Networks Are Made Of String

Networks, Android, Big Data & DevOps

11 May 2015

OpenBSD 5.7 - CD2 Issues

On Friday I was very excited to find that my order of OpenBSD 5.7 had arrived.

This release arrived later than usual due to some unfortunate factory issues.

Unfortunately it seems that even this new batch has issues and CD2 not only won't boot but has bizarre contents;

5.6 CD2

[gareth@t440s OpenBSD5.6 CD 2 www.OpenBSD.org]$ ls -lR
.:
total 80
dr-xr-xr-x 5 gareth gareth  2048 Jul 29  2014 5.6
-r--r--r-- 1 gareth gareth   310 Aug 15  2014 HARDWARE
-r--r--r-- 1 gareth gareth 64516 Aug 15  2014 ofwboot
-r--r--r-- 1 gareth gareth  3387 Aug 15  2014 PACKAGES
-r--r--r-- 1 gareth gareth  2421 Aug 15  2014 PORTS
-r--r--r-- 1 gareth gareth  6471 Aug 15  2014 README
-r--r--r-- 1 gareth gareth   583 Aug 15  2014 SHA256.sig
-r--r--r-- 1 gareth gareth   313 Aug 15  2014 TRANS.TBL

./5.6:
total 11
dr-xr-xr-x 2 gareth gareth 4096 Aug 15  2014 amd64
dr-xr-xr-x 2 gareth gareth 4096 Aug 15  2014 macppc
dr-xr-xr-x 4 gareth gareth 2048 Mar  1  2014 packages
-r--r--r-- 1 gareth gareth  133 Aug 15  2014 TRANS.TBL

./5.6/amd64:
total 234086
-r--r--r-- 1 gareth gareth 63661587 Aug  8  2014 base56.tgz
-r-xr-xr-x 1 gareth gareth     2048 Aug 15  2014 boot.catalog
-r-xr-xr-x 1 gareth gareth 11868163 Aug  8  2014 bsd
-r-xr-xr-x 1 gareth gareth 11908731 Aug  8  2014 bsd.mp
-r-xr-xr-x 1 gareth gareth  9091711 Aug  8  2014 bsd.rd
-r-xr-xr-x 1 gareth gareth    70556 Aug  8  2014 cdboot
-r-xr-xr-x 1 gareth gareth     2048 Aug  8  2014 cdbr
-r--r--r-- 1 gareth gareth 47967435 Aug  8  2014 comp56.tgz
-r--r--r-- 1 gareth gareth   180691 Aug  8  2014 etc56.tgz
-r--r--r-- 1 gareth gareth  1474560 Aug  8  2014 floppy56.fs
-r--r--r-- 1 gareth gareth  2788079 Aug  8  2014 game56.tgz
-r--r--r-- 1 gareth gareth    47214 Aug  8  2014 INSTALL.amd64
-r--r--r-- 1 gareth gareth  9189806 Aug  8  2014 man56.tgz
-r-xr-xr-x 1 gareth gareth    80440 Aug  8  2014 pxeboot
-r--r--r-- 1 gareth gareth     1709 Aug 15  2014 SHA256.sig
-r--r--r-- 1 gareth gareth      941 Aug 15  2014 TRANS.TBL
-r--r--r-- 1 gareth gareth 16976711 Aug  6  2014 xbase56.tgz
-r--r--r-- 1 gareth gareth    69066 Aug  6  2014 xetc56.tgz
-r--r--r-- 1 gareth gareth 39930159 Aug  6  2014 xfont56.tgz
-r--r--r-- 1 gareth gareth 19830937 Aug  6  2014 xserv56.tgz
-r--r--r-- 1 gareth gareth  4556020 Aug  6  2014 xshare56.tgz

