- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Choose your own comment
Admin
SCARY... Just think of what could have happened if he had chosen to abuse it.
Admin
You mean there are companies out there who have security issues that they don't end up resolving? Preposterous!
CAPTCHA: Attack of the Nulla!
Admin
Yeah... I would set up a http proxy to translate all pages into swedish-chef.
hmm bork bork
post attempt #5
Admin
I was thinking more of spoofing their DNS server and diverting financial sites to his computer.
Admin
I remember having what was probably that same ISP and setting up a MUD server at a specific IP address. Ran it for nigh on a year before I got bored with it. Never had more than a dozen users, but was still pretty amusing.
Admin
Ooh, I mean to add "Mwa ha ha" at the end of my post.
But, in a perfect world, the financial site certificate would not match your address, assuming you were performing ssl proxy to get at the interesting content; the user's browser would issue a big warning saying there is a certificate error... and then the user would click "take me there anyway".
Admin
So he was given a non-publically-routable IP address on a Class C (10.0.0.0/24) network. He could put in any IP address he liked, but it couldn't "steal" the address of anything outside that subnet.
I'd imagine that the ISP's DNS and public webserver were most likely on different non-10.x.x.x publically-routable networks, so he wouldn't be able to "steal" their addresses. That is unless they were smart enough to know how to NAT them, and give them different internal and external address, then be as stupid as to have them on the same subnet as clients, and not in their DMZ.
All seems a bit improbable to me...
Incidentally, I can remember the nightmare of moving my workplace from static IP addresses to DHCP in the mid-90s. After a big bang approach to change every device over one weekend, it was months later before we hunted down all the random machines (old laptops that people used at home and brought into the office every so ofter, reps that visited the home office occasionally) that still had static IPs and knocked other machines off the network.
Admin
Ohh, a US Robotics Sportster! I had the US Robotics Courier Dual Standard, flash upgradeable to 56,600bps. I still remember the joy of installing that simple flash update and immediately getting double the connection speed. I think that was the best update I've ever applied to any piece of hardware, ever. That modem died in an electrical storm if I remember correctly (which was an important lesson in and of itself).
Admin
Lots of ISPs (and other large enterprises like government agencies) have one set of servers to do external DNS and a different set to do internal. (Or in the case of the agency I support, four and a half sets to do external and three to do internal.)
Admin
Ah dial-up. Can you remember being able to guess the link speed just by listening to the handshake play out over the modem's built in speaker? memories
Hey who knows, if net neutrality dies then maybe we'll go back to using them and home-hosted BBSs.
Admin
Working for an ISP, I gotta say that quite a few of the little guys didn't know how to set up dhcpd. Most still allow people to see dhcp traffic pass across their ten-dot network (most use that subnet for setting DHCP leases). that in and of itself can be a major issue.
Captcha: damnum. how fitting
Admin
Those midgets should stick to golfing!
Admin
Incidentally, I can remember the nightmare of moving my workplace from static IP addresses to DHCP in the mid-90s. After a big bang approach to change every device over one weekend, it was months later before we hunted down all the random machines (old laptops that people used at home and brought into the office every so ofter, reps that visited the home office occasionally) that still had static IPs and knocked other machines off the network
WTF? You set up the DHCP leases on the SAME Class C net you had the static IPs on? Now that's what I call WorseThanFailure.
Admin
@Doooood: WTF? How can static IP devices knock DHCP machines off the network? The DHCP standard specifies that before giving out an address the server should check to see if it is in use (by pinging).
Admin
"Hey who knows, if net neutrality dies then maybe we'll go back to using them and home-hosted BBSs. "
You mean if "net neutrality" (quite a WTF name in itself) is passed. Nothing will ruin the Internet quicker (well, moreso than it is now) than government regulations.
Admin
Which only works if the static IP is in use before the DHCP address is given out. DHCP server checks to see if 10.1.1.101 is available, pings, gets no response, and gives out the IP. Someone comes in with a laptop the next day that has 10.1.1.101 statically assigned and plugs it into the network, now you've got an IP conflict. Pretty simple and not that uncommon.
Admin
Elsewhere on the 2600 blog, there's a post going up about someone finding a nasty select block in some code from one of their employer's systems.
Admin
Just, wow. Are you serious? Maybe I'm mistaken, but it's my understanding that passing net neutrality means we will continue to treat all traffic equally. From Wiki:
"Network neutrality (also net neutrality, Internet neutrality) is a principle proposed for residential broadband networks and potentially for all networks. A neutral broadband network is one that is free of restrictions on content, sites, or platforms, on the kinds of equipment that may be attached, and on the modes of communication allowed, as well as one where communication is not unreasonably degraded by other communication streams."
So if I read your note correctly, you believe this is a bad thing?
Admin
Oooh, a hacking story! More please!
Admin
Just, wow. Are you serious? Maybe I'm mistaken, but it's my understanding that passing net neutrality means we will continue to treat all traffic equally. From Wiki:
"Network neutrality (also net neutrality, Internet neutrality) is a principle proposed for residential broadband networks and potentially for all networks. A neutral broadband network is one that is free of restrictions on content, sites, or platforms, on the kinds of equipment that may be attached, and on the modes of communication allowed, as well as one where communication is not unreasonably degraded by other communication streams."
So if I read your note correctly, you believe this is a bad thing?
Admin
That's what John McCain thinks.
Of course, McCain also thought Sarah Palin would make a good Vice President, so maybe listening to him isn't that good of an idea.
Admin
Or basketball
[image]Admin
Ideally you'd have the static pcs connected permanently right? I mean laptops aren't mobile - ever
CAPTCHA - Genitus,a genital genius?
Admin
Admin
I had a dialup ISP that did something similar, but it was my impression that it was setup properly. Ie: You could request an IP in your dialup settings. If the specific dialup server you were talking to had it in the available pool, and it wasn't given out to anyone else, you could grab it. Using that "feature", I setup a dialup script that requested my last IP after a disconnect. 90% of the time, any long running downloads simply resumed (if I could get reconnected within a minute)
On hindsight.. that must have been a really flaky isp if I had such issues with dropped calls. :p
Story #2:
A few years later, after moving to Cable. I had some free domain name that I was using for years (for use on a home smtp server). The service was shutting down, but they said they'll dish out the last configured IP for the next year or so.
Meanwhile, the ISP "upgraded" their DHCP server, and wiped everyone's lease. So, my lease which I had for over a year suddenly disappeared. My solution to the problem was to setup a script that changed my mac address, request an IP, and if it wasn't my old one, do it again. I left it running over night.
The next morning, a friend of mine who worked in that ISP's tech support called me with a "WHAT DID YOU DO?! Half the city can't get an IP address".
fun times.
Admin
Adding the ATM0 command to dial-up properties was the first thing I usually did when setting up a computer. No more noise, especially important for late-night surfing when the rates were cheaper.
Admin
That's not how DHCP works.
you get a request, look up the MAC and see if it has permanent settings, then if not hand back an address in the free pool. No pings, and if you give someone an address in use, arp will break because arp isn't supposed to resolve 2 MACs to one IP.
Admin
I had the same issue, but a different reason.. I was on "Earthlink Cable" from Time Warner; The roommate had a "Roadrunner" modem (yes, somehow they allowed us 2 modems on 1 residential account..always fun!)
Needless to say I plugged my network card into his modem for some testing and my long-time 'static' DHCP IP went the way of the dodoas the server apparently thought "well, no more pulling from the ELNK pool for that MAC".
I had setup the same sort of script... Finally I got the address back, but it wasn't as 'static' as it used to be...
Ah well, those were the days (2002!)
Admin
Or fax machines!
Admin
you are correct, pinging an address before handing it out is in no way part of the DHCP spec. However, many DHCP servers, especially in the earlier days of DHCP, would send a ping to a previously unused address to see if it was in use to avoid the ARP conflict you describe. it's certainly helpful when upgrading from static to DHCP, but obviously not foolproof, as in the example I described above.
Admin
I agree with Leo that Net Neutrality is a very bad idea.
Of course I support "Network Neutrality" as defined in Justsomedude's post. But that definition doesn't say anything about the government. I can't in good conscience support the idea that the government has the right to tell businesses what kinds of services they can and can't offer, or to tell consumers what kinds of services they're allowed to purchase, or to regulate the Internet or access to it in any way.
I am constantly shocked by the overwhelming number of Internet users who appar believe that what the Internet really needs is increased government regulation.
Admin
Have fun paying extra to get to YouTube, Hulu, Facebook.
As the banking crisis showed, regulation is sometimes a good thing, and lack of regulation disastrous.
Admin
Was this an ISP in Pennsylvania?
Admin
It is not the internet that needs regulation, but the private companies to prevent them from shitty behaviour. A few years ago my ISP decided to throttle connections to online games, which made them unplayable. As I was 4 months into a 12 month contract this was very annoying. It is this type of behaviour we need network neutrality laws to prevent.
Admin
Actually the modern spoofer simply build a convincing mock server. i'v seen spoof sites that even add a little lock symbol somewhere in the page.
Users are completely oblivious to the true meaning of certificates. a website with a certificate error shows a huge error wanning on modern browsers, but a website with no certificate works just fine.
After discovering that my girlfriend has no idea how to tell if a website/connection is secure, i asked around and discovered that the non-to-mildly technical users i know have no idea about identifying a secure connection...
Now my girlfriend calls me before leaving her personal details on any website...
Admin
Carl, I respect your love of true free markets but the problem is we don't have true free markets and consumers can't choose to not do business.
Yesterday I stumbled across this well articulated argument: http://www.ianwelsh.net/consumers-cant-choose-not-to-do-business/
In reality what we have is large ISPs moving towards a model in which they can choose what parts of the internet you will have easy access too. In a better world, another prospective ISP could come along and offer what the consumer really wants (and get the business), but in reality this is unlikely to happen.
Consumers will have the choice of Limited, Throttled access to much of the internet, or no access at all. That is not in the spirit of true free markets and is exactly why regulations are sometimes necessary.
I prefer to think of the internet as a utility instead of a service. I don't have the option to change electric or water providers, and because true choice is not available or realistically possible, regulating these utilities is necessary. Take Cali's deregulation of the grid for example, that worked out just great didn't it :-)
So while the idealist in me agrees with you, the realist in me understands the world isn't perfect and such measures are needed under these circumstances.
Admin
Anyone ever read this: http://www.wired.com/threatlevel/2008/07/kaminsky-on-how/
http://beezari.livejournal.com/141796.html
the DNS flaw that was discovered last year...scary stuff.
Admin
Congrats, you've been swindled by the Republican party's repeated and deliberate conflation of corporate regulation and consumer regulation! You win a hog!
(see also: health insurance, securities markets)
Admin
Of course, there is a solution. If your ISP starts doing this, switch. That's exactly what I did, the day after my ISP announced they were planning to ignore net neutrality principles and charge content providers for faster access to their sites. This was Virgin Media in the UK, by the way. If you're with them, run like hell.
Post #4
Admin
Exactly. Do you want to pay 50 cents every time you open Google because "it's a traffic hog"?
Anyway, my real comment is this: someone said something about laptops and static IPs; my work laptop has a static IP because I use it at the office for internet and file sharing (small network, less than 30 computers) and when on job sites to connect to industrial hardware (motion controllers) over ethernet. These motion controllers are on networks that are entirely static IPs (there's no hardware to provide DHCP services, and we don't want their IPs changing around anyway). Coincidentally, we configure every "mini" network that goes in a machine's panel with the same 192.168.1.x IP range as our internal work network so I don't have to touch my network card settings when I plug in to a machine.
Lazy, maybe... but it works perfectly!
There's no reason we couldn't set up DHCP and have a fallback address on the network card on my laptop when it doesn't get a lease, but XP takes about 30 seconds to determine there's no DHCP server every time you connect, and that may be up to 30 times a day (powering panels off and on). That's a heck of a lot of wasted time.
Admin
Many of Kaminsky's speeches at various security conventions are available online. I almost went looking for a few links but decided if you can't find them on your own, it's a waste of time anyway.
Virtually all of them are well worth the time to watch. He's very excited about what he does, which can make for a great talk.
On a side note, you do know they patched it as a temp fix, and are finally signing the root DNS certificate as a better solution moving forward...
Admin
And what do you do when ALL ISPs do it?
apologizes for the double post
Admin
the right wing stupidity.. it hurts
hint: the profit motive encourages abuse, the market is suppose to counterweigh that abuse wit competition. however in many things, communications access being one of them, that market breaks down and there is no real choice and the companies can continue their abuse.
or the people, as is their right, can exercise their collective might (via the government) to protect themselves.
only an idiot refuses to see that theories don't always work in reality. only the heir to the throne of the kingdom of idiots thinks that economics theories vaguely describe reality.
CAPTCHA: illum... i didn't illum, i destroyed em!
Admin
What if we all do what Jonathan did in this story?
Wouldn't that be Cloud Computing?!
Admin
you in the UK are lucky.. in most spots your infrastructure (the physical lines) is owned by the public to my understanding. then the providers lease out sections to sell support with.. and you can switch providers.
here in the states it doesn't work that way. if i want to have internet access i have two options: Qwest DSL, Mediacom Cable.
both have doubled their rates in the past 5 years, but only increased bandwidth nominally.
Admin
Admin
Admin
you could always set up static dhcp at your office. Sure, it sucks, but have you ever had an ip collision with one of those work sites?
Admin
Nah, once the market is dominated by cable and DSL, they're quite happy to sit on their asses and collect money. Any upstart ISPs can be crushed or legislated out of existence.