不要再懶,起番個VPN 比自己手機在大陸番牆上 facebook, 雖然手提電腦可以用SSH + Proxy
Server, 始终都覺得不夠用.
2014/03/30
2014/03/22
home routers as open resolvers
A friendly note to home users with broadband routers : Quite a large number of home routers in use for years have open resolver fault. Please go to
http://www.thinkbroadband.com/tools/dnscheck.html
check your router status and upgrade the firmware to plug the hole.
By having your router as an open resolver, you are helping cybercriminals to launch DDoS attacks.
This is evidence of ASUS RT-N66U routers able to do DNS amplification attacks.
http://www.thinkbroadband.com/tools/dnscheck.html
check your router status and upgrade the firmware to plug the hole.
By having your router as an open resolver, you are helping cybercriminals to launch DDoS attacks.
This is evidence of ASUS RT-N66U routers able to do DNS amplification attacks.
2014/03/18
Open resolvers again
I repeat my statement again: Don’t compare
open resolvers with Google Public DNS (8.8.8.8 and 8.8.4.4) and OpenDNS, they
are not the same. Google and OpenDNS
have all sorts of security features that are beyond imaginations.
2014/03/16
No more Amplification Attack
For God's sake, please disable "monitor" if you operate publicly accessible NTP servers.
By the way, if monitor can be removed from the latest patches of NTP daemon, I see hope of disallowing "ANY" query in resolvers in coming patches. All name query should be specific. If you want to do mail exchange, ask for MX followed by A record. If you want to know the authoritative name server of a domain name, ask for NS. These days, "ANY" would not serve any purpose except network attacks.
By the way, if monitor can be removed from the latest patches of NTP daemon, I see hope of disallowing "ANY" query in resolvers in coming patches. All name query should be specific. If you want to do mail exchange, ask for MX followed by A record. If you want to know the authoritative name server of a domain name, ask for NS. These days, "ANY" would not serve any purpose except network attacks.
2014/03/10
ping 0.0.0.0
Another
interesting stuff. An IT guy try to ping 0.0.0.0 in an attempt to troubleshoot
connectivity problem. He should be fired immediately.
2014/03/08
MAC address intrusion
A complainant said his home PC was accessing by other people over the Internet through MAC address intrusion. The complainant sought help from his serving ISP. What should the ISP do? Just laugh and do nothing.
2014/03/06
Boosting WiFi signal strength by a Coke can
In today's Apple Daily News, there was a story about boosting WiFi receiving signal strength by means of placing a Coke can close to an antenna. A picture is given below.
The distance between the aluminium foil and the whip antenna should be carefully calculated in order to maximize the directivity which as a norm is λ/2. For this TP-LINK 2.4 GHz router, the distance is (3x10^8/(2.4x10^9x2) = 0.0625 meter or 2.5 inches.
The distance between the aluminium foil and the whip antenna should be carefully calculated in order to maximize the directivity which as a norm is λ/2. For this TP-LINK 2.4 GHz router, the distance is (3x10^8/(2.4x10^9x2) = 0.0625 meter or 2.5 inches.
2014/03/03
IPv4 turn-off day in 2014
In order to show the technical maturity of IPv6, some intelligent people have suggested to set aside one day in 2014 as the IPv4 turn-off day. I just want to ask if this idea really makes sense. If turning off IPv4 results in a large number of users have difficulty in accessing major websites, people will have a very bad idea about the quality of IPv6. I certainly agree there needs to be an IPv4 turn-off day to test where we are during the transition process and whether there will be broken applications if relying on IPv6 alone. The timing is not this year. It might be in the next 10 years. For the time being, just enable dual-stack and stay with dual-stack as much as possible.
Subscribe to:
Posts (Atom)