guest - flak
Flaakle

exfiltration via request timing

There are any number of ways to exfiltrate data via covert channels. For example, a popular technique is to make DNS lookups for a series of hostnames like “attack.example.com”, “atdawn.example.com”, etc. which will be passed through most firewalls. For a long time DNS requests weren’t monitored, but savvy network operators have grown wise. So if we wanted to beam some data off a device surreptitiously, what else can we do?

Continue reading exfiltration via request timing...

Posted 2016-12-19 17:30:45 by tedu Updated: 2016-12-19 17:30:45
Tagged: c network programming security

Lo and Behold

Werner Herzog reflects on the reveries of the connected world. There’s a lot of short sequences here, but not much tying it together.

Continue reading Lo and Behold...

Posted 2016-08-25 01:00:09 by tedu Updated: 2016-08-25 18:04:23
Tagged: moviereview network web

the day some of the DNS stopped

For the past few months, my iPhone has had a peculiar bug. Apple services didn’t work in my house. I could listen Amazon music, but not Apple music. I could update my Facebook status, but not the Facebook app itself. I could read Apple’s website and learn about security updates in the latest version of iOS, but not download them.

Continue reading the day some of the DNS stopped...

Posted 2016-05-17 23:45:14 by tedu Updated: 2016-07-12 04:33:12
Tagged: network openbsd

SIGPIPE can happen to you

Some recent flak outages were mysterious. One day things would be working, but the next they wouldn’t. All the flak.lua processes had disappeared. No error messages were reported in any observable location. No unusual looking requests were observed in any recorded location. Sometimes a process would survive days of heavy traffic. Other times it would die after only a few hours of light traffic. It was as if the process involved simply lost the will to live.

Continue reading SIGPIPE can happen to you...

Posted 2015-12-02 16:06:12 by tedu Updated: 2015-12-02 16:06:12
Tagged: network programming

userland traffic shaping

A short program to demonstrate network filtering with Lua. Although the kernel provides pf filtering and some bandwidth shaping facilities, they don’t cover every scenario. For example, consider the case where our server is connected to a network port where we pay for some amount of bandwidth, but have burstable speeds much faster than that. Commonly seen as 95th percentile billing. As long as we’re under our five minute quota, we want to pass traffic full speed, but as we approach that mark, we want to start clamping down. The pf.conf burst queueing rules can’t quite handle this situation.

Continue reading userland traffic shaping...

Posted 2014-06-15 02:49:42 by tedu Updated: 2014-06-15 02:49:42
Tagged: lua network openbsd programming

comcast ping times

Despite their wonky customer service, I have generally been happy with Comcast’s technical service. Occasionally though, I have to question what in the world is going on with their network. Recently I noticed that my internet connection would alternate between working and not on roughly a two minute interval. One minute things work fine, the next minute nothing works at all, the next minute everything is fine. During the blackout minutes, making a new connection would timeout, but established ssh connections would remain up, but nothing would happen until the blackout was over. Here are a few pings I sent out (2014-02-13).

Continue reading comcast ping times...

Posted 2014-02-13 21:49:15 by tedu Updated: 2015-06-25 17:56:21
Tagged: bugs network rants