./5.6/macppc:
total 170516
-r--r--r-- 1 gareth gareth 67712084 Aug  8  2014 base56.tgz
-r-xr-xr-x 1 gareth gareth   185939 Aug  8  2014 boot.mac
-r-xr-xr-x 1 gareth gareth  8254714 Aug  8  2014 bsd
-r-xr-xr-x 1 gareth gareth  8266224 Aug  8  2014 bsd.mp
-r-xr-xr-x 1 gareth gareth  8997059 Aug  8  2014 bsd.rd
-r--r--r-- 1 gareth gareth     6917 Aug  8  2014 bsd.tbxi
-r--r--r-- 1 gareth gareth 50288242 Aug  8  2014 comp56.tgz
-r--r--r-- 1 gareth gareth   180583 Aug  8  2014 etc56.tgz
-r--r--r-- 1 gareth gareth  2798771 Aug  8  2014 game56.tgz
-r--r--r-- 1 gareth gareth    51664 Aug  8  2014 INSTALL.macppc
lr-xr-xr-x 1 gareth gareth       18 Aug 15  2014 man56.tgz -> ../amd64/man56.tgz
-r--r--r-- 1 gareth gareth    64516 Aug  8  2014 ofwboot
-r--r--r-- 1 gareth gareth     1628 Aug 15  2014 SHA256.sig
-r--r--r-- 1 gareth gareth      911 Aug 15  2014 TRANS.TBL
-r--r--r-- 1 gareth gareth 17692287 Aug  7  2014 xbase56.tgz
-r--r--r-- 1 gareth gareth    69075 Aug  7  2014 xetc56.tgz
lr-xr-xr-x 1 gareth gareth       20 Aug 15  2014 xfont56.tgz -> ../amd64/xfont56.tgz
-r--r--r-- 1 gareth gareth 10033475 Aug  7  2014 xserv56.tgz
lr-xr-xr-x 1 gareth gareth       21 Aug 15  2014 xshare56.tgz -> ../amd64/xshare56.tgz

./5.6/packages:
total 15
dr-xr-xr-x 2 gareth gareth 12288 Aug 15  2014 amd64
dr-xr-xr-x 2 gareth gareth  2048 Aug 15  2014 powerpc
-r--r--r-- 1 gareth gareth    88 Aug 15  2014 TRANS.TBL

