Irregular Expressions

January 30, 2011  10:56 PM

Teredo tunnels

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have run a snort style sensor you may have seen a snort alert referring to a “teredo tunnel” being detected.

So what is a “teredo tunnel” ?

It is a method to connect IPv6 enabled devices over IPv4 networks, this can even cross multiple NAT points.

This is done by putting the IPv6 packets in IPv4 UDP.

I am not a fan of this, while it does have a purpose it also increases the attack surface of the network.  Also if your IPS is not able to understand what is going on, it could be used to bypass policy and subvert your controls.

Wikipedia as always has a good write up.

January 30, 2011  12:05 AM

Getting closer to IPv6 time

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

With all of the news of IPv4 running out of address space ( ) it might be time to start brushing up on your IPv6.  Not that I would be worried about getting any more IPv4 addresses anytime soon, this is just the large pools of addresses handed out to ISP and other large groups.  You will still be able to call up your local ISP and get your self a new static IP.

So it’s not time to panic, but its getting closer.

Besides the fact that we are running out of addresses and need to move to IPv6, there are some other features that will be a benefit to us all. I will just run through a couple, you can see the full list here .

Mandatory support for network layer security

Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread deployment first in IPv4, into which it was back-engineered. IPsec is an integral part of the base protocol suite in IPv6.[1]IPsec support is mandatory in IPv6 but optional for IPv4.

Simplified processing by routers

In IPv6, the packet header and the process of packet forwarding have been simplified to make packet processing by routers more efficient,[1][11] and thereby extending the end-to-end principle of Internet design. Specifically:

  • The packet header in IPv6 is simpler than that used in IPv4, with many rarely used fields moved to separate options; as a result, although the addresses in IPv6 are four times as large, the option-less IPv6 header is only twice the size of the option-less IPv4 header.
  • IPv6 routers do not perform fragmentation. IPv6 hosts are required to either perform PMTU discovery, perform end-to-end fragmentation, or to send packets no larger than the IPv6 default minimum MTU size of 1280 octets.
  • The IPv6 header is not protected by a checksum; integrity protection is assumed to be assured by both link layer and higher layer (TCP, UDP, etc.) error detection.[note 1] Therefore, IPv6 routers do not need to recompute a checksum when header fields (such as the time to live (TTL) or hop count) change.[note 2]
  • The TTL field of IPv4 has been renamed to Hop Limit, reflecting the fact that routers are no longer expected to compute the time a packet has spent in a queue.

January 27, 2011  11:26 PM

More arrested in connection with Anonymous

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is on top of the two Dutch men arrested several weeks ago.

They are being charged using the “Computer Misuse Act” (UK), the act was originally put in place in 1990, and it looks like they are using amendment 36:

I wonder how Anonymous was promising that no one would be prosecuted for these actions, most countries have laws in place to prosecute individuals that do these, I know that the UK, US, Japan all have laws just to name a few.

I would not want any of these charges.

(6)A person guilty of an offence under this section shall be liable—

(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;

(c)on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.”

January 27, 2011  3:13 PM

Lessons learned on conflicker

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Well worth reading.

January 27, 2011  3:10 PM


Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Very cool, researchers have been able to piggy back data on to DNA for storage, and not just bits of text. This could be video, images, music etc.

The article says that there is a 3 tiered protection system and one of the researchers goes as far to say that it is unhackable.  That I find hard to believe, given enough time anything is possible, but it sounded like it would be offline storage and maybe that’s what he was talking about?

It’s reported that it can store two TB in one graham of bacteria, I wonder how long it takes to write and read that?

January 25, 2011  11:40 PM

The state of the web in Winter 2010

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The Oatmeal is great.

While funny, some of you may find this offensive, but it does have neat stats in it.

January 25, 2011  11:33 PM

New type of memory

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Combines the speed of DRAM and the ability to store the information for periods of time, up to a couple of years as quoted.

I still remember marveling at the speed of the memory on my 486 machine compared to the Tandy 1000 I used to own.  Every year I find a story like this and it’s kinda fun to think back to the way things were, 5, 10 years ago and even longer and the leaps that we are ahead of it.

I wonder if the long term storage has the same limitations of flash where it has a limited amount of writes before being a paper weight?

January 25, 2011  3:09 PM

More Stuxnet news

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Found this on the nytimes site,

A little more information and I guess you would call it evidence to pin who the creators of the stuxnet worm are.  The information given makes sense, and really the short list of country’s with the capability to make something like this and have the will to do something about are very short.

I hope this is not the start of industrial warfare, I don’t thing there is a single country in the world that is ready to take a proper defensive in that situation.  Also the damage that could be done to the infrastructure could be considerable and if it’s timed with the weather right it could cause casualties.

January 9, 2011  11:49 PM

Interesting story connected to wikileaks

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is interesting, it makes you wonder if someone knew who they were sending the letter to?

I am interested to know what the response from the MP will be, also with something like this I would suspect that they already know what they are looking for and who they need to get it from.

This is all tied to laying charges on the main players in the document leaks.

January 9, 2011  12:11 AM

Private Key Failure

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is a perfect demonstration of how you can have all of the crypto in the world in your system, but if you do it wrong why bother.

The back and forth now should be interesting, I can see Sony taking legal action but the cat is out of the bag.

With the release of the key new hardware is needed with new keys and I would hope random numbers this time, I think it can be assumed that the new PS3 consoles coming out in the near future may have new keys but I am not sure how this would effect running older software on the new consoles and new software on the old consoles, I was not able to locate much information on the subject.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: