This is Warren Kwok's Internet note pad, electronic diary, online rubbish journal, whatever you might name it ! It is an archive of my random thoughts in a chronological order. I am not good at reporting boring things and change them to lively. If you find this blog boring, sorry that it is your problem.
2013/01/31
2013/01/30
Dibbler for Windows XP
For those who are using Windows XP, they
know that there is not yet a DHCPv6 client even IPv6 stack is manually
installed. The good news is Dibbler
DHCPv6 portable client is available free of charge at http://klub.com.pl/dhcpv6/dibbler/.
I don't have the chance to experience
this add-on DHCPv6 client as all my desktop and notebook PCs are running
Windows 7. Have fun.
2013/01/27
China generated 32 % of global network attack traffic
China generated 32 % of global network attack traffic, according to Akamai's State of the Internet 3Q 2012 Report. It is really a champion and a shame.
The second worst country is US, responsible for 13 % of the total. Some nice pictures of the situation can be seen from:
http://www.akamai.com/dl/akamai/q3_2012_soti_infographic.pdf
The second worst country is US, responsible for 13 % of the total. Some nice pictures of the situation can be seen from:
http://www.akamai.com/dl/akamai/q3_2012_soti_infographic.pdf
2013/01/25
Fake HKCERT email
By now, it has been widely reported in the media that there was a fake HKCERT email advising recipients to patch the recent Adobe Flash vulnerability and a fake patch was attached. I tried to look at what HKCERT has been taking in order to protect its email domain. Unfortunately, HKCERT does not use Sender Policy Framework to specify what IP addresses and domains can use "hkcert.org" as the sender domain in the email header. HKCERT has learnt a lesson in hard way.
2013/01/17
Gmail over IPv6
An overseas network administrator contacted me to discuss the problem when conducting IPv6 email tests with Gmail. Understandably, some administrators think that Google Gmail can help to test IPv6 email setup. The fact is Gmail receives incoming emails from dual-stack mail servers based on the rule that v6 channel has priority over v4, but in sending out emails to dual-stack mail server, Gmail always selects the v4 path. I also doubt if Gmail can send out to IPv6 only mail servers. In the past, my IT colleagues thought our dual-stack mail server was wrongly configured after testing with Gmail and spent many hours of trouble-shooting with no clue of what happened. In the end, it was Gmail that used its own means of v4/v6 path selection without adhering to the dual-stack rule. I think this fact is now well-known to the IPv6 technical community.
2013/01/14
Reverse lookup of a /64 prefix
Reverse lookup is necessary for IPv6 address assigned to SMTP Server otherwise the emails sent out will be treated as spam by other SMTP servers. To this end, I have asked my serving ISP to dedicate the reverse lookup of the prefix 2401:300:0:1::/64 to me. The configuration at my side is tested ok and perfect.
[localhost ~]# dig -x 2401:300:0:1::8080
; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> -x 2401:300:0:1::8080
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- 36584="36584" font="font" id:="id:" noerror="noerror" opcode:="opcode:" query="query" status:="status:">->
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;0.8.0.8.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
0.8.0.8.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400IN PTR v6-mail.com.
;; AUTHORITY SECTION:
1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400 IN NS ns2.i3way.net.
1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400 IN NS ns1.i3way.net.
;; ADDITIONAL SECTION:
ns1.i3way.net. 3600 IN A 202.81.252.116
ns1.i3way.net. 3600 IN AAAA 2401:300:0:1::8080
ns2.i3way.net. 3600 IN A 202.81.252.117
ns2.i3way.net. 3600 IN AAAA 2001:470:18:16c::2
;; Query time: 1 msec
;; SERVER: 202.81.252.116#53(202.81.252.116)
;; WHEN: Mon Jan 14 09:07:46 2013
;; MSG SIZE rcvd: 248
2013/01/12
Bank's e-statement should not be attached with email
Shame on Citibank. It violated the security practice promulgated
by the banking authority in HK. Over the
past 12 months, I found that Citibank attached a monthly e-statement pdf to me via
email though the attached pdf was password protected. Fraudsters can disguise themselves as a bank
and attach malicious code in pdf. The chance of success is high as e-statements are so important that target recipients will open and read them to see how much they need to pay. As far
as I know, other banks just alert their users that e-statements are ready
online without providing any clickable links in the email. Until today, Citibank notified me about a new
arrangement of no more e-statement attachment. Unfortunately, Citibank did not offer
apology to its customers for ignoring this important security matter
previously.
2013/01/11
Greylisting and dual-stack mail servers
I notice that some network administrators are now using greylisting on their IPv6 mail server as there is no other IPv6 anti-spam solutions in the market. They should be minded that that greylisting might not work as expected in a dual-stack configuration. Why not ? It is because if the v6 channel does not accept the mail, the sending side will fall back immediately to deliver the same mail over v4 channel. Unless the greylisting is also employed on IPv4, I do not see the effectiveness of greylisting on IPv6 only for a dual-stack configured mail server. I have no idea whether this is a weakness or not.
2013/01/09
Targeted Geographical Banner Ads
Today I visited BBC UK website and the banner on the right hand corner was an advertisement of CSL LTE service. Hey, this is really smart. BBC detected that the IP address was from Hong Kong and it could select an ad banner of Hong Kong clients. However, this Internet marketing strategy will fail if I access BBC through a proxy server or VPN.
2013/01/08
Install Flash on Nexus 7
Just found out that flash is absent from default
Chrome browser of Nexus 7 (Android Jelly Bean OS). Too bad, I
need to browse quite a number of websites running flash.
On googling, I got great hints (http://www.howtogeek.com/120277/how-to-install-flash-on-the-nexus-7-and-other-jelly-bean-devices/)
First download the flash apk from XDA
developer forum (http://forum.xda-developers.com/attachment.php?attachmentid=1199371&d=1342343609)
Second, download and install Firefox-beta
from Google Play.
Third, before installation of the flash
apk, set the security of Nexus 7 to allow running app from other untrusted
sources other than Google Play.
So that's all. Afterward, use Firefox to browse flash
websites. One important step is to change back to the original security settings otherwise one will get into trouble of getting malicious applications installed.
2013/01/07
Netgear 802.11ac adapter
802.11ac client devices are still rarely seen in the market as the ac standard has not been ratified by IEEE yet. However, I recently come across Netgear A6200 which the manufacturer said can support 867 Mbps if operated on 802.11ac. This sounds quite OK to me as the device can only have 2 built-in antennas. However, the USB interface works on USB 2.0 which can operate at maximum of 480 Mbps. In that case, whatever high speeds in the air interface are then capped to 480 Mbps. Should manufacturers better claim 802.11ac client devices can have a maximum throughput of 480 Mbps instead of 867 Mbps.
2013/01/06
IPv6 speedtest engine
My IPv6 speedtest engine at speedtest.warrenkwok.com is now successfully configured. Again, it runs Ookla licence free speedtest mini. Actually, if clients connect via IPv6 channel, it will test the speed of IPv6 connection and similar action for IPv4. The maximum speed that can be tested is 100 Mbps.
2013/01/02
30th anniversary of TCP/IP
On 1 January 1983, TCP/IP was successfully launched to replace NCP. The advantage of TCP/IP is its versatility. It can switch packets of all shapes and sizes, and work across a varieties of networks. This set of open network communications protocols has changed the world dramatically. Special thanks must be conveyed to Vint Cerf, Robert Kahn and Jon Postel.
Subscribe to:
Posts (Atom)