./5.6/packages/amd64:
total 183035
-r--r--r-- 1 gareth gareth   593586 Jul 31  2014 atk-2.12.0.tgz
-r--r--r-- 1 gareth gareth   179644 Jul 31  2014 at-spi2-atk-2.12.1.tgz
-r--r--r-- 1 gareth gareth   448182 Jul 31  2014 at-spi2-core-2.12.0.tgz
-r--r--r-- 1 gareth gareth   761991 Jul 31  2014 avahi-0.6.31p13.tgz
-r--r--r-- 1 gareth gareth   126808 Jul 31  2014 bzip2-1.0.6p1.tgz
-r--r--r-- 1 gareth gareth  1713541 Jul 31  2014 cairo-1.12.16.tgz
-r--r--r-- 1 gareth gareth   118219 Jul 31  2014 cdparanoia-3.a9.8p0.tgz
-r--r--r-- 1 gareth gareth   566097 Jul 31  2014 cups-libs-1.7.4.tgz
-r--r--r-- 1 gareth gareth   754037 Jul 31  2014 curl-7.37.0.tgz
-r--r--r-- 1 gareth gareth   930426 Jul 31  2014 dbus-1.8.6v0.tgz
-r--r--r-- 1 gareth gareth   218750 Jul 31  2014 dconf-0.20.0p0.tgz
-r--r--r-- 1 gareth gareth    67777 Jul 31  2014 desktop-file-utils-0.22.tgz
-r--r--r-- 1 gareth gareth 41717910 Jul 31  2014 firefox-31.0.tgz
-r--r--r-- 1 gareth gareth   959424 Jul 31  2014 flac-1.3.0p0.tgz
-r--r--r-- 1 gareth gareth  4187673 Jul 31  2014 gcr-3.12.2p0.tgz
-r--r--r-- 1 gareth gareth   190155 Jul 31  2014 gdbm-1.11.tgz
-r--r--r-- 1 gareth gareth  1076745 Jul 31  2014 gdk-pixbuf-2.30.8.tgz
-r--r--r-- 1 gareth gareth  5313618 Jul 31  2014 gettext-0.19.1p0.tgz
-r--r--r-- 1 gareth gareth  7749354 Jul 31  2014 glib2-2.40.0p7.tgz
-r--r--r-- 1 gareth gareth   123571 Jul 31  2014 glib2-networking-2.40.1.tgz
-r--r--r-- 1 gareth gareth   724977 Jul 31  2014 gmp-5.0.2p2.tgz
-r--r--r-- 1 gareth gareth 10135564 Jul 31  2014 gnome-icon-theme-3.12.0.tgz
-r--r--r-- 1 gareth gareth   198412 Jul 31  2014 gnome-icon-theme-symbolic-3.12.0p1.tgz
-r--r--r-- 1 gareth gareth  3152505 Jul 31  2014 gnome-keyring-3.12.2.tgz
-r--r--r-- 1 gareth gareth  1994038 Jul 31  2014 gnupg-1.4.17.tgz
-r--r--r-- 1 gareth gareth  2811743 Jul 31  2014 gnutls-3.2.15.tgz
-r--r--r-- 1 gareth gareth   106912 Jul 31  2014 graphite2-1.2.4.tgz
-r--r--r-- 1 gareth gareth   927943 Jul 31  2014 gsettings-desktop-schemas-3.12.2.tgz
-r--r--r-- 1 gareth gareth  6085962 Jul 31  2014 gstreamer1-1.2.4p0.tgz
-r--r--r-- 1 gareth gareth  6849596 Jul 31  2014 gstreamer1-plugins-base-1.2.4.tgz
-r--r--r-- 1 gareth gareth  5463024 Jul 31  2014 gstreamer1-plugins-good-1.2.4p0.tgz
-r--r--r-- 1 gareth gareth 16411542 Jul 31  2014 gtk+2-2.24.24.tgz
-r--r--r-- 1 gareth gareth 19577293 Jul 31  2014 gtk+3-3.12.2p1.tgz
-r--r--r-- 1 gareth gareth    14963 Jul 31  2014 gtk-update-icon-cache-2.24.24.tgz
-r--r--r-- 1 gareth gareth  1924329 Jul 31  2014 gvfs-1.20.2.tgz
-r--r--r-- 1 gareth gareth   551885 Jul 31  2014 harfbuzz-0.9.29.tgz
-r--r--r-- 1 gareth gareth     5463 Jul 31  2014 hicolor-icon-theme-0.13.tgz
-r--r--r-- 1 gareth gareth   416681 Jul 31  2014 hunspell-1.3.2p0.tgz
-r--r--r-- 1 gareth gareth  5255336 Jul 31  2014 iso-codes-3.52.tgz
-r--r--r-- 1 gareth gareth   367977 Jul 31  2014 jasper-1.900.1p2.tgz
-r--r--r-- 1 gareth gareth   392495 Jul 31  2014 jpeg-9a.tgz
