Search this site





New ssh vpn article, soon.

I keep an eye on my apache access logs to see what kind of traffic my site gets and why it gets here. It seems that a non-trivial number of searches are for 'vpn over ssh' and similar variants. These land at the ppp over ssh article.

New versions of openssh have built-in support for tunneling, and do not require ppp at all. Seeing as how I've never really used this new feature, and there's a nontrivial number of searches ending up on the ppp-over-ssh article, I think it's time to write a little article on how to use the new openssh built-in tunneling.

Stay tuned...

Dynamic DNS + DHCP Article

I wrote a new article (due to overwhelming demand of 1 person asking) about how to get dynamic dns and dhcp working.


arp security research

Having accidentally found a means to completely knock my friend's laptop offline, I sat down and did some research into why and how it happened. Like most of my researching endeavors, I found more information that I had intended. Like the article says in the preface, all of the information presented in the article is probably not new or innovative. In fact, I'd wager that it's public knowledge in the security community.

Whatever, it is new to me. Read if you so desire :)

Link: articles/arp-security/

New article: ssh security and idiot administrators

Long story short: I found a security-hole type thing in some of RIT's servers. I contacted ITS (RIT's systems and network team) about the problem. I heard from the grapevine that they wouldn't fix it, despite the easy fix, so as a way of venting anger towards sysadmins who respond negatively when you report a problem, I wrote this article. It explains why setting my shell to /bin/false is not preventing me from using ssh on your machine.

Link: /articles/ssh-security

xml for articles

I needed a neat way to write and present articles. I got bored and wrote a little xsl script that turns my happy new article xml into some html-ish stuff. So far it's looking very cool. For instance, it will do automatic table-of-contents generation with proper anchor tags, etc. I'll post more on this later when it's finished. I'd finish it tonight, but I'm tired.

ppp over ssh - paranoia solution

I got bored today and wrote a quick script to start/stop a ppp over ssh vpn. I'm working on an article on how to get ppp over ssh working for freebsd, so that'll be up shortly. I've also been working on a few new upgrades to logwatch, i'll commit those as soon as they're completed.

% ifconfig ndis0
ndis0: [snip...]
        inet netmask 0xffffff80 broadcast
        media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
        status: associated
        ssid baccus 1:baccus
        channel 11 authmode OPEN powersavemode OFF powersavesleep 100

As you can see, I'm currently using wireless on some random access point I associated to called baccus. I don't know who's access point this is, but it's what ndis0 insists on associating with, so I don't complain. Being on a school campus is, in my opinion, one of the most potentially dangerous networks you can put your computer on. Here you'll have an assortment of geeks of varying clue levels - pretty much anyone with half a brain can sniff all the wireless traffic they want.

Having my traffic sniffed isn't really annoying until I want to login someplace that insists on clear-text passwords (say, So, I have gotten into the habbit of using OpenSSH's SOCKS5 proxy to do that, but it's annoying starting a proxy every time I need one. What can I do instead?

A quick solution that is very simple is to tunnel PPP over SSH. I won't go into the details here, but the short of it is this: I have a ppp tunnel to one of my machines in my dorm room which is on a wired, switched network I consider to be trusted. Then, all of my traffic can possibly be tunneled to a safe network where it will then go forth and be happy.

As I mentioned, I'll be posting an article on how to make this go shortly.