--- Log opened Thu Jul 29 00:00:09 2010
00:11 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has joined #se2600
00:48 -!- CRasH180 [~CRasH180@pdpc/supporter/silver/CRasH180] has quit [Quit: leaving]
04:07 -!- brimstone [~brimstone@pdpc/sponsor/digium/brimstone] has quit [Ping timeout: 248 seconds]
04:07 -!- remoford [~remoford@c-76-22-152-27.hsd1.tn.comcast.net] has quit [Ping timeout: 265 seconds]
04:08 -!- brimstone [~brimstone@the.narro.ws] has joined #se2600
04:08 -!- brimstone [~brimstone@the.narro.ws] has quit [Changing host]
04:08 -!- brimstone [~brimstone@pdpc/sponsor/digium/brimstone] has joined #se2600
04:08 -!- mode/#se2600 [+o brimstone] by ChanServ
04:09 -!- remoford [~remoford@c-76-22-152-27.hsd1.tn.comcast.net] has joined #se2600
04:09 -!- mode/#se2600 [+o remoford] by ChanServ
07:30 -!- Dolemite [~scott@99-2-142-130.lightspeed.nsvltn.sbcglobal.net] has quit [Disconnected by services]
07:30 -!- Dolemite [~scott@99-2-142-130.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
07:30 -!- Dolemite is now known as Guest71167
07:31 -!- Dolemite_ [~scott@99-2-142-130.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
07:31 -!- mode/#se2600 [+o Dolemite_] by ChanServ
07:31 <@Dolemite_> mr0ning, be0tches and h0ez!
07:36 -!- Dolemite_ [~scott@99-2-142-130.lightspeed.nsvltn.sbcglobal.net] has quit [Quit: brb]
07:36 -!- Dolemite_ [~scott@99-2-142-130.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
07:36 -!- mode/#se2600 [+o Dolemite_] by ChanServ
07:37 <@Dolemite_> Hrmm, says my nickname is temporarily unavailable.  Must be freenode having a schizophrenic day.
08:21 -!- Curbob [~curbob@12.97.163.66] has joined #se2600
08:45 -!- epoxy [~epoxy@dialin.inttek.net] has joined #se2600
10:15 -!- nefD [~nefD@adsl-068-016-097-246.sip.asm.bellsouth.net] has quit [Quit: Leaving]
10:17 -!- nefD [~nefD@adsl-068-016-097-246.sip.asm.bellsouth.net] has joined #se2600
10:38 -!- scribbles [scribbles@unaffiliated/scribbles] has quit [K-Lined]
10:47 -!- Venom_X [~pjacobs@adsl-99-3-159-249.dsl.hstntx.sbcglobal.net] has joined #se2600
10:47 -!- mode/#se2600 [+o Venom_X] by ChanServ
11:49 -!- epoxy [~epoxy@dialin.inttek.net] has quit [Quit: Leaving]
12:19 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has quit [Quit: Leaving.]
12:20 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has joined #se2600
12:23 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has quit [Client Quit]
12:24 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has joined #se2600
12:34 -!- Dolemite_ is now known as Dolemite
15:34 -!- Venom_X [~pjacobs@adsl-99-3-159-249.dsl.hstntx.sbcglobal.net] has quit [Quit: Venom_X]
15:39 -!- notYoCheese [~boster@hofner.dreamhost.com] has quit [Remote host closed the connection]
15:44 -!- Dagmar [1000@unaffiliated/dagmar] has quit [Read error: Connection reset by peer]
16:03 -!- Dan9186[MM] [~dan9186@c-75-64-187-229.hsd1.tn.comcast.net] has left #se2600 []
16:47 -!- dagmar [1000@unaffiliated/dagmar] has joined #se2600
16:47 -!- mode/#se2600 [+o dagmar] by ChanServ
16:47 -!- dagmar is now known as Dagmar
17:39 -!- Mercster [~merc@zeniv.linux.org.uk] has quit [Quit: leaving]
18:18 <@Dagmar> fuuu-uuuu-....
18:18 <@Dagmar> http://www.colbertnation.com/the-colbert-report-videos/341482/july-28-2010/republican-gubernatorial-primary-battle-watch--010---tennessee
18:20 <@Dagmar> So messed up that Steven Colbert can't even keep a straight face
18:33 -!- hobbes615 [~ryan@unaffiliated/hobbes615] has joined #se2600
18:51 <@Shadow404> so anyone from 770/404/678 area going to the even this weekend wanna carpool?