-r--r--r-- 1 gareth gareth  1263345 Jul 31  2014 libarchive-3.0.4p0.tgz
-r--r--r-- 1 gareth gareth   340623 Jul 31  2014 libcroco-0.6.8p0.tgz
-r--r--r-- 1 gareth gareth    30733 Jul 31  2014 libdaemon-0.14p0.tgz
-r--r--r-- 1 gareth gareth    94933 Jul 31  2014 libelf-0.8.13p1.tgz
-r--r--r-- 1 gareth gareth    44039 Jul 31  2014 libffi-3.0.13.tgz
-r--r--r-- 1 gareth gareth   900869 Jul 31  2014 libgcrypt-1.6.1p1.tgz
-r--r--r-- 1 gareth gareth   100458 Jul 31  2014 libgpg-error-1.13p0.tgz
-r--r--r-- 1 gareth gareth  1548522 Jul 31  2014 libiconv-1.14p1.tgz
-r--r--r-- 1 gareth gareth   267686 Jul 31  2014 libidn-1.28p0.tgz
-r--r--r-- 1 gareth gareth   602075 Jul 31  2014 libnettle-2.7.1p0.tgz
-r--r--r-- 1 gareth gareth   212443 Jul 31  2014 libogg-1.3.2.tgz
-r--r--r-- 1 gareth gareth   186213 Jul 31  2014 libproxy-0.4.11p3.tgz
-r--r--r-- 1 gareth gareth   372923 Jul 31  2014 librsvg-2.40.2.tgz
-r--r--r-- 1 gareth gareth   950614 Jul 31  2014 libsecret-0.18.tgz
-r--r--r-- 1 gareth gareth    71103 Jul 31  2014 libshout-2.2.2p2.tgz
-r--r--r-- 1 gareth gareth  1069486 Jul 31  2014 libsoup-2.46.0p0.tgz
-r--r--r-- 1 gareth gareth   132394 Jul 31  2014 libtasn1-4.0.tgz
-r--r--r-- 1 gareth gareth   818699 Jul 31  2014 libtheora-1.1.1p2.tgz
-r--r--r-- 1 gareth gareth   667271 Jul 31  2014 libvorbis-1.3.4.tgz
-r--r--r-- 1 gareth gareth  1470342 Jul 31  2014 libvpx-1.3.0.tgz
-r--r--r-- 1 gareth gareth  2351596 Jul 31  2014 libxml-2.9.1p1.tgz
-r--r--r-- 1 gareth gareth  1452890 Jul 31  2014 lynx-2.8.9pl1p0.tgz
-r--r--r-- 1 gareth gareth   146740 Jul 31  2014 lzo2-2.08.tgz
-r--r--r-- 1 gareth gareth   250460 Jul 31  2014 mozilla-dicts-en-GB-1.3p0.tgz
-r--r--r-- 1 gareth gareth  1053463 Jul 31  2014 nspr-4.10.6.tgz
-r--r--r-- 1 gareth gareth  2302217 Jul 31  2014 nss-3.16.2.tgz
-r--r--r-- 1 gareth gareth   569673 Jul 31  2014 orc-0.4.19.tgz
-r--r--r-- 1 gareth gareth   973335 Jul 31  2014 p11-kit-0.20.3.tgz
-r--r--r-- 1 gareth gareth  1097738 Jul 31  2014 pango-1.36.5.tgz
-r--r--r-- 1 gareth gareth  1201343 Jul 31  2014 pcre-8.35.tgz
-r--r--r-- 1 gareth gareth   365489 Jul 31  2014 png-1.6.12.tgz
-r--r--r-- 1 gareth gareth  8938418 Jul 31  2014 python-2.7.8.tgz
-r--r--r-- 1 gareth gareth     7125 Jul 31  2014 quirks-2.9.tgz
-r--r--r-- 1 gareth gareth   316937 Jul 31  2014 rsync-3.1.1.tgz
-r--r--r-- 1 gareth gareth     8170 Aug 15  2014 SHA256.sig
-r--r--r-- 1 gareth gareth   914437 Jul 31  2014 shared-mime-info-1.3.tgz
-r--r--r-- 1 gareth gareth   663886 Jul 31  2014 speex-1.2rc1p0.tgz
-r--r--r-- 1 gareth gareth   519496 Jul 31  2014 taglib-1.9.1p0.tgz
-r--r--r-- 1 gareth gareth  1084068 Jul 31  2014 tiff-4.0.3p2.tgz
-r--r--r-- 1 gareth gareth     4817 Aug 15  2014 TRANS.TBL
-r--r--r-- 1 gareth gareth   171081 Jul 31  2014 tremor-20120410p0.tgz
-r--r--r-- 1 gareth gareth   165680 Jul 31  2014 unzip-6.0p4.tgz
-r--r--r-- 1 gareth gareth   235275 Jul 31  2014 wavpack-4.70.0p0.tgz
-r--r--r-- 1 gareth gareth   301490 Jul 31  2014 xz-5.0.5p0.tgz

