Tags: mac os x

03/31/17

  02:37:00 pm, by The Dreamer   , 1149 words  
Categories: Software, Networking

TP-Link TR-WR1043ND DoS Protection Feature and QUIC

So, discovered a problem with QUIC and my TP-Link TR-WR1043ND router the other day.

I have DoS security enabled on my, which will block hosts for ICMP-flooding, UDP flooding or TCP-SYN flooding. The default is for a 10 second sampling period, and triggers on 50 ICMPs or 500 UDPs or 50 TCP-SYNs....

Well, I fired up Chrome on my Mac (default browser is Safari, but it wouldn't open my HSA's website) And, suddenly, my Mac lost all Internet connectivity. Could still access all my local network devices, and then found that other devices (iPad) on my home network could still reach the outside world. Rebooting the Mac didn't help, nor did rebooting cable modem or router.

So, connected to my router from the Mac, to see if there any mysterious setting change (access controls?) that was getting in the way. When I happened to look at statistics, and it showed that I had hit a max of 563 udp packets during a 10 second window (to have DoS protection, statistics needed to be enabled. Which lead me to the DoS protection feature.

For some reason I had assumed it meant WAN side DoS, though it just says "protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood" It's from here that I can also control if it should respond to ping's on the WAN side and/or LAN side. I have it allowed for both, since ping is part of my internal Nagios check of it, and I used to have DSLreports pinging to generate latency graphs...

But, I guess it makes sense that it does internal hosts (as well?) To protect against a computer on my home network getting compromised and become a bot. Though that hasn't happened yet, as I have generally kept up with things at home.... (such as need to have antivirus software on my Macs... tried a number of free ones, but eventually purchased ClamXav, which I had used it when it was free to protect my work Macs.

So, what would be a reasonable setting for UDP-Flood protection that won't trigger due to Chrome's / Google's use of QUIC for https....likely due to having not used Chrome in a while, and it needing to update many of my extensions/apps as well as itself and other things. Though I still need to work out sync of bookmarks between my different browsers....

When looking at blocked hosts, found that my MacBookPro was also in the list, wonder when that had happened, as its been sleeping for some time now....plus I can't recall if I've gotten around to installing Chrome on it. Need to find a way to synchronize some/all of my apps between Macs.... The MacBookPro had reached a peak of 654 UDPs.... wonder if there's some way to monitor when it has blocked a host, etc. Didn't report anything in its internal logging, or daily email of logs.

Pages: 1· 2

06/29/13

  05:53:00 pm, by The Dreamer   , 1493 words  
Categories: Hardware, BOINC, Operating Systems

Another Radioactive@Home sensor in Manhattan, KS

So, there's this BOINC project out of Poland called Radioactive@Home, where you have a radiation detector hooked up to a computer taking samples, etc. Its my second BOINC project with a hardware sensor. Though I had signed up for this one first...back on June 16, 2011. QuakeCatcherNetwork had come later, but getting a sensor was quick (though there were delays in getting it working, they had switched to a new sensor where they didn't have Linux drivers yet...etc., etc.) But, doing Radioactive@Home took longer as sensors are built in batches, there had been early batches that I missed and I wasn't all that sure at first if I really wanted do go to the hassle of getting one.

But, then another user announced that he would do a group purchase of 50 or so, which it should cut shipping costs quite a bit by having a cheaper large shipment from Poland, plus domestic delivery for the last leg. The way delivery costs go, you can get up to 3 for the delivery charge...though most people only want one....at least initially.

Basically I ordered my first detector around August 2011, and finally received it in March 2012. And, it just runs...though occasionally I'll look to see if anything interesting is recorded (like the interesting trace for around the end of the world....)

Meanwhile, on June 26, 2012 there was an announcement of a new detector...a pretty looking one. My first sensor was a prototype type case with rough cutouts, etc. Not really bad looking, but still plain and crude looking. While the announced sensor looked neat, the kind of thing that I might considering putting on my desk at work....

So, there was basically an announcement that there wasn't going to be another bulk US purchase...so after some thought, I decided this new detector was just too pretty to pass up. So, I ordered one mid to late July, 2012. Got confirmation on July 23rd, 2012. 27 Euros for the detector plus 10 Euros for up to 3 detectors, more than 3 pay for the detector now, get bill for actually shipping cost later. Plus if I use PayPal to specify that I'll pay the transaction fees....

In the previous order, it had been requested that we have PayPal funds to pay for the transaction....or use a check. I had tried to keep a float of cash in my PayPal account....but when it finally came time to pay, there wasn't quite enough to do that, so I opted to just mail a check. For this second order, I went with PayPal and had PayPal add the transaction charges to my total.

First detector cost me $46.25 by personal check. Second detector cost me $47.36 (and conversion and including the transfer charge).... I sent the PayPal money on August 21, 2012.

And, then it was wait and wait and wait. I would check the boards now and then for updates...but it was mostly other people wondering the same thing.

Eventually, I stopped checking in...and kind of forgot all about the sensor. Though I did visit the site briefly, but didn't linger or read the detector threads...which I went to check what platforms the project supported. Because when I had originally ordered, I was down to a Solaris 10/x64 workstation, a Windows box, a first gen MacBookPro (32-bit Core Duo). and a dead Linux machine. Eventually, I got a computer to replace the dead Linux box...but I went with FreeBSD instead, and it eventually displaced the Solaris workstation. In February, 2013 while I was working late on my FreeBSD system, I saw the Windows box update itself and reboot, and then it failed to boot. It had killed itself....pretty much the same way my home Windows box had killed itself in an auto-update in February, 2012. I left it off, not sure what I would do with it....I thought about OmniOS or SmartOS...though it was a first gen i7, so no EPT for KVM. Eventually, I decided to install Ubuntu 12.04LTS on it....where its mainly backup for when my FreeBSD system crashes.... its one thing that new Seagate drives only have 1 year warranties...its another thing that they seem to have trouble lasting that long.....

And, then an iMac 27" appeared on my desk....back when it seemed bleak on getting FreeBSD working as my main workstation....I was talked into getting one. But, FreeBSD remains my main workstation....while there are somethings that the iMac is the only computer I have where things work (like being able to participate in WebEx, Lync, Google Hangouts or Xoom for web conferencing....plus it finally solves having mail staying open while I switch to the appropriate desktop to do whatever....I'm up to 17 now....where there are typically 4 to 12 windows...either of uniform size, or variable size, and some desktops the windows overlap, though that desktop is mainly for tailing logs.... Where I'm up to 2 full desktops and 2 half desktops for that.... Anyways, I had made a quick visit...because I wondered if Mac OS X was a supported platform (it wasn't) or if anybody was using FreeBSD for this project....didn't get any search hits. And, it seemed unlikely that the hardware part would work through the Linux emulation on FreeBSD (especially the Fedora 10, and I'm not sure what the process for converting to the CentOS 6 is, that wouldn't break all the things I'm using Linux emulation for....though it is mostly other BOINC projects.) Though doing the search now, I see that a couple days ago the question got raised....with not much luck on having it find the detector ... but ending with a link to a FreeBSD version of the application.... Though since I have a Linux system at my desk (where is primary purpose is to run VBoxHeadless containing Windows 7, for those occasions where I need to use vSphere Center...and passing the time doing BOINC)...I'll just go with running new detector should it ever arrive...on that.

Full story »

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 2 months 26 days 14 hours 35 minutes and 37 seconds until the end of time.
And, it has been 4 years 10 months 1 day 23 hours 27 minutes and 19 seconds since The Doctor saved us all from the end of the World!

Search

October 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 0
This seal is issued to lawrencechen.net by StopTheHacker Inc.
Website engine

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime