Archive for the ‘Networking & Security’ Category

When I buy electronic devices, I always keep an eye on their power consumption. Especially the power drain that you’ll get 24/7. For most devices, this is their “standby” power consumption, but some devices are left on all day long. My broadband router, a TP-Link Archer C7 running OpenWRT 15.05 Chaos Calmer, is in this last category.

Continue reading ‘TP-Link Archer C7 power consumption’ »

When I buy electronic devices, I always keep an eye on their power consumption. Especially the power drain that you’ll get 24/7. For most devices, this is their “standby” power consumption, but some devices are left on all day long. The b-box 3 of Proximus is in this last category.

Continue reading ‘B-box 3 power consumption’ »

My ISP, Skynet Belgacom Proximus, has been rolling out IPv6 since 2013. However, you need a B-Box 3 in order to get it. Recently, my B-Box 2 decided to stop working, so I got a (free) upgrade to a B-Box 3 (but see below).

Continue reading ‘Native IPv6 over Proximus DSL’ »

As you may know, HTTP/2.0, as implemented by most browsers, only runs over TLS (which is a good thing). Unfortunately, it makes debugging the protocol a bit harder, since protocol analyzers can’t look inside the TLS layer anymore. And while the in-browser debugging tools have become very good, I find myself in need of a Wireshark session to figure things out: In particular: which resources were pushed by the server?

So I found myself Men-In-The-Middle-ing myself with ZAP regularly. Today I learned that I can simply ask my browser to tell me the missing pieces: the master secret and the client random value (used to look up the correct master secret from the raw packet), or, if you are still not using PFS, part of the encrypted pre-master secret (for look-up), and the full (plaintext) pre-master secret.

Just set the SSLKEYLOGFILE environment-variable to the path of a writable text file (appended to). Works in both Chrome and Firefox! And make sure you unset the environment for safe surfing afterwards!

Wireshark can be configured to read in this file in the Preferences → Protocols → SSL → (Pre)-Master-Secret log filename.

I’ve been struggling a bit with IPv6 source address selection. Normally, when you initiate a new connection, you only specify the destination address (or have DNS resolve the name to an address). The choice of the source address is usually left to the OS by setting it to :: (IPv6’s version of 0.0.0.0).

RFC 6724 specifies how this selection should happen. Karl Auer explains it in a bit less painful way on his blog. But sometimes I want to influence the chosen address: how can I twist these rules to match my wishes? Karl also has an interesting post on this. In summary, use any combination of:

  • Deprecate the addresses that you don’t want to use: ip addr change 2001:db8::1:1/128 dev tun preferred_lft 0
  • Make your own label to group addresses: ip addrlabel family
  • Use privacy extension addresses

After some searching, I’ve found a Polish website that is hosted on an IDN domain name, which makes it a useful test vector.

I’ve been struggling with my dd-wrt setup lately. So I started looking around for potential alternatives. One thought was to use a Raspberry Pi as router, but I was worried about its performance. So I did a few tests.

Continue reading ‘Raspberry pi as broadband router’ »

Facebook, Twitter and Google have the nasty habit of tracking your every move on the internet. This ABE-script prevents this:

# Allow Facebook scripts and objects to be included only
# from Facebook pages
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

# also stop google+ widget
Site plus.google.com
Accept from plus.google.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

# and twitter
Site platform.twitter.com
Accept from twitter.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

I found myself firing up a calculator every time I needed to base-convert a number from/to hex or octal. So I wrote a very simple HTML-page that I added to my dashboard that does just this.

Continue reading ‘Base convertor’ »

I often find myself changing routes on my OS X system. Usually, however, I’m systematically adding the same routes over and over again, because they were automatically removed after a reboot, network change or whatever. Enter LocationChanger.

Continue reading ‘Automatically doing things when you change network’ »