./5.6/packages/powerpc:
total 11974
-r--r--r-- 1 gareth gareth  127187 Aug  9  2014 bzip2-1.0.6p1.tgz
-r--r--r-- 1 gareth gareth  761599 Aug  9  2014 curl-7.37.0.tgz
-r--r--r-- 1 gareth gareth 5229595 Aug  9  2014 gettext-0.19.1p0.tgz
-r--r--r-- 1 gareth gareth 2003094 Aug  9  2014 gnupg-1.4.17.tgz
-r--r--r-- 1 gareth gareth 1559246 Aug  9  2014 libiconv-1.14p1.tgz
-r--r--r-- 1 gareth gareth  279888 Aug  9  2014 libidn-1.28p0.tgz
-r--r--r-- 1 gareth gareth 1490564 Aug  9  2014 lynx-2.8.9pl1p0.tgz
-r--r--r-- 1 gareth gareth  322735 Aug  9  2014 rsync-3.1.1.tgz
-r--r--r-- 1 gareth gareth    1101 Aug 15  2014 SHA256.sig
-r--r--r-- 1 gareth gareth     595 Aug 15  2014 TRANS.TBL
-r--r--r-- 1 gareth gareth  167464 Aug  9  2014 unzip-6.0p4.tgz
-r--r--r-- 1 gareth gareth  313697 Aug  9  2014 xz-5.0.5p0.tgz

