Home » Posts tagged "network" (Page 17)

在攻擊時總是挑最弱的一環:NSA 對 DH 的攻擊

在「How is NSA breaking so much crypto?」這邊提到了 2012 年有文章說明 NSA 有能力解開部份的加密通訊,而後來 Snowden 所提供的資料也證實了這點:

In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

但在這之前一直都不清楚是怎麼解出來的,直到最近才猜測應該是 Diffie-Hellman 的強度以及實作問題:「Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice」。


We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.

作者群給的建議有三個方向,一個是把長度加長到 2048 bits,另外一個是改用 ECDH,而最差的情況 (如果還是需要使用 1024 bits DH) 則是避免使用固定的 prime number。

在 LAN 裡把 TCP timestamps 關閉擠出頻寬

由於 TCP timestamps 會使得封包多 12 bytes,關掉後可以在 LAN 裡面擠出頻寬,是個小孩子不要亂學的方法:「Save Some Bandwidth By Turning Off TCP Timestamps」。

文章裡是在 10Gbps 網路上測試,看測出來的圖片也只是一點點 (不到 1%),但仍然是有提昇:

Results show that it's reasonable to turn off timestamps on 10GE interfaces, but keep in mind that it should be performed only in low latency networks.

沒必要就不要亂動 :o

拿 Openvirtuals 的主機跑 Syncthing...

Low End Box 上逛到的主機商 Openvirtuals,在 LEB 上看到的優惠已經沒了,但點進去後看到 Buffalo 的主機年繳有 50% off,加上硬碟空間又大,就決定弄一台玩玩...

SSD-CACHED 的 Mini 是 256MB RAM + 512MB vSwap 以及 90GB 空間,要 USD$16/year,而 Standard 的都是兩倍,但只要 USD$20/year,就決定買 Standard 了...

後台的功能比想像中完整,這是系統資訊與狀態的畫面,功能其實不比 DigitalOcean 差 (不過畫面就普普通通了):

裝了 Ubuntu 14.04 64bits 跑,不過 Linux kernel 偏舊了點,是 2.6.32,查了一下維基百科上的資料,應該是 2009 年底的版本,是目前唯一一個 2.6 上有繼續維護的版本:

Linux two 2.6.32-042stab108.2 #1 SMP Tue May 12 18:07:50 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux

網路的部份,實際測試時發現不是很穩定,HiNet 過去有時候會有不低的 packet loss,可能是中間有線路因為 DDoS 造成不穩定。

反正只是要跑 Synthing 也還好,就先這樣丟著... 上面順便跑個 rtorrent 幫忙 Ubuntu 分擔 ISO Image。

在 Cisco Router 上被植入的後門

FireEye 發表了一篇在 Cisco Router 上發現被植入的後門:「SYNful Knock - A Cisco router implant - Part I」。

發現這些被植入的 router 被散佈在四個地區:

Mandiant can confirm the existence of at least 14 such router implants spread across four different countries: Ukraine, Philippines, Mexico, and India.


  • Cisco 1841 router
  • Cisco 2811 router
  • Cisco 3825 router


SYNful Knock is a stealthy modification of the router's firmware image that can be used to maintain persistence within a victim's network. It is customizable and modular in nature and thus can be updated once implanted. Even the presence of the backdoor can be difficult to detect as it uses non-standard packets as a form of pseudo-authentication.

最主要的重點是把記憶體保護機制關閉 (都變成 RW):

The malware forces all TLB Read and Write attributes to be Read-Write (RW). We believe this change is made to support the hooking of IOS functions by loaded modules.

文後也有提到 Cisco 的文章,如何 dump image 分析:「Offline Analysis of IOS Image Integrity」。

.onion 的域名保護

.onion 被用在 Torhidden service,而現在從不同的面向要保護這個 root domain 不被註冊,在 IETF 的 blog 上看到「.onion」這篇文章就是其中一個方向。

這邊的計畫是把 .onion 域名當作像是 .local.localhost.example 這樣的特殊域名保護 (參考 RFC 6761「Special-Use Domain Names」) 而提了一個新的 RFC (目前是 draft):「The .onion Special-Use Domain Name」。

如果通過的話,就有一個標準可以遵循,不然現在對 .onion 一直都是 De-facto standard...

