korki’s corner

It’s been a while since I’ve started using pfsense (almost 2 and a half years) and prior to this last month it operated flawlessly. This month though, it started having some hiccups, which led to random reboots (R). These days I have some spare time, and I feel uber productive (wrote 2 patches for pdfcrack and other minor work) I thought that this would be a nice opportunity to contribute some code to pfsense since I wanted to give something back to the tool.

I had ruled out any problems in hardware; I tested memory for 12 hours (memtest86 - during this period I had no internet :S) and another 6hours to check my disk using badblocks. I also wrote a something like a “watch” script that was calling mbm and threw most of its output to syslog (via logger). Then I had configured syslog to deliver logs to a remote host in order to overview it. Unfortunately nothing critical came out of the syslog, so I guessed that had something to do with the other components (kernel/packages)

I started looking the code and at the same time I logged in at their irc channel at irc (freenode / #pfsense) I had some minor issues with the tools especially some scripts that in my opinion caused the problem (1 change-set). Also some other minor issues were fixed like the relative reference of index.php at fbegin.inc etc. In total I had 4 change sets and a brand new recompiled FreeBSD kernel, which stabilized my system and made router not  randomly rebooting. At the same time I wrote to the irc about various stuff, when I understood that some pfsense packages couldn’t be uninstalled via the web-gui. That would be normal, since I was already getting my hands dirty, I got some guidelines from the pfsense irc channel (many thanks to operator jim-p-work) and then I tried to solve it my way (btw one may use the pfsense dev shell and there he can write a strange mixture of php and shell commands and execute them using an exec statement . Ugly I guess but probably useful.)

When I tried to use the shell things got messier. I was keeping an eye at :

1. authgui.inc
2. guiconfig.inc
3. pkg-utils.inc
4. pkg_mgr_install.php

and trying to find a solution to my problem. the idea was simple run similar things like the webgui but at the same time having an overview of the process. As I kept looking at the pfsense code of the above files a simple thing was coming to mind CSRF/XSS. People at the channel told me that it was the second time one reported such problems, and obviously enough everyone that has even worked for a month as a web-developer knows and can easily identify such a problematic code. To tell a long story short this happens by running server side scripts using variables passing via GET requests. The simplest scenario that comes to mind is that a misbehaving user can lure the admin to firstly open a pfsense webgui tab and then ask him to connect to one of his pages. Then by knowing simply the ip address of the router that the admin is connecting (on the private side ie 192.168.1.1)  is sufficient to mount the attack. In my review I looked only at pkg_mgr_install.php which a remote user could easily enough by having the above knowledge to uninstall snort and other mission critical packages. Currently there are at least 620 GET variable references in the pfsense and I am not quite sure on the security impact. I haven’t reviewed the whole codebase, and to be frank I am not willing to.

Why? The code is simply a mess. I am not sure if this is the effect of working with paranoid perfectionists in the past or if the code is simply ugly and unreadable. I wondered many times how someone can maintain such a codebase. I shared my concerns with GeekGod (aka sullrich @ pfsense) but the conversation was private and I intend to keep it that way unless he doesn’t mind sharing. After the small code review (less than 4hrs spent) in my opinion pfsense currently is “an accident waiting to happen” especially if you have some kind of open infrastructure.

Currently I am searching for something new to kick out pfsense, and for the first time, in my life besides the feature sets, I also review the code, to see if the project can be entrusted. So far I think ClearOS is better, with a much cleaner code base, but I will get back on that sooner than later with a small review on the webgui routing distros I’ve tried (I hope :P)

After all this is what open-source is all about, right?

as promised and within the 16hours deadline the kOlga is back online. The new feature set installation (hotspot, gardenwall, red queueing on all interfaces, etc) is postoponed for the future.

Enjoy the beautiful saturday and the weekend

PS1. The tzikis link was decommissioned due to poor performance (4mbps up 4mbps down) but may be brought back if noone else provides a link for him.

PS2. To the guy that broadcasts in southwest patra region with mac address : 00:0B:6B:09:F2:7E and hidden SSID @ 5180Mhz please contact me if you interested for a link. My scans indicate a very good signal from your side (-55dbi with SNR of 50db)

the wifi node due to maintenance is down and will be down for at least 16hours. 

There will be installed new ap cards, new casing and some new cool features. 

 My apologies for the inconvenience

Cheers

It sounds like an intriguing combination, doesn’t it?

A while ago a pwmn’s intranet web search service was provided [the announcement was made here]. The application providing the service is yacy [1], which might be a bit immature, but was choosen for its future scalability (wifi link with awmn[2] is on the verge and new nodes in between peloponesse and central greece are emerging [3][4][5][6][7]). So the distributed application seemed great idea.

So far the whole service is based in out of stock yacy distribution with the tampering of some configuration files ( defaults/yacy.init , defaults/yacy.network.group ) and the addition of some more ( defaults/yacy.network.pwmn.unit ). The whole idea is to run some sort of the yacy’s freeworld (now named PWMN) over the wireless wifi given the principle of locality[8].