5.7 CD2

[gareth@t440s OPEN_BSD_57_CD2]$ ls -lR
.:
total 80
dr-x------ 1 gareth gareth  2048 Jul 29  2014 5.7
-r-------- 1 gareth gareth   310 Mar 15 18:59 HARDWARE
-r-------- 1 gareth gareth 64780 Mar 15 18:59 OFWBOOT
-r-------- 1 gareth gareth  3387 Mar 15 18:59 PACKAGES
-r-------- 1 gareth gareth  2421 Mar 15 18:59 PORTS
-r-------- 1 gareth gareth  6463 Mar 15 18:59 README
-r-------- 1 gareth gareth   582 Mar 15 18:59 SHA256.SIG
-r-------- 1 gareth gareth   313 Mar 15 18:59 TRANS.TBL

./5.7:
total 7
dr-x------ 1 gareth gareth 2048 Mar 14 20:13 AMD64
dr-x------ 1 gareth gareth 2048 Mar 14 20:13 MACPPC
dr-x------ 1 gareth gareth 2048 Mar  1  2014 PACKAGES
-r-------- 1 gareth gareth  133 Mar 15 18:59 TRANS.TBL

./5.7/AMD64:
total 225665
-r-------- 1 gareth gareth 57380394 Mar  8 17:04 BASE57.TGZ
-r-------- 1 gareth gareth     2048 Mar 14 20:13 BOOT.CAT
-r-------- 1 gareth gareth 10029237 Mar  8 17:04 BSD
-r-------- 1 gareth gareth 10069780 Mar  8 17:04 BSD.MP
-r-------- 1 gareth gareth  7592389 Mar  8 17:10 BSD.RD
-r-------- 1 gareth gareth    71076 Mar  8 16:54 CDBOOT
-r-------- 1 gareth gareth     2048 Mar  8 16:54 CDBR
-r-------- 1 gareth gareth 51246149 Mar  8 17:05 COMP57.TGZ
-r-------- 1 gareth gareth  1474560 Mar  8 17:10 FLOPPY57.FS
-r-------- 1 gareth gareth  2789725 Mar  8 17:05 GAME57.TGZ
-r-------- 1 gareth gareth    46518 Mar  8 17:10 INSTALL.AMD
-r-------- 1 gareth gareth  8984308 Mar  8 17:05 MAN57.TGZ
-r-------- 1 gareth gareth    80964 Mar  8 16:54 PXEBOOT
-r-------- 1 gareth gareth     1535 Mar 14 20:13 SHA256.SIG
-r-------- 1 gareth gareth      846 Mar 15 18:59 TRANS.TBL
-r-------- 1 gareth gareth 17060674 Mar  7 11:12 XBASE57.TGZ
-r-------- 1 gareth gareth 39930183 Mar  7 11:12 XFONT57.TGZ
-r-------- 1 gareth gareth 19794709 Mar  7 11:12 XSERV57.TGZ
-r-------- 1 gareth gareth  4519648 Mar  7 11:12 XSHARE57.TGZ

./5.7/MACPPC:
total 166488
-r-------- 1 gareth gareth 62022947 Mar  8 19:54 BASE57.TGZ
-r-------- 1 gareth gareth   184723 Mar  8 19:20 BOOT.MAC
-r-------- 1 gareth gareth  7734082 Mar  8 19:53 BSD
-r-------- 1 gareth gareth  7747827 Mar  8 19:53 BSD.MP
-r-------- 1 gareth gareth  8457407 Mar  8 20:10 BSD.RD
-r-------- 1 gareth gareth     6917 Mar  8 19:20 BSD.TBX
-r-------- 1 gareth gareth 53558838 Mar  8 19:55 COMP57.TGZ
-r-------- 1 gareth gareth  2800308 Mar  8 19:55 GAME57.TGZ
-r-------- 1 gareth gareth    51050 Mar  8 20:10 INSTALL.MAC
-r-------- 1 gareth gareth        0 Mar  8 17:05 MAN57.TGZ
-r-------- 1 gareth gareth    64780 Mar  8 19:20 OFWBOOT
-r-------- 1 gareth gareth     1454 Mar 14 20:13 SHA256.SIG
-r-------- 1 gareth gareth      816 Mar 15 18:59 TRANS.TBL
-r-------- 1 gareth gareth 17803347 Mar  7 13:48 XBASE57.TGZ
-r-------- 1 gareth gareth        0 Mar  7 11:12 XFONT57.TGZ
-r-------- 1 gareth gareth 10045621 Mar  7 13:49 XSERV57.TGZ
-r-------- 1 gareth gareth        0 Mar  7 11:12 XSHARE57.TGZ

./5.7/PACKAGES:
total 5
dr-x------ 1 gareth gareth 2048 Mar 15 18:59 AMD64
dr-x------ 1 gareth gareth 2048 Mar 15 18:59 POWERPC
-r-------- 1 gareth gareth   88 Mar 15 18:59 TRANS.TBL

./5.7/PACKAGES/AMD64:
total 1737
-r-------- 1 gareth gareth 1459954 Mar  7 16:56 LYNX-2_8.TGZ
-r-------- 1 gareth gareth  316899 Mar  7 16:56 RSYNC-3_.TGZ
-r-------- 1 gareth gareth     349 Mar 15 18:59 SHA256.SIG
-r-------- 1 gareth gareth     156 Mar 15 18:59 TRANS.TBL

./5.7/PACKAGES/POWERPC:
total 1779
-r-------- 1 gareth gareth 1497929 Mar  7 16:56 LYNX-2_8.TGZ
-r-------- 1 gareth gareth  322444 Mar  7 16:56 RSYNC-3_.TGZ
-r-------- 1 gareth gareth     349 Mar 15 18:59 SHA256.SIG
-r-------- 1 gareth gareth     156 Mar 15 18:59 TRANS.TBL

The guys and gals at the OpenBSD store are working on it so I expect it'll all be sorted soon.

