Category Archives: Networking

Issues and news relating to networking.

Terahertz wireless chip brings 30Gbps networks, subcutaneous scanning

Posted on by

Rohm, a Japanese semiconductor company, has created a silicon chip and antenna that’s currently capable of transmitting 1.5Gbps, with the potential to scale up to 30Gbps in the future. By comparison, the fastest 802.11 (WiFi) transmission speeds max out at around 150Mbps, and the incoming WiGig standard peaks at 7Gbps.

via Terahertz wireless chip brings 30Gbps networks, subcutaneous scanning | ExtremeTech.

Shoreline Firewall

Posted on by

Shoreline Firewall.

The Shoreline Firewall, more commonly known as Shorewall, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and there is no Shorewall process left running in your system. The /sbin/shorewall program can be used at any time to monitor the Netfilter firewall.

Schneier on Security: My Open Wireless Network

Posted on by

Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

via Schneier on Security: My Open Wireless Network.

nf_conntrack and the conntrack program

Posted on by

Anyway I did at a fast cat /proc/net/nf_conntrack | grep 5060 to get all connection tracking entries for SIP. And I found more than one, here is on example.

via nf_conntrack and the conntrack program | Robert Penz Blog.

More info on conntrack here…

The timeout for this entry is 180 sec and 172 seconds to go, and the SIP client was all the time sending new probes and therefore the connection was never dropped. What can you do in this instance? You can install conntrack. It is a userspace command line program targeted at system administrators. It enables you to view and manage the in-kernel connection tracking state table. If you want to take a look at the manual without installing it (apt-get install conntrack) you can take a look at this webpage which contains the man page. With this program I did delete the entries with the wrong IP address and everything worked again.

How Computer Browser Service Works: Browser Service

Posted on by

Every computer running Windows that has the file sharing component installed and enabled on a network interface broadcasts a periodic (every 12 minutes) Host Announcement message on the local subnet. On the master browse server for the subnet, these messages are used to maintain the list of available servers in the browse list

via How Computer Browser Service Works: Browser Service.

This is a very noisy service — especially on a network that doesn’t care about browser services.

Corosync

Posted on by

http://corosync.org/doku.php

The Corosync Cluster Engine is a Group Communication System with additional features for implementing high availability within applications. The project provides four C Application Programming Interface features:

  • A closed process group communication model with virtual synchrony guarantees for creating replicated state machines.
  • A simple availability manager that restarts the application process when it has failed.
  • A configuration and statistics in-memory database that provide the ability to set, retrieve, and receive change notifications of information.
  • A quorum system that notifies applications when quorum is achieved or lost.

Our project is used as a High Availability framework by projects such as Apache Qpid and Pacemaker.

We are always looking for developers or users interested in clustering or participating in our project.

The project is hosted by Fedora Hosted and the The Linux Foundation.

Force iptables to log messages to a different log file

Posted on by

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.

By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks

Via Force iptables to log messages to a different log file.