HK Government’s IPv6 NTP Server at time.hko.hk

In the past 3 days, I was working with colleagues in the Hong Kong Observatory to find out the problem of their IPv6 NTP system.  The system could not accept NTP request while "ntpdate -d -v 2407:8000:8001:80::8" showed that the host was found.

After many hours of testing and troubleshooting, we were sure that there was a bug in the firmware of the new atomic clock system which affected v6 network connectivity.  However, we applied a temporary fix to make things work in a stable manner. The system could be accessed now.

I like to thank colleagues of CUHK, OGCIO and OFTA for helping the end-to-end testing and fault-finding in the past 3 days.

Now that the system is normal, I can do "ntpdate -6 time.hko.hk" to conduct time sync over v6 network.


D-LINK DIR-655 IPv6 home router

This week, I bought an IPv6 home router, model D-LINK DIR-655 with the latest firmware. 

This one supports Prefix Delegation, SLACC, DHCPv6, IPv6 PPPoE, 6in4, 6to4 and 6rd tunneling. I have 6in4 tunnel with Hurricane Electric (HE) and I can say that configure 6in4 tunnel on DIR-665 is not easy.  The routed /64 prefix allocated by HE should be configured in the LAN side while the /64 prefix for tunneling should be input in the WAN side.  The v6 resolver provision was a bit complicated.  I thought using v6 resolvers of OpenDNS would be ok but in fact it was not. I was not quite sure if HE network blocked access to OpenDNS.  As a last resort, I used the anycast v6 resolvers of HE in both the WAN and LAN side and that completely my 6in4 configuration with success.

I use static v6 configuration for hosts in the LAN side though I know DHCPv6 will be more convenient.  Hey, think it other way, the routed .64 prefix offered to me will never change, there is no harm to use static v6 configuration.


The last IPv4 address in the world is

Today, I checked that the last Class C address block is still in the hands of APNIC and I very much doubt APNIC will allocate it to any organizations.  Having saying that, we can expect the last IPv4 address that can be used in the world is which is now owned by Singapore Marina Bay Sands Pte Ltd.  Of course, can not be used as it is a broadcast address on a per Class C basis.



My blog post two days ago mentioned about WiFi Hopper which could not be run in 64-bit Windows platform.  One reader suggested to execute WiFi Hopper under a VM environment.  Yes, it could be but the speeed of operation will be really slow.

I have found the solution. Vistumbler is another WiFi sniffer that supports Windows 7.  The captured log can be saved in CSV format for analysis by excel.  I will definitely use vistumbler in the coming war driving exercise. 


TP-LINK TL-WN822N 802.11n client

In August, I purchased one set of TP-Link TL-WN822N cleint which is claimed to have a speed of  300Mbps.  At that time, I was attracted by the ivory colour, the light green LED and the two antennas realizing that the dual-antenna design will help to boost the performance of MIMO-based 802.11n connection.  To my satisfaction, this wireless client runs perfectly fast and there is no difference in speed when accessing Interent compared with using a 100Mbps Ethernet network card.

Yesterday, I decided to buy another one either for backup difference or for use in other desktop PCs. This is the best WiFi client I have ever used.


WiFi Hopper only available in 32-bit Windows XP

I planned to join the WiFi war driving exercise which will be held in December 2011.  The bad news is that the war driving software "WiFi Hopper" can only support 32-bit Windows XP.  I have my old Windows XP notebook scrapped more than a year.  My notebook in use now is running 64-bit Windows 7.  How can I join the war driving exercise?  I think I have to borrow one XP notebook from my friends.


Postfix greylisting

I added greylisting to my IPv6 SMTP server runnung Postfix by adding the package postgrey.  All incoming messages will be rejected and if  the connecting sources are legitimate email servers, the messages will be queued up for retry. After the greylisted period of 5 minutes, the messages from the same sources will then be accepted by postgrey.  In the case of spam emails by zombie computers, the zombies which do not act like a SMTP server, will not store and queue up emails for subsequent delivery. On the whole, I believe greylisting is over 90 % effective to reject spam from zombies.


Hurricane Electric's 10G link at HKIX

Hurricane Electric has installed a new 10G dual-stack link at HKIX:


This really helps me a lot as I am using 6in4 tunnel of Hurricane Electric to bridge to the IPv6 Internet.  After the upgrade, I tested that my IPv6 connections to overseas is at 8Mbps while the speed of connection to HK6IX is 91 Mbps.  Actually, the connection is limited by my 100M network interface card and the Ethernet switch of my serving ISP.

Thanks, Hurricane Electric.


Interesting picture

This is an interesting picture.  Seems like both disc A and B are moving.   Which one do you think is moving a bit faster.

In fact, both are not moving.  But if we look at them together at the same time, we have the illusion that they are moving.


Can MAC address filter circumvent WEP cracking

We all know that WEP can be cracked in a few minutes.  There is an interesting question of whether MAC address filter can  increase the difficulty of WEP cracking.

The answer is No. MAC address filters  are useless because  MAC addresses are broadcast over air. When a legitimate client is connected to a WEP AP,  a hacker can use hacking tools to discover the MAC address. He then clones the MAC address to his devices and then proceed to crack the WEP key.   To reinforce my saying, I have taken a photo from a Linux machine running spoonweb.  In the photo below, the MAC address of a connecting client is shown.