AWS Public IP 的變動可以透過 Amazon SNS 訂閱

在「Subscribe to AWS Public IP Address Changes via Amazon SNS」這邊提供利用現有的 Amazon SNS 所提供的新功能。

依照說明,訂 arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged 就可以了:



不過之前就可以 polling 了,這個功能好像還好...

Hacking Team 的 BGP Routing Hijack

Hacking Team 的事情告訴我們,只能是能做的,都有人會包成 Total Solution 賣。

洩漏出來的資料說明了 Hacking Team 在 2013 年幹的 BGP Routing Hijack:「How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack」。

The Wikileaks document described how the Italian ROS reached out to Hacking Team to work together on recovering the VPS server that ran on In ROS terminology, the server was called “Anonymizer”. The emails also revealed that this server relays updates to another back end server called “Collector” from which ROS presumably recovers the targets’ data.


When we look at historical BGP data we can confirm that AS31034 (Aruba S.p.A) indeed started to announce the prefix starting on Friday, 16 Aug at 2013 07:32 UTC. The Wikileaks emails outline how ROS complained to Hacking Team that the IP was reachable only via Fastweb but not yet through Telecom Italia, concluding not all RCS clients were able to connect back to the server immediately, since the prefix was not seen globally. BGP data further confirms this per the visualization below.

這些主要的 ISP 分別是:

AS12874 Fastweb
AS6939 Hurricane Electric, Inc.
AS49605 Reteivo.IT
AS4589 Easynet
AS5396 MC-link Spa


這也證明了「鎖 IP」的方法其實還是很危險的。

超慢的 Facebook...

今天的 Facebook 慢到爆炸,看起來像是台灣機房的問題,這邊先提供 workaround:

把 DNS 改用,看起來 DNS 會解去洛杉磯的機房,速度就會正常多了。

接下來列出看到的結果,靜態的頁面 (拿 /robots.txt 測試) 沒問題:

Server Software:        
Server Hostname:        www.facebook.com
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-ECDSA-AES128-GCM-SHA256,256,128

Document Path:          /robots.txt
Document Length:        4159 bytes

Concurrency Level:      1
Time taken for tests:   0.792 seconds
Complete requests:      20
Failed requests:        0
Total transferred:      99000 bytes
HTML transferred:       83180 bytes
Requests per second:    25.24 [#/sec] (mean)
Time per request:       39.612 [ms] (mean)
Time per request:       39.612 [ms] (mean, across all concurrent requests)
Transfer rate:          122.03 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       28   30   0.6     30      31
Processing:     9   10   0.3     10      10
Waiting:        9    9   0.2      9      10
Total:         38   39   0.7     39      41

Percentage of the requests served within a certain time (ms)
  50%     39
  66%     40
  75%     40
  80%     40
  90%     40
  95%     41
  98%     41
  99%     41
 100%     41 (longest request)


Server Software:        
Server Hostname:        www.facebook.com
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-ECDSA-AES128-GCM-SHA256,256,128

Document Path:          /
Document Length:        0 bytes

Concurrency Level:      1
Time taken for tests:   20.294 seconds
Complete requests:      20
Failed requests:        0
Non-2xx responses:      20
Total transferred:      6700 bytes
HTML transferred:       0 bytes
Requests per second:    0.99 [#/sec] (mean)
Time per request:       1014.690 [ms] (mean)
Time per request:       1014.690 [ms] (mean, across all concurrent requests)
Transfer rate:          0.32 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       28   30   0.9     29      32
Processing:   151  985 1144.5    567    4939
Waiting:      151  985 1144.5    567    4938
Total:        180 1014 1145.1    597    4971
WARNING: The median and mean for the initial connection time are not within a normal deviation
        These results are probably not that reliable.

Percentage of the requests served within a certain time (ms)
  50%    597
  66%   1226
  75%   1279
  80%   1667
  90%   2267
  95%   4971
  98%   4971
  99%   4971
 100%   4971 (longest request)