SolarScale Blog

Random Hackepedia

A process covers the entire address space for the size of a pointer (32 bit in 32 bit architectures, 64 bit for 64 bit architectures). Since virtual memory is being used not all areas of a process has real memory assigned to it and only some parts (access to parts that have no memory results in a SIGSEGV signal and the process is killed)...

To read more about heap, click on link.

Equinox in a few days

The last equinox of this year is in a few days, 5.

Random Hackepedia

A Firewall is part of an Operating System's networking stack that allows one to create policies for network traffic, and permit or deny that traffic accordingly...

To read more about firewalls , click on the link.

Planet of the Users (OpenBSD song)

Today the new OpenBSD song came out for OpenBSD 4.6. The song is inspired by the movie "Planet of the Apes", where in the future Puffy flies to our planet in a timemachine. As he lands he sees a world that is evil. People have their arms surgically removed at birth and have a screen before their eyes to see, probably to take them out of their misery. Personal robots do all tasks that arms would have done. Puffy gets caught after someone identifies him as a hacker, but then escapes after turning the warden fish's display off (who by the way sees him as a woman in a bikini).

The story reminds me of a brainstorm I had in my old apartment where people get their limbs removed in order to program for a slave driver. Can't run away if you got no legs.

Puffy says "stop this future", and I agree, we don't need limbless people that would otherwise have healthy limbs. Down with slavery!

Identifying OS by TTL

By default BSD and Linux systems have a TTL of 64. Windows systems have a default TTL of 128. Given that information one can with some certainty say what OS did a DNS lookup on a wildcarddns DNS server. It requires logging turned on and evaluating the log with AWK.

Here is a small shell script:

grep wild /var/log/all | grep ttl | grep -v "ttl=0" | 
awk '{split($14,a,  "="); split(a[2], b, ")"); print b[1]; }'|\
sort | uniq -c |  \
awk 'BEGIN { printf("DNS lookups per operating system\n"); } {if ($2 > 64) { if 
($2 > 128) hash["unknown"] += $1; else hash["windows"] += $1;} else hash["unix"]
 += $1; } END { for (i in hash) { printf("%10-s - %s lookups\n", i, hash[i]);} }
'

The output looks somewhat like this:

DNS lookups per operating system
unknown    - 11 lookups
windows    - 90 lookups
unix       - 242 lookups

Unknown OS is anything over a TTL of 128 (probably with a default ttl of 255).

Here are some TTL's of default systems:

setebos$ uname -a
OpenBSD setebos.solarscale.de 4.5 GENERIC#0 i386
setebos$ sysctl -a | grep ttl 
net.inet.ip.ttl=64

# uname -a
SunOS sycorax 5.10 Generic_137138-09 i86pc i386 i86pc
# ndd /dev/ip ip_def_ttl
255
# ndd /dev/udp udp_ipv4_ttl
255

[pjp@uranus ~]$ uname -a
Linux uranus.centroid.eu 2.6.18-92.1.13.el5 #1 SMP  ... cut
[pjp@uranus ~]$ cat /proc/sys/net/ipv4/ip_default_ttl
64

So unknown can be changed to solaris.

Random Hackepedia

A system call is an API for a userland process to communicate with the kernel to request data or services outside of it's protected memory...

To read more about system calls go to hackepedia.

Schneier's new crypto book

Bruce Schneier announces a new book called "cryptography engineering" which is a sequel to "practical cryptography". I think I'm gonna buy this new book since I have another book of his called "applied cryptography" and it was a nice to have.

Wildcarddns feature

I've improved the code on wildcarddnsd so that it grabs the incoming ttl and displays it in the logs. Eventually I want to make it so that the dns server closest to an IP will reply. This requires some coding with sockets between two or more wildcarddns servers and allowing it to get the TTL is just a small step. How long it'll be before done I don't know, don't get your hopes up too high on it, unless you want to do some work and contribute.

Random Hackepedia

One major change I've noticed in Solaris 10 is that admintool is gone...

To read more about Solaris 10 go here