
Re: The Dragon Book
Oh Jacques - poppez le tag, s'il-vouz-plait!
(I assume a PE router would be a 'routeur EP' in French?)
285 publicly visible posts • joined 20 May 2019
I was at a networking conference in Amsterdam many years ago, I think the topic was IPv6? In any case, since this was an international crowd, most of us pronounced the word "routing" as the Americans do - /ˈraʊ.t̬ɪŋ/. After about half an hour of initial discussions, a gentleman (there's no other word better suited to describe him) spoke up to respond to some question or other, and started his reply by saying "First of all, can I just clarify that it's pronounced '/ˈruːt.ɪŋ/'. Trust me, we've been using the language a LOT longer than they have. Anyway, to answer your question..."
(I still pronounce it the American way.)
> I've got a printer next to me that requires a connection to halfway around the world which means it regularly fails to print..
Tangentially related: In the late nineties I was doing helpdesk duty, and was called upon to check a networked HP LaserJet printer that had been slow and unreliable for months. Since our cabled network was a bit iffy at times (my team didn't own or touch the wiring), I decided to start by moving it to another patch point to see if that made any difference. This was was in our customer service area, which was on a section of raised flooring in an old automobile manufacturing hall (long and narrow). The printer was next to one of the small stairs that led up to the raised floor, and as I started pulling the cable, I realized that it went up the post next to it, then across the stairs (tautly stretched between the poles), down the post on the other side and continued off along the floor (neatly tucked in between the wall partitions and the desks, all the way to the end of the hall and back - SIX TIMES, then patched into an outlet on the post it had just gone down. Having rolled it all up, I found myself holding a mass of partially frayed Cat 5 cable that I couldn't even estimate the length of in meters - it was at least FOUR WEEKS long! I replaced it by a 2 meter drop patch to the outlet right next to it (on the same pole the old cable had gone UP), and after that it worked perfectly again; snappy as anything and completely reliable once more.
When I asked the nearby staff if they knew who'd installed it they said that it'd originally been installed on the other side of the stairs (where it was plugged in), but they'd wanted to move it for some reason and then the cable hadn't been long enough... so they'd found a longer one next to the trash compactor and used that one instead.
I run a small fan-created website for a band in my spare time. We had a contest a couple of years back where we asked our readers to send an email with their quiz answers to a particular mailbox. Some genius posted a comment to the contest post with his list of answers (because I'd not coded a "disable comments for this post" function yet). I posted a very courteous post explaining that you shouldn't post answers in the comments, then started up the mysql-client to replace his comment with a "This comment was deleted by the administrator." message. Only, OF COURSE I forgot the WHERE clause and deleted eight years worth of comments. After that I coded the "disable comments" feature AND the web GUI for managing comments.
But that sort of pales next to the people who have made PROPER mistakes as described here. Icon for my brothers.
Juniper Network's Junos OS allows you to extend CLI functionality by writing your own op (operational) or event (triggered on system events) scripts. These days, I hear you can do Python, but initially they only supported XSLT and the abomination known as SLAX. The version of SLAX that was supported when I was into scripting directly on the routers only supported "immutable variables"; that is variables that you can assign a value to, but you can't change them once they're set. You know, what us normal people refer to as "constants".
After some struggling (and a couple of choice words I would normally reserve for Python) I finally had a script that would tell me, in just five seconds or so, what routing-instance, layer-2 circuit or bridge-domain an interface belonged to. That's two days of my life I'm not getting back, especially since a colleague managed to achieve the same result with a "show conf | disp set | match ..." command that comes back with the same information instantly. THEN, to add insult to injury, he mapped that string to a keyboard shortcut in SCRT.
We're interviewing people for a vacant position in my team of network engineers, and I've been helping out as a technical resource. My favourite question to ask candidates is "What's the biggest mistake you've done on a network? At least, that you haven't gotten away with...". That tells you both how honest they can be with their mistakes (because, as Pascal says, they will happen), and also what skill level they're at. "I shut down the wrong interface once" is not quite the same magnitude as "I once tried a regular expression with thirty wildcards on a Cisco 7505 and in doing so brought down all our US peering capacity".