The service had good response among people and some started using in various ways. It was time to bring it closer to the masses and to make it accessible through our number one instant messaging protocol which is no other than irc [9]. The task was to provide itmy’s[10] python irc bot[11][12] with some “API” in order to communicate with the yacy search engine. Since the bot was written in python the easiest way to bind these things was the “glue” application between the bot and the search engine was through the python language. Here I have to say that even though I’m a newbie python programmer I continue using it, in favour of other languages that I prefer more. I guess the main reason is that its learning curve is GoDLiKe!

The following code is quite dumb. Since yacy 0.77stable the developers of yacy provide an xml compliant output (in contrast to html parsing currently done, so many of the following code needs rewritting [13], to eliminate the usage of mechanize in favour of urllib2 and some beautification on the tag parsing of the xml file - currently I’m parsing the html output of www server, so I consider the current version to be totally UGLY ). Download the source code from  here  and enjoy

After a while trying establishing a new link among korki[1] and hawk[2], today the seed was grown. Since some rearrangement took place over tzikis roof (this guy had the worst cable management and efficiency I’ve seen ever) The link is pretty solid in at tzikis part. I have to align better but the results are quite cool for a first connection  and given that his part isn’t at full height while mine isn’t the best alignment (-79 ~ -82 dbi)

OSPF and other thingies are setup and the only important thing is for tzikis to provide for some service and to organize his local lan (his subnetting skills are …  )

Please welcome 10.140.31.0/24 to the network and with him the Panoulix (welcome back dude)

Cheers

Last friday some folks (including me) did an unofficial presentation of the pwmn @ upatras. The attendance was quite unexpected, and while the joke among the workgroup that planned the “event” was that there would be more pwmn members than students, the people that came was suprisingly high!

The purpose of the presentation was to intrigue students to participate to the open/free community called pwmn, and to give them some insight info about it, just in case they would like to get involved.

One of the major concerns back in my days when I was intrested in wireless technologies was the speed (aka Need For Speed. How fast one can download stuff was my primary concern, and the second reason that made me establish a core node. (The first was the companionship among friends). Yet nowdays people such concerns are no issue! And I am actully wondering why? Are we so congested by the “high speed” dsl (namely 24mbit ~ actual 10mbps? Aren’t we intrigued by wireless bandwidth?

On the other hand the people that participated ware more intrested in the wifi technologies in use like the OS running in the routers, the routing protocols, the parameters of linking among different areas, and how the linking can be achieved. Wow! totally different generation…

** I will update this article at some point with photos from the “event” and other thoughts about the event

Kolga despite the wikipedia definition [1] is something existing in this world(earth).

It is a wireless node located in the city of Patras [2] [3] participating in the public/open/free wireless metropolitan network named PWMN. It’s exact position is in the eastern part of the Olga’s square [4]. It’s operator and maintainer is the writer of this article (and generally of this blog) and his details are here.

The node’s name was originally selected because of the asteroid, but since then most people of this world are interested in the node.Writer’s guess is that the node should have 6 or 7 people interested in its operation, while the asteroid maybe has one or two intrested in its existance

So dear visitors coming here from google bear in mind; that the node has no affiliation nor sponsorship from the asteroid.

Cheers!

After some rearrangements and link tune up the kolga-under link (operating on 5Ghz band) has stable throughput of 4,3Mbyte/s, which is kind cool since the rx power is at 3db fixed (while the max card capabilities are 17dbs).

So an eco-friendly link while maintaining its high throughput is as always an option and users should be encouraged to maintain such links.

Some real world application data transfers will be demonstrated in this article in future (as an article update) as well as the necessary software tuneups (mikrotik) in order for such a boost to take place.

Announcement to all users.

The kolga node due to some upgrades is and will remain inactive today (all the links are or will be down as well as the Access Point). The services offered and the link status will be restored (hopefully) at the end of the day.

For any new Information streams or any other status update this post will be updated.

From the management…

Recently a scramble bot appeared to the #room channel, and everyone was thrilled with it. Epic wars took place in order to make the best score @ the (un)scramble game.

One day a user appeared with huge capabilities and an even greater vocabulary build. We suspected at once that the user was using a bot and we decided to create a counter-bot that could defeat that user. The intention of the team[1] was not to create a second irc bot that would trick the irc channel’s users into thinking that the user was playing legitimately but instead to prove that the BOTs existed and everyone with more or less technical/programming skills could beat every kind of competition using some intuitive thinking.

The above philosophical ideas formed into a solid and working bot called specialK a bot that operates at #room of HWN network (joining information in greek can be found here).

On the build of the bot there aren’t much to write about; some techniques that lead to O(1) searches on the lexicon used and some other preprocessing techniques that make that search time possible[2]. The irc framework was based on the pirc bot framework and the lexikon in use is the cracklib-small provided by gentoo.

[1] For this project I worked with mr bug is found in RandomAccessFile Undertaker. Synergy produces great results

[2] More technical details (including the produced source code under GPL3 and maybe an executable) will be posted when the final botwar take place, and a winner is established at the botwar competition.