cutting the stryofoam for us… Yet.

Only a CNC machine could have done a better job. A CNC machine…. With a laser cutter!!!

This clock is going to have a great R-Value !!!

God help us all.

Whiteboard Whiteboard Interactions

Published on January 27, 2007 in Personal. 0 Comments

Here are some of the messages that are passed back and forth between my roommate and I…

Sometimes we make up silly things… late at night…

Sometimes we borrow each others things…

And we get the better of each other with our antics…

Our true feelings for each other?

To do list…

Sometimes we DON’T let each other borrow things…

Compact Flash Replacement

Published on January 20, 2007 in Laptop and Personal. 0 Comments

My laptop is a Sharp MM20, which I knew I was going to spraypaint eventually, I just needed a reason to. After about a year of wear and scratches from abuse, it was time.

I’m replacing the harddrive in my laptop with a 4GB flash card.
It should be faster:

/dev/sdb:
Timing cached reads: 3532 MB in 2.00 seconds = 1766.79 MB/sec
Timing buffered disk reads: 58 MB in 3.10 seconds = 18.69 MB/sec
root@kyle-desktop:~# hdparm -tT /dev/sda

/dev/sda:
Timing cached reads: 3532 MB in 2.00 seconds = 1766.13 MB/sec
Timing buffered disk reads: 78 MB in 3.04 seconds = 25.67 MB/sec

Pros: Faster seeks and sustained I/O. Lifetime Warranty.
Cons: Expensive. 25% Disk Space. Bad blocks over time.

So lets do it! I started with instructions from this guy.

First step, disassembling the laptop:

You can see that this is not a normal size laptop hard drive. This is a 1.8″ drive. So I bought this card and a cheap laptop IDE to flash converter off of ebay. (Sorry I don’t have a picture.)

We used containers with numbers and a legend to keep track of small screws and parts. When we were done, these were left over:

(Don’t ask me whats in compartment 8, I really don’t know what it goes to. But there is the leftover drive and screws)

Second step, spray paint it! Oh, and don’t forget to put in the flash card when you put it back together.

Can you spot the laptop?

Of course, with only a 4GB drive, I will be running my favorite operating system of course, Ubuntu!

And the obligatory screen shot!

Want more? Click here to download every picture we took.
Closing thoughts:
I’m extremely impressed. The camo-finish is beautiful and feels great thanks to the clear coat. Nothing broke, and everything went back together correctly thanks to good documentation and pictures for reference. If you have any questions about what I did, post a comment and I’ll come back and answer them.

Next Piece: Armband

Published on January 9, 2007 in LaserTag. 2 Comments

We were thinking it would be cool to have the LCD display be on the arm, instead of the side of the gun.

So we have modified roller-blading wrist-guards for the purpose:

Watch Karl Show It Off!

Karl’s Mom helped with the sewing. Next we’ll add buttons for mode and backlight. I think they will be very thin and unobtrusive.