A place I worked for in the late 90's had a CRM application we regularly had to install on agents' PCs. The installation progress bar didn't have a number on it, but it continued a couple of notches past the end of its predrawn box, so when someone had problems we always used to ask if they'd remembered to install the full 107% of the application.
The basic authentication rule is very simple: Something you have and something you know. If they want to use voice recognition as the "have" then fair enough. But it shouldn't ever be the only test made.
My suggestion is to agree with everyone you speak to regularly - at least parents, children, your spouse and close friends - on a "vocal handshake" you can perform so that you can always verify that the person asking you for money for a new phone / ticket home / medical bills / whatever is the person they say they are. It is absolutely vital that the information used to complete the handshake is not available anywhere online and can't easily be inferred from your profile. Either make it something you had together Before The Internet that you've never discussed in emails or on social media, or agree on a nonsense question with a deliberately wrong or fake answer - "Q: What's the capital of Bulgaria? A: Mike Dinosaur Junior" - or a favourite movie quote that needs to be responded to with an unrelated line from a song from a band you don't normally listen to. Make it a habit to always ask this question when being asked for money or whatever it is and NEVER volunteer the answer before being asked the question - "Can you please help me transfer 1000 moneys to this offshore account? Oh, and before you ask, the capital of Bulgaria is Mike Dinosaur Junior."
We all love to think that we'd never fall for a scam, but I'm not so sure. Especially not with voice replication technology at this level. Better to have one more safeguard.
After seeing the founder's TED Talk, I registered as a "voice donor" with a company, VocalID, that had as its mission to provide voices for people who have lost theirs, as I thought it sounded as a wonderful idea. At the time I was going through some family issues and a move, so I didn't get the time to sit down to bank my voice with them for over a year after registering. It wasn't that you needed to record everything in one go, but it relied on you being able to record audio in a controlled, quiet setting; and that wasn't my everyday life at the time. When things eventually calmed down, I thought I'd give it another shot and went to their site only to find a message that they'd pivoted from their initial plan of helping people to "research into commercial applications of speech synthesis and artificial intelligence" or something similarly vague. I'm guessing they're into this kind of applications now, so I'm pretty grateful that I never got around to it. (I tried going to their site now, but our office proxies even block access to the site as "suspicious", so that's pretty telling.)
My dad was cat-sitting for his neighbors for a few weeks a couple of years ago when they were back home in Germany. He went to their house a couple of times per day and usually stayed about half an hour after feeding to give the cat a bit of company should she want it (she rarely did).
I went with him a couple of times when I visited, and on one occasion we sat talking in the living room when I for some reason came to think about this very strip and told him about it (only I misremembered and said 200 rolls of toilet paper).
…only to have a crisp female voice respond from a remote corner of the room ”I’m sorry, but there seems to be something wrong with my Internet connection so I can’t process your order”. Luckily they’d powered off their router before hearing out. (The fact that she said it on German somehow made it worse…)
An ex-colleague told me that him and a friend at a previous job always ran their more personal emails through Google Translate to Mandarin before sending them to each other, as they had circumstantial evidence that their manager was snooping on internal staff emails. Once, my ex-colleague wanted to convey that he couldn't come along for a pint tonight as he just wanted to stay in and have dinner - or, as he put it in Mancunian, "I like to have my tea.". When translated back and forth to Mandarin, his friend was somehow presented with the statement that "I enjoy the fact that my brown is eaten.".
Ah, the Cisco wildcard mask.
I once had to write a classic IOS extended access list which allowed certain traffic from every fourth /28 network out of a /22 - meaning for example 10.10.0.48/28, 10.10.0.112/28, 10.10.0.176/28, 10.10.0.240/28. 10.10.1.48/28 all the way up to 10.10.3.240/28. Rather than one line for each subnet, totalling 16 lines per TCP/UDP port, I experimentally discovered that a single line per destination port with the source range 10.10.0.0 0.0.3.207 worked just fine. I'm still proud of that one, even though more than a decade has passed.
This was actually covered in the documentary (which is worth a casual watch, but nothing amazing).