Read more
11 May 2015

A Reply From James Brokenshire Regarding Encryption

In Feburary I wrote to my MP Rob Wilson about David Cameron's comments regarding encryption. Some months later I received a reply from James Brokenshire who at the time was (and possibly still is) the Immigration and Security Minister;



Whilst it is probably just a throwaway comment Mr Brokenshire states that there aren't "currently any plans to outlaw encryption", one wonders if such plans have been discussed?

While there are currently no plans to outlaw online encryption, as the Prime Minister made clear, terrorists and serious criminals use internet-based communications to plan, direct and - increasingly - execute their plots.

Obviously it'd be impossible for the Government to discuss encryption without bringing up terrorists, extremists and paedophiles (of course MPs will likely be exempt from the Snoopers Charter);

The Government believes that communications service providers have a responsibility to prevent their networks from being used to plot attacks. There is a clear role for industry to ensure that the internet does not become a safe haven for terrorists, extremists and paedophiles.

Mr Brokenshire reiterates that businesses in other countries can be held accountable to UK laws, the implications of this for the UK seems to be lost on the Government (e.g. China ordering a UK website to remove images of Tiananmen Square);

Last year, the Government introduced emergency legislation to put beyond doubt that the Regulation of Investigatory Powers Act 2000 applies to companies based overseas that deliver services in this country.

It's quite likely that the Communications Data Bill will be placed before the House of Commons soon and the same old claims about how the Police and Security Services are being hampered by peoples use of crypto whilst not having these new laws will come out of the wood work.

Now would be a good time to support entities such as Brass Horn Communications and the Open Rights Group to help protect yourself from surveillance and co-ordinate an opposition to the passing of these laws.

It would also be worthwhile checking the EFF's Surveillance Self Defence website; https://ssd.eff.org/ to ensure that the existing legislation such as DRIP and CTSB don't affect you.

Read more
15 January 2015

Using Tor Hidden Services and GPG to Create Difficult to Attack Offsite Backups

Backups are very useful and in the event of fire or theft it is very useful to have them offsite, however offsite backups leave your data at risk of compromise if the offsite storage is attacked.

To prevent an attacker from locating your offsite backup (e.g. if you were backing up your laptop whilst in a hotel) and preventing theft of the data in the event the location is discovered one can use Tor and GPG.

As the data is encrypted at rest it is safe to use any number of VPS providers because even if they accidently attach your volume to someone elses instance the data is still unreadable.

Configuring Tor:

Installing Tor for your server is explained on the Tor project website with that done you can check the Hidden Service manual for general advice on configuring a Hidden Service but it basically boils down to;

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0.1:22

It is advisable to run your Tor instance as a relay as this will not only help the Tor network but will also provide a certain amount of traffic to/from the offsite server which may help mask its origin and frustrate correlation attacks.

If you can't afford the bandwidth you could elect to run it as a private bridge;

BridgeRelay 1
PublishServerDescriptor 0

Configuring The Source:

The following bash script is relatively well commented;

#!/bin/bash

NOW=$(date +"%a")
FILE="backup-$NOW.tar.gz"

echo $FILE

echo "Backup up directory 1"
tar cf /backup/dir1.tar /directory1
echo "Backup high io"
tar cf /backup/dir2.tar /directory2


echo "Backup up DBs;"
for DB in mysql db1 db2 db3 db4
do
        echo $DB
        mysqldump $DB > /backup/$DB.sql
done

echo "Taring DBs"
tar cf /backup/dbs.tar /backup/*.sql

echo "Creating compressed tgz of all tars"
tar czf /backup/$FILE /backup/*.tar

echo "Encrypting"
time gpg --encrypt --recipient your@email.com /backup/$FILE
echo "Done"


echo "Deleting unencrypted backups"
rm /backup/*.tar /backup/*.sql
echo "Done"

echo "SCPing to Hidden Service"
scp -i /root/backup.key -o ProxyCommand='nc --proxy 127.0.0.1:9150 \
 --proxy-type socks5 %h %p' /backup/$FILE.gpg backup@xxxxxxxxxxxxxxxxxx.onion:
echo "Done"

echo "RM'ing local GPG backup"
rm /backup/$FILE.gpg
echo "Done"
Read more
15 December 2014

