Dave's Blog

My undoing was acquiring a 400GB external hard drive for my laptop. It gave me the storage capacity to play around with other distros while supposedly keeping my main distro (currently CentOS 5.4) on the internal hard drive safe and stable. The only problem with this scheme is that some Linux installers act almost like Windoze and re-write the MBR. This has the unpleasant and surprising effect of making my supposedly safe and stable Linux on my hard drive inaccessible.

In an attempt to cut down on the noise level I have instituted the following policy:

User accounts must be activated within one week from the time the account is requested and created. New accounts that have not had a login after one week will be deleted.

This policy will also allow me to "weed out" the lusers who don't provide a valid e-mail address when registering. By the way, I can't think of anyone who more deserves the epitaph of "luser" than someone who doesn't provide a valid e-mail address when completing a registration form that states that their login credentials will be e-mailed to them.

I'm a registered Republican but I more tolerate the Republican Party than I am a real supporter. In a previous article I described myself as being a small "l" libertarian since I also have lots of practical issues with the Libertarian Party even if I agree with them philosophically.

Not being a good fit for either the Republicans or the Libertarians and being almost totally opposed to the goals of the Democratic Party leaves me in search of a short but accurate and descriptive political label. The label I recently came up with and want to try out for a while to see how well it fits is Secular Conservative.

Fedora 12 got released at almost exactly the same time that I was switching Internet Service Providers. My gripe with my old provider was that their point-to-point wireless connection had become unreliable (up time varied between 85% and 90%). Doing an Internet upgrade from Fedora 11 to Fedora 12 seemed like a good way to test the new DSL connection and get my workstation upgraded to the latest release.

The download worked fine but installing the upgrade ran afoul of a known problem with the Fedora preupgrade process. I had made /boot its own partition and as is traditional with /boot a fairly small (200MB) partition at that. When I rebooted to the upgrade kernel, the upgrade appeared to start normally but after some processing declared it could not continue due to "insufficient disk space." Clicking on the "Details" button on the installer's dialogue box informed me that another 20MB were needed in /mnt/sysimage/boot. A quick look at the files in /boot revealed that it was very unlikely that any amount of removing old kernels would free up 20MB. I needed a different workaround.

If you got to here using one of the many old links that point to http://davenjudy.org/wordpress, you're probably wondering how I got Wordpress to look like this. The answer is that this isn't Wordpress.

I left my old Wordpress blog in place for quite a while on the grounds that I still seemed to be getting a few readers. With the worm that is circulating and infecting older Wordpress installations I was faced with the choice of going through yet another Wordpress update cycle for a blog I'm not using or just creating a link that points people to my current, Drupal based blog.

So, I'm taking a network security class and one of the assignments is to come up with some sort of security related research project. I decided to do my project on getting a number of Operating Systems working in Virtual Machines (VMs) and then seeing if I could run various security scanners on them. I described the networking side of the project (getting bridging mode working for qemu) in my earlier article Virtually There. I had originally assumed that getting the guest operating systems working would be the easy part. Boy was I wrong.

The universe conspired to coerce me into getting WPA radius working for Windows. My wife started taking a Microsoft SharePoint class at the local community college and started bringing her laptop home from work so she could work on the homework. I have a bunch of wired RJ-45 ports around the house but none of them are where it's really convenient for her to work on her stuff. That meant getting WPA radius working for her Windows XP laptop. It also turned out that my certificates were expiring from my original exercise in setting up freeradius, WPA radius and getting them working with ndiswrapper on my laptop.

Regenerating the certificate for my laptop running CentOS Linux was easy. It also turned out to be futile and therein lies the tale.

Some time ago I decided to set up a qemu virtual machine (VM) with Windows 2000 (W2K). While just getting a basic VM running was pretty easy, getting my W2K installation updated with all of the various patches that have been released over the years was anything but easy. I described the process I went though in my article Virtual Hell.

Since getting my W2K VM running I decided to take a couple of classes on network security through a local community college. One of the classes is "Computer Security and Penetration Testing". It occurred to me that having my W2K VM be accessible on my network would be a great way to delve into some of the more interesting subjects from the penetration testing class like scanning, spoofing and hacking. The gotcha was I needed to set up my host system so that the NIC was bridged to the virtual NIC of the VM.

About a week ago I started noticing several odd entries in the DNS log digest. The entries either looked like:

client 208.76.253.253 query (cache) './NS/IN' denied: 19406 Time(s)

or something like:

client 70.86.80.98 query (cache) 'acihldaaaafwx0000dgaaabaaafbjmok/NS/IN' denied: 1 Time(s)

with the second form repeated possibly hundreds of times with minor changes in the cache query string. I had read about the theoretical possibility of DNS cache poisoning several months ago and had dully updated my DNS software. It looked like several people were attempting "brute force" cache poisoning attacks with the minimum consequence to me being the huge number of rejected queries making my logs difficult to use for diagnosing other problems and possibly much more serious consequences if the cache poisoning attcks succeeded.

I decided to get back into my hobby/task of digitizing the various vinyl albums I have in my music collection. After first verifying that my hardware and cabling setup was correct (it wasn't; I had the sound out from my receiver plugged into the microphone input on the sound card instead of audio in), I went to fire up audacity to capture and edit my digitized music and it wasn't there.