Bitfinex has apparently given their affected customers one "token" for each dollar-equivalent that their customers had in their account at the time of the heist, with the promise that they would "redeem that token into actual dollars as soon as they can". Their head of communications and marketing, who was interviewed in the documentary was very proud of the fact that they had "fulfilled all their obligations to their customers" through this. It is envisioned that the seized Bitcoin will (eventually) be sent back to Bitfinex, meaning that Bitfinex will end up with the net gain between the customer compensation tokens and today's BTC value. Since the hack itself apparently didn't kill Bitfinex as an exchange/wallet company, that comment from their representative in the documentary surely will... (Lawsuits are in progress by former customers.)
Also, there's still about USD 1bn worth of BTC still not accounted for.
"Copy run start" - what kind of new-fangled talk is that? It's "wr mem", everyone knows that! :-)
But I'll attest to being saved by Juniper's "commit confirmed 5" command ("If I don't type commit[0] again within 5 minutes, roll back my last config changes, please") many times. No reboot required.
[0] If you don't want to add another commit state to your history (only the last 50 commits are stored on-box for easy comparison and rollback! ;-)) a "commit check" will do nicely.
I fully agree, and the "current" Cisco OS, IOS-XR, does in fact do this:
RP/0/RP0/CPU0:router(config-if)#sh
% Ambiguous command: "sh"
RP/0/RP0/CPU0:router(config-if)#sh?
show shutdown
RP/0/RP0/CPU0:router(config-if)#
(And also, IOS-XR doesn't execute commands immediately, you need to explicitly run the "commit" command to activate your pending changes.)
And anyone who's been in the business long enough will have internalized using "sho" when you mean to type "show". For the reason that Sherlock encountered. :-)
”sh<tab>” will resolve to ”show” everywhere where there isn’t a better match, such as in interface configuration mode, where ”shutdown” is available. So in this case, Sherlock would have simply run the ”shutdown” command on a remote interface, And since in classic IOS commands were executed instantly - branch, meet saw.
One should note here that the command to do something on a Cisco is never ”sh”, there’s always a full, expanded command (”show”, ”shutdown”, or even ”shim” in some places) being executed (even if you don’t see it at the prompt). It’s the console cowboy’s responsibility to know what he’s typing. And believe me, I’ve mistyped a lot of IOS/XE/XR commands over years.
Juniper’s JunOS CLI, on the other hand, auto-expands the commands as you type so you’ll know what the router thinks you meant to do before you hit enter. (You still need to know what you’re doing, though!)
Darknet Diaries and, to a lesser extent, Malicious Life have both done multiple episodes on using social engineering to bypass both physical and logical barriers put up by companies with huge security budgets. Jenny Radcliffe (who wrote the book Nifty linked to above) was on Darknet Diaries ep #90 (simply called "Jenny"), and there have been many others. Anything with Rachel Tobac is worth listening to, as is Alethe Denis; but pretty much all of them are fascinating. (There are occasional exceptions where you can tell that the person being interviewed is CLEARLY exaggerating what happened to them and don't get challenged by the interviewer.)
Some ploys used by social engineers are extremely elaborate, but in many cases the old trope of people always stopping to let a person wearing a high-viz vest and carrying a clipboard through any door still seems to hold scarily true.
Many employers ago, we were having issues with a serial link between two offices (the same link that eventually had a hotel built in the line-of-sight that I've mentioned in a comment here before). The issues usually cleared up after a quick shut/no shut on the router ports, something we had to do every other week or so.
We'd recently moved the technical staff to new office on the other side of that link. As the link started to act up again, one of our senior hotshots did what he usually did when this happened: He logged on to the router, typed the shutdown command, hit Enter ...and then his face turned from healthy pink to pale to puce in a few seconds. He of course didn't factor into the equation that we'd moved, so he'd shut down the INSIDE of the link, the way he usually did. Though, of course, since we were now on the OUTSIDE of said link, he'd cut himself (and all the rest of the office) off from the network. It wasn't too far (it was line-of-sight, after all) but long enough that he'd have to drive between the sites. That's when I flipped open my Nokia 9000 Communicator, logged onto the Cisco AS5300 via the Nokia's built-in modem, hopped to the router terminating the link and opened the interface back up for him.
About a month later, I was promoted to senior myself. Not sure that that situation was the triggering factor, but I'm sure it helped.
>Almost as bad as discovering I was still the ripe admin (with a valid account) for the companies public ip range - knowing them I probably still am 5 years later.
In all seriousness:
If you think this is likely (and from what I've seen of the world, it probably is), do yourself a favour: log on to your RIPE account and enable 2FA for it. With RPKI ROV becoming more and more prevalent in the world (which is a good thing!), it's now possible to cause serious damage from a RIPE account (which is a bad thing, well, depending on which terms you left your ex-employer on). If someone were to do so with an old account of yours, you don't want to get fingered for it.
Back in either 1989 or 1990 I was visiting a friend, and he wanted to put a couple of files on a floppy (yes, a 5 1/4", following on from the discussion about what disks could legitimately be called "floppy" from a couple of weeks ago) for me to take home. He popped it in, did a dir a: to see that there was nothing important on there, and then a quick del *.*. As it took a few seconds to complete I could see the colour draining from his cheeks. He was on his dad's PC, and had just deleted all the files in his C:\ directory...
Luckily, his dad was an organized person so the only things in that folder were the things necessary to boot up, all work files were properly tucked away in subdirectories, so the biggest pain was recreating AUTOEXEC.BAT and CONFIG.SYS, including finding the right control characters and codepages to get his printer to print Scandinavian characters again (CP 850, echo Alt-135 (ç) > LPT1: in case any archaeologists trying to do just that find this post.). Luckily this was before either of us had a Soundblaster card (PCSPKR.DRV FTW) so we at least didn't have to go interrupt chasing.
Ah, the "password recovery" button. There were even some models where the face plate was so cramped that if you inserted an STP cable with the rubber-covered cap into port 2 (bottom left, that model was 1-indexed if I recall correctly) it would push that button and keep it down simply by clicking into the port...
An old classmate of mine did something similar in school. Our teacher left the classroom for a few minutes, and this guy took the opportunity to showcase his karate abilities in front of the whole class (he was That Kind Of Guy). Given that we were in a science room, his fanciest spinning jump kick naturally landed on the emergency shower trigger and unloaded about five buckets worth of ice cold water over him. The teacher came back and just shook her head and said that the punishment for doing that is mopping up all the water from the floor. As he was just finishing up, whilst on all fours, he reversed straight into the trigger paddle again, this time butt first, and got doused once more. We all saw it coming and no-one warned him.
The main difference between the 6500 and the 5500+RSM (apart from being different generations) was that the 6500 had an integrated RSP and was running IOS natively for BOTH the routing and switching portions. The 5500 (switch portion) ran CatOS, and you would log on to the RSM which ran IOS separately to configure the routing functionality. (Source: Have locked myself out of both models.)
> Just look at the number of apps on phones and tablets which have regular updates that says "bug fixes and performance improvements". And by regular, it could be several times a month or even week.
The ones that always make me wonder are the apps that are clearly "done" but keep updating anyway. Like a ten year old game with a set number of levels, no interaction to any external services (like Game Center or such), and no ad platform integration. OK that some things in the back-end might need tweaking along with OS updates, but I have several such "finished" apps that update pretty much, as you say, once per month. What are they changing? Are they just updating unimportant things to stay top-of-mind?
If you want more about Alethe Denis, Jack Rhysider of Darknet Diaries did an interview with her in December 2021, episode 107, simply called "Alethe". He's done a number of episodes on both digital and physical pentesters and social engineering, well worth checking out.
Interestingly, one of the authors of the paper referenced in the article - Elizabeth F. Loftus - was the one that came up with the experiment you're referring to. "Reconstruction of Automobile Destruction : An Example of the Interaction Between Language and Memory" was funded by the US Department of Transport and published by Loftus and John C. Palmer in 1974. It's actually pretty interesting - not only did those that were asked using the word "smashed" estimate a higher mean speed of impact, but they were also more than twice as likely as those asked using the word "hit" to give an affirmative answer the question "Did you see any broken glass?".
The five-page clip from the 1974 publishing is at https://webfiles.uci.edu/eloftus/LoftusPalmer74.pdf for those that are interested.
Many jobs ago, our NOC monitoring systems were sitting in a /25 subnet routed by a pair of Catalyst 5500 switches running IOS in a bolted on RSM module (I said it was many jobs ago). This subnet was protected by an ACL, a few hundred lines long, that required semi-frequent changes. These changes sometimes went wrong, so at any given point we had two ACLs on the boxes - 150 and 151, one applied and the previous one for backup. Our procedure was to copy the currently active ACL into a text editor, renumber it from 150 to 151[0] (or the other way around), delete the currently unused backup one, paste the new one to the routers and then change the interface configuration to use the newly updated one. Simple, right?