A Sneak Peek At A Part Of The Reading CCTV Infrastructure

I was walking home from the Train Station last night and noticed that someone had busted open one of the ubiqitous BT 'green boxes' nearby. Hoping to get a look at some fancy FTTC/FTTP gear I took some photos and carried on home.

Upon looking at the photos this morning it appears this is actually some form of media converter with a fibre link back to Reading Police station for the CCTV network.

The Top

The leftmost black box is a Kenton Research Ltd filter that removes power transmission noise induced into the video CCTV circuits causing hum patterns on the screen image. This takes COAX in and has a COAX out connection that connects to the gray box underneath. That gray box has a single fibre we can assume to be 1000Base-BX or 100Base-BX and has a sticker identifying the fibre runs destination to be Reading Police Station;

Label: YTVRA-YIECU 8501 VK
Circuit No: CCTV 205009
Destination Reading Police Station

The second black box is a BT Telemetry interface Unit (1A) and looks to support RS232 (not connected) and/or TTL serial (not connected) labeled as DATA 1, a generic DATA 2 with in (not connected) and out (connected via 1 twisted pair (orange) out of what appears to be CAT5/2), AUDIO out (connected via 1 twisted pair (blue) out of a different run of CAT5) and in (not connected), finally there is a set of terminals labelled CC (out and in) which are not connected.

The telemetry interfaces appear to terminate in some non-descript white boxes, one appears to be be power (bottom white box with a high voltage label) and the other terminates in the leftmost white box that links to a smaller white box next to a MicroTik Routerboard device.

The Routerboard device appears to be from the RB750 family and supports POE, interestingly the DC adapter is plugged in but its also connected to two POE devices all of which are unplugged from a standard UK 3 pin extenstion lead so we can assume the RouterBoard device is powered off (either by design or by the vandal).

The Bottom:

At the bottom left is a standard BT fibre demarcation box with a single egress fibre that we can assume to be single mode. Next to that is a white box with high voltage labeling. Next to that is a (possibly) damaged power terminal that feeds into the PDU that powers the microtek, the fibre CPE, and the media convertor.

Implications?

Without knowing if this box is an example of a functioning CCTV point or whether it has been damaged by vandals it's hard to say but there are security implications depending on what the purpose of the Microtik device is/was and whether it is adequetly secured from a local attacker.

It'd also be interesting to know (not that I'm going to try it) as to whether the grey RJ45 ended cables are connected to some form of switch and as to whether this is an IP/ethernet network, if it is one would hope that Thames Valley Police have put ACLs in place to prevent someone from flashing/owning the Microtik device or plugging in their own and having a jumping off point into the Police or the CCTV control network!

Maybe I'll send an FOI request and see what they say.

Disclaimer: I didn't open this box, I didn't touch anything. I just took some pictures.

Update:

The system does indeed look to be IP based;

The CCTV system appears to be controlled by some software named Mosaic (running on RFC1918 address 10.207.10.31) written by a company called Tyco, the following press release would indicate the entire network is IP based;

Tyco Fire & Integrated Solutions – Traffic and Transportation (Tyco), has announced a new IP Control System offering a fully integrated control platform for security and surveillance applications including CCTV, access control, fire and intruder alarms, and communications. Called Mosaic, this new hybrid system allows seamless control of both traditional analogue and the latest IP-based digital equipment for easy integrated control of systems of virtually any complexity using a common graphical user interface.

Source

Read more