18:55 -!- hobbes615 [~ryan@unaffiliated/hobbes615] has quit [Ping timeout: 265 seconds]
19:00 -!- hobbes615 [~ryan@unaffiliated/hobbes615] has joined #se2600
19:15 -!- epoxy [~ls3@71-15-26-216.dhcp.hlrg.nc.charter.com] has joined #se2600
19:32 <@Dagmar> 49cc bike, <=$450 http://nashville.craigslist.org/mcy/1869982813.html
19:51 -!- hobbes615 is now known as hobbes``
20:28 -!- hobbes`` [~ryan@unaffiliated/hobbes615] has quit [Quit: This computer has gone to sleep]
21:16 -!- Corydon76-dig [five@c-69-137-80-31.hsd1.tn.comcast.net] has quit [Ping timeout: 265 seconds]
21:16 -!- oddball [~oddball@c-76-22-243-130.hsd1.tn.comcast.net] has quit [Read error: Operation timed out]
21:16 -!- Evilpig [~wilpig@wilpig.org] has quit [Ping timeout: 240 seconds]
--- Log closed Thu Jul 29 21:16:40 2010
--- Log opened Thu Jul 29 21:26:03 2010
21:26 -!- hobbes`` [~ryan@173.13.247.210] has joined #se2600
21:48 -!- oddball [~oddball@c-76-22-243-130.hsd1.tn.comcast.net] has joined #se2600
22:02 -!- mdwright [~mdwrigh2@cpe-173-095-139-212.nc.res.rr.com] has quit [Ping timeout: 265 seconds]
22:22 <@digitalirony> can some one help me out with a packet capture
22:22 <@digitalirony> http://denzel.x10hosting.com/DNS
22:22 <@digitalirony> I am trying to figure out why the forged packet is being ignored
22:27 -!- hobbes`` [~ryan@173.13.247.210] has quit [Ping timeout: 265 seconds]
22:31 -!- hobbes`` [~ryan@c-98-204-51-23.hsd1.dc.comcast.net] has joined #se2600
22:42 <@Dagmar> Maybe if you try again later with a parsed text format
22:46 <@digitalirony> k
22:47 -!- Corydon76-dig [orange@c-69-137-80-31.hsd1.tn.comcast.net] has joined #se2600
22:48 -!- mode/#se2600 [+o Corydon76-dig] by ChanServ
22:48 -!- flava [flava@divide.by.zero.at.shellium.org] has joined #se2600
22:48 < flava> hey everybody
22:50 < flava> You guys want a plaintext dump of the capture file?
22:50  * digitalirony points at Dagmar 
22:51 <@Corydon76-dig> Leave it to NES to have no redundancy
22:52 <@Corydon76-dig> Fucking hour long power outage in Antioch
22:52 <@digitalirony> damn
22:52 < flava> ok so I have a question
22:53 < flava> here is a capture of myself nslookup-ing some domain and spoofing a response to it
22:53 < flava> however nslookup ignores the forged response and waits for the real one to come in
22:53 < flava> http://denzel.x10hosting.com/DNS
22:53 < flava> if you look at the capture, the faked packet is flawless
22:53 < flava> so why does it get ignored?
23:03 <@Corydon76-dig> flava: are you sure it actually waited for the second response and the second didn't just overwrite the first in the cache?
23:04 < flava> hmmmmm.... no I'm not sure
23:04 < flava> but the second came almost a second after the first
23:04 <@Corydon76-dig> One thing I would suggest is to mark the response as authoritative.  A non-authoritative response should never override the first
23:05 < flava> ok thanks. That's the most intelligent answer I've heard from anyone so far :)
23:05 < flava> What cache are you talking about by the way?
23:06 <@Corydon76-dig> The dns server (or proxy) internal cache
23:06 <@Corydon76-dig> It should cache a response for as long as the TTL
23:07 < flava> Ok well the first packet is being sent from my machine that I nslookup-ed on. The second is sent from the same machine running my program; this is the one that gets ignored.
23:07 < flava> The third one that arrives way later is the legitimate one. The DNS server doesn't ever know about this spoof.
23:09 <@Corydon76-dig> Do you have two ethernet cards in your box?
23:09 < flava> No, I've got a single wireless interface.
23:10 <@Corydon76-dig> Okay, that's probably why.  Your DNS server never saw your forged packet
23:10 <@Corydon76-dig> because it arrived via lo0, not eth0
23:10 < flava> Well the forged packet is just trying to trick localhost into accepting a fake IP.
23:11 < flava> At the moment I'm spoofing the same computer I'm nslookup-ing on.
23:11 <@Corydon76-dig> Right, but the DNS server has bindings to each interface on the box
23:11 < flava> You've lost me again.
23:12 <@Corydon76-dig> Your forged Ethernet packet did not actually arrive on your Ethernet interface
23:12 <@Corydon76-dig> It arrived on your localnet interface
23:12 < flava> Well the SOCK_RAW I sent it from is bound to eth1 not lo.
23:12 < flava> So that didn't seem like it would be a problem..
23:13 <@Corydon76-dig> Possible, but you won't receive that packet on the same interface on which you transmitted it
23:13 < flava> Because eth1 can't transmit and receive at the same time?
23:14 <@Corydon76-dig> On a switch, packets aren't routed back to the same interface on which it receives a packet.  And on a hub, if you do that, your Ethernet interface sees that as a collison
23:14 < flava> Ok so I should try the nslookup on a separate box?
23:14 < flava> I'm on a hub by the way.
23:14 <@Corydon76-dig> So what your kernel probably did was to reroute the packet through localnet
23:15 <@Corydon76-dig> So yes, you should try doing this on a separate box
23:15 < flava> Just curious, are you a DNS guru for a living?
23:15 -!- hobbes`` [~ryan@c-98-204-51-23.hsd1.dc.comcast.net] has quit [Ping timeout: 240 seconds]
23:16 < flava> And I'll try it on a separate box and report back later.
23:16 <@Corydon76-dig> No, not even close.  I'm a Unix programmer
23:16 < flava> You're good.
23:16 < flava> :)
23:16 <@Corydon76-dig> I understand quite a lot about kernel networking architecture, though
23:16 < flava> Any advice for a budding *nix programmer? :P
23:17 <@Corydon76-dig> and filesystems, scheduling, and a lot of other stuff the kernel does
23:17 <@Corydon76-dig> Depends upon what you want to do
23:17 < flava> Oh well I haven't decided yet.
23:18 <@Corydon76-dig> A good textbook is "Design and Implementation of the 4.4 BSD Operating System"
23:18 <@Corydon76-dig> While there are more advanced topics available with most kernels, everything that that book covers is still relevant today, and will give you a good base from which to expand your knowledge
23:19 < flava> Ok, I'll see if the library has it lol. Thanks for your help; I'll probably be back.
23:19 <@Corydon76-dig> and then there's all of W Richard Stevens' library of textbooks
23:20 <@Corydon76-dig> APUE is good, but so are the networking series
23:20 < flava> Ok one thing at a time, I still have some of my summer left :)
23:20 <@Corydon76-dig> They are a little dated in some ways, but Stevens is dead, so they won't be getting revised
23:21 <@Corydon76-dig> APUE isn't a book that you read and then sell.  I got it long after I left college, and I keep them around.  They're great references
23:21 < flava> Haha well that's good to know. I hate reading textbooks where everything has already been deprecated.
23:22 <@Corydon76-dig> APUE=Advanced Programming in the Unix Environment
23:22 < flava> Sounds fancy.
23:23 <@Corydon76-dig> Not so much deprecated, but there are newer interfaces that have been added since
23:23 <@Corydon76-dig> A good site that I use while programming is google with the "site:opengroup.org".  opengroup.org is where existing and future POSIX specifications are detailed and discussed
23:24 < flava> Yeah I've haven't been in the scene long enough to know what's added or removed.
23:24 <@Corydon76-dig> It's another great resource when you're trying to write portable programs
23:24 < flava> Cool.
23:24 <@Dagmar> http://failblog.org/2010/07/27/warning-fail-or-win/
23:24 <@Dagmar> *shudder*
23:25 <@Corydon76-dig> Effective
23:26 < flava> That's a good one.
23:26 -!- hobbes`` [~ryan@173.13.247.210] has joined #se2600
23:26 < flava> haha
23:40 -!- todd [todd@highland.mtn.cc] has quit [Ping timeout: 260 seconds]
23:47 -!- todd [todd@highland.mtn.cc] has joined #se2600
--- Log closed Fri Jul 30 00:00:09 2010