Well, there were always people (I'll admit it: including myself, once or twice) that messed up and accidentally deleted the currently active ACL[1] by mistake - which, in Cisco terms means "as long as the applied ACL is empty, all traffic is allowed". This in itself is not a huge issue since you'll be pasting in a new ACL version a few seconds later. But that's where the fun begins. Remember the "as long as the applied ACL is empty" part? When you put in the first line of that ACL, IOS does a complete 180 and says "if there's even a single line in the applied ACL, anything not explicitly matching that line is dropped" (which, when you think about it makes sense for an ACL). But this means that while you're in the process of pasting the updated ACL, your system is running in an incomplete state and is dropping traffic that would actually be legitimate as per the COMPLETE list.
And of course, pasting several hundred lines of configuration into a heavily-loaded router will take some time, each line would take about a second or so for the router to process going back in. Of course, the system running on the main screens in the NOC had an IP address ending in 240-something, and of course the ACL was organised numerically by destination IP. Which meant that when network devices around the world were up for their next poll cycle, the SNMP requests would time out. This would slowly start an avalanche of alarms in the NOC, entire maps turning from green to red, even audible alarms going off stating that this and that country had gone offline... And without fail, every time this happened there was a tour through the NOC by customers or higher-ups... It would clear itself up in about ten minutes as the list pasting finished, but it was always amusing seeing the NOC staff sinking into panic and managers turning the same shade of red as the screens.
[0] When doing a search-and-replace you had to be VERY careful to not just replace "150" with "151"; you needed to do "-list 150 " with "-list 151 "; otherwise you'd have a bunch of angry Scandinavians on the phone within minutes as they hade IP addresses containing 150 in one octet.
[1] This is in itself a risky mistake. I never had it happen to me, but there were stories circulating that if you deleted an ACL line that a packet was being evaluated against in that very moment, it was prone to crash the box entirely.
A number of years ago we moved our first equipment into a new site while the surrounding facilities were still being built. At the time, it had nice spacious hallways we could run our racks and equipment through, so the initial installation was definitely not a problem. A couple of months down the road, however, we needed to replace a faulty Cisco GSR 12012 chassis[0] - something about the (passive) backplane deforming due to not enough support from the metal frame(?).
In any case, for some reason, the builders had placed a three-step stair about a meter inside a doorway[1] with no ramp. Also, they'd raised the floor so much AND installed a false ceiling to boot, meaning that we had to tip the chassis on its back on the trolley with one person pulling and two people bracing against the top for it to fit through the now quite claustrophobic space as there was no longer space to move it upright. There was JUST enough space to get it through the door and into our suite[2], where we could finally stand it up the right way again.
And I've mentioned my favourite not-quite-a-tool from the same era earlier here; it was a slightly deformed metal teaspoon that we kept on top of one of the racks at another site (the one we were aiming to replace by this new site, in fact). It perfectly fit the screw heads on the GSR line cards and came in handy many a time.
[0] Hefty boxes, somewhere just north of 30 RU if my memory serves me.
[1] The kind of door you can't leave open for more than 22 seconds before you have alarms blaring and guards coming to see what you're doing.
[2] We may or may not have accidentally invented a new area of physics along the way - we certainly invented some new colourful vocabulary, that's for sure
It's funny; with most controversial / polarizing ideas, you always get a faction of people saying "now, hang on; if you look at it from the angle of the ( doctors / unemployed / politicians / shareholders / capitalist elite ), I can see that this proposal make sense, because...". With Recall, however, this is the first such post I've seen in several weeks (excluding comments from Microsoft, of course) - and this story is completely built on a guess. Seems almost poetic, doesn't it.
What is it they say - "If the nicest thing you can say about an idea is that it's not illegal, it's probably not a good idea."? And I'm not even sure you can say THAT about Recall.
I used Trillian for a while in an open-plan office landscape where it was more or less encouraged to have your speakers turned on and up so that everyone could hear every sound that all computers made. One of my colleagues liked the new-message warble that Trillian did so much that he'd just send me repeated messages that read "bududududu" just to play the notification sound... Not at all annoying.