Archive

Custom Arp-Alerts

Published on August 20, 2008 in linux and sago. Comments

So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert - Monitor ARP changes in ethernet networks

You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/

So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the ”

So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert - Monitor ARP changes in ethernet networks

You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/

So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the “libnotify-bin” package. So you will need to run:

$ sudo apt-get install libnotify-bin

Try it! run “notify test”. A popup should show up! Simple! Now, we need a small program to put the pieces together and glue it. I want my popup when odd things happen. Here is the glue I wrote, modify at will:

tail -n 0  -F /var/log/arpalert.log | awk -W interactive ‘{print $8, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12}’ | \
while read heading message
do  notify-send -t 3000 — “Arp Alert” “${heading} ${message}”
done

I don’t think I’m done with it yet. (I want to make it give different time outs for different types of messages, and I want it to change the heading to something dynamic instead of the Arp Alert, but yea) So put that in a .sh and run it! Nothing may pop up! Try putting something new on the network and seeing if something shows up in the log. Its pretty easy to troubleshoot and modify to your liking.

DNS Cache Poisoning

Published on July 31, 2008 in linux and sago. Comments

Recently a DNS expert found a flaw in the way that DNS servers talk to other DNS servers to get records that allows interested parties (hackers) to insert their own records. If you need a primer: the Wikipedia link.

Well… a DNS flaw is no fun without a tool to use it. So this guy “HD Moore” wrote a program (script) that takes advantage of this and makes it relatively easy for someone to use something called Metasploit to tinker with it. Cool!

Turns out that it works, and people are fixing their DNS servers so that this can’t happen. (I fixed mine as soon as the fix was out.) But not everyone can fix their own, often they are at the mercy of their ISP’s. (Have you ever called up your ISP’s help desk and told them they need to upgrade their DNS servers to protect them against cache poisoning? Heheheh.. right)

So one day, Mr. Moore goes to google.com on his computer at work, and guess what, its not the real google.com…

The news article

Well played sir. Well played.

Failing Hard Drives

Published on March 26, 2008 in Personal, linux and sago. Comment

So lots of people use computers, and lots of people have harddrives.

At my work I deal with lots and lots of computers and lots and lots of drives. So during a week I see plenty of failing drives, just because of the statistics.

So now-a-days I run a “smart test” on the drive to see how it is. Unfortunately most drive testers and smart tests are crap. So I made my own and I want to share it with you….

It runs in Linux of course, and all it needs is a program called smartctl. (If you don’t have it and you are running Ubuntu, just run “apt-get install smartmontools” )

Here is how you can get it and run it:

$ wget a.xkyle.com/smarttest
$ bash smarttest

Thats it! Just give it about 2 minutes to run. Here is an example output:

Hours: 27519
SMART Errors: 0
Reallocated / Pending: 2 / 0
Read Speed: 41 MB/s

WARNING: This drive has over 26,280 (3 years) hours on it and should not be used as a Primary
WARNING: This drive has some reallocated sectors, this shouldn’t be used as a primary and requires judgment if it is to be used for a secondary

Its pretty self explainitory if you know about drives. If you want to know more about smart paramaters, check out the wikipedia article.

Putting the Clock Together

Published on December 14, 2007 in Clock. Comments

We have finally built enough pieces of the clock together to get some digits!
It basically comes down to a white wooden box, a piece of cardboard with the LEDs wired, running to a RJ45 jack. Then a stryofoam cutout painted black, with a white piece of paper and plexyglass on top for a face.

Here is the template with wired LEDS:
p1000194.JPG

A multitude of completed digits (still missing the blank faceplate).
p1000196.JPG

Painting the boxes:
p1000198.JPG

This is an experiment with reflective tape: (didn’t make a difference)
p1000200.JPG

And yet even more boxes are coming:
p1000204.JPG

Here is the magic controller: (A little messy, not finished)
p1000205.JPG

And the outputs of the controller: (Just cat5 connectors, cheap!)
p1000206.JPG

Blogging = Human Salvation

Published on October 9, 2007 in Personal. Comments

Now hear me out, I used to be a hater. It seems that the more people blog, the more the internet is loaded up with wasted bandwidth and ad space. The truth is that blogging has a very small marginal cost, and usually blogging occupies time that would not otherwise be spent doing “productive” things.

But! What if all of humanity blogged, and then we could aggregate all blogs on the internet. Now, what if a mother of a special-needs child is having a hard time putting her child to sleep, so she blogs about it. Then the blogging software analyzes the blog and finds similar posts from other authors (Google plugin?) and she reads about the other experiences of other mothers. Can you see how the sum of human experiences, not just book knowledge (like Wikipedia) are tagged, sorted and searchable.

That is what I think blogging is all about, not hits. I don’t care how many people read my blog. None for all I care. Its the sum of all blogs that adds to our collective experience repository called the internet which is important.

Another way to think about it is like this: imagine a graph where number of reads is the Y axis and you lined up webpages on the X. Sort it and it would look something like this:
long tail
(From the Wikipedia Article)

So most people read the most popular websites. My blog, your blog, your moms blog, they are all in the yellow. Guess what? The sum of the yellow is more than the sum of the green! (Sometimes) That is the true power of the internet, is the capability of supporting an infrastructure for the tail end. How? You guessed it: blogs, wikis, and other user generated content. (I hate to say, web 2.0? ::shivers::)