Spoofing on Internet

Feeling lazy to type it all again, so copy pasting:

Hi all,

For those who are not able to afford a fat pipe connection, and
depending on multiple small pipes, there is a good news. Now, they can
bond multiple ethernet links from Airtel and from some other ISP (e.g.
WTOM). By bonding I mean, being able to route outgoing packets from
WTOM's IP address via Airtel's link, and probably vice versa (not
tested other way round).

To verify this, try following:

1. Make sure both your ethernet links from different ISPs are
connected to a single interface on your router, i.e. using a network
switch.

2. Now, assign addresses from both ISPs to the single interface:

- ---->8---->8----
abbe [~] chateau % /sbin/ifconfig fxp0
fxp0      Link encap:Ethernet  HWaddr 00:13:20:B7:55:0A
         inet addr:172.16.0.2  Bcast:172.16.0.31  Mask:255.255.255.224
         inet6 addr: 2001:db8:3151::1/48 Scope:Global
         inet6 addr: fe80::213:20ff:feb7:550a/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:67542 errors:0 dropped:0 overruns:0 frame:0
         TX packets:67029 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:43453983 (41.4 Mb)  TX bytes:35309688 (33.6 Mb)

abbe [~] chateau % /sbin/ifconfig fxp0:0
fxp0:0    Link encap:Ethernet  HWaddr 00:13:20:B7:55:0A
         inet addr:aaa.bbb.ccc.ddd  Bcast:172.16.0.31  Mask:255.255.255.224
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
- ----8<----88---->8----
abbe [~] chateau % route add default gw 172.16.0.1
- ----8<----88---->8----
# iptables -t nat -n -v -L  POSTROUTING
Chain POSTROUTING (policy ACCEPT 178 packets, 12630 bytes)
 pkts bytes target     prot opt in     out     source               destination
 832 62349 MASQUERADE  all  --  *      ppp_1_32_1  172.16.0.0/27        0.0.0.0/0
- ----8<----88---->8----
abbe [~] chateau % curl --interface aaa.bbb.ccc.ddd http://checkip.dyndns.org
Current IP CheckCurrent IP Address: aaa.bbb.ccc.ddd
- ----8<----8<----

Okay, in case if you mistakenly added some other address, instead of
WTOM's provided address to 'fxp0', don't worry, your packets are still
reaching their destination, it is just that the address you provided
doesn't route back to you, so you aren't getting any replies.

I tested this working not only Airtel's AS, but also in couple of
other AS'es also. Except commands there is nothing involved in this
post, which specific to GNU/Linux, so you can use your BSD box to bond
:).

Happy spoofing on public internet :)

HTH
Ashish Shukla

killall metacity; sawfish

So, I shifted to a Sawfish, a WM extensible in a dialect of Lisp. Following is my .sawfishrc:

(bind-keys global-keymap "W-x" 'call-command-with-output-to-screen)
(bind-keys global-keymap "W-F2" 'run-shell-command)
(bind-keys global-keymap "W-C-m" 'maximize-window)
(bind-keys global-keymap "W-C-w" 'unmaximize-window)
(bind-keys global-keymap "W-C-i" 'iconify-window)
(bind-keys global-keymap "W-F3" 'popup-window-menu)

Now, I can communicate securely over IRC using FiSH, available in FreeBSD for irssi as irc/irssi-fish. But whom do I communicate with ?

A Gnus Hack

;; Add to ~/.gnus
(defcustom my-inline-pgp-mails-list
  '()
  "List of email address which only accept inline-PGP signed mails"
  :type '(repeat string))

(defun my-list-all-recipients()
  "Lists all recipients in the current buffer"
  (interactive)
  (let ((list-of-recipients)
        (list-of-emails '()))
    (setq list-of-recipients (split-string (concat (message-fetch-field "to") ","
                                     (message-fetch-field "bcc") ","
                                     (message-fetch-field "cc")) ","))
    (dolist (recipient list-of-recipients)
      (when (string-match "\\([[:alnum:].-]+@[[:alnum:].-]*\\)" recipient)
        (add-to-list 'list-of-emails (match-string 1 recipient))))
    list-of-emails))

(defun my-sign-mail()
  "Sends a PGP signed mail depending on whether recipient allows PGP/MIME signed mails"
  (let ((recipients (my-list-all-recipients))
        (message-signed nil))
    (dolist (email my-inline-pgp-mails-list)
      (when (member email recipients)
        (message "Recipient found as %s" email)
        (mml-secure-sign-pgp)
        (setq message-signed t)
        (return t)))
    (unless message-signed
      (mml-secure-message-sign-pgpmime))))

(add-hook 'message-send-hook 'my-sign-mail)

Above Emacs Lisp code allows one to send PGP signed messages, in the way preferred by recipient. e.g. There are some lists which don’t allow multipart/signed message, so in order to post to those lists, one needs to send inline PGP signed messages. This piece of code takes care of all that. All you need to do is to specify email addresses which don’t acceptmultipart/signed messages using M-x customize-variable my-inline-pgp-mails-list. Happy Gnusing… ;)

P.S. The code is also pasted at paste.lisp.org.

Gmail on IPv6 – buggy last account activity information.

I’m accessing Gmail’s web UI over IPv6 internet since they launched ipv6.google.com. Recently I’ve noticed that they made available Last account activity information. So I clicked on that link to see my last account activity and I’m surprised to see an IPv4 address instead of an IPv6 address (expected). The IPv4 address is 238.149.219.9, which is a class D address reserved for multicasting. So, is this some kind of IPv{4,6} portability bug in their code, or ipv6.google.com acting as a proxy for mail UI running on IPv4 servers with a class D address assigned, hmm…?

format=flowed messages

format=flowed is a new way of posting text/plain messages so they can be displayed in any resolution in the desired way. For more information, check out RFC3676, Joe Clark‘s format=flowed FAQ. To send format=flowed, messages using a MUA (which sucks less), checkout Sending format=flowed messages. Details about format=flowed in Gnus will be posted later. Happy spamming format=flowed way… :)

Hotwire shell on FreeBSD

Interested in trying out Hotwire Shell (actually hypershell) on FreeBSD, checkout x11/hotwire-shell. Happy hacking…:)