Tor & disabling IPv6 in Linux

23 06 2012

Install & configure tor / privoxy & proxychains

– Add a new repo

vi /etc/apt/sources.list

deb lucid main

– Get the key

gpg –keyserver –recv 886DDD89
gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add –

– Installapt-get update
apt-get install tor tor-geoipdb
apt-get install privoxy

– Check privoxy config to make sure listen address is & configure socks4a proxy

vi /etc/privoxy/config

forward-socks4a / .

– change keep-alive-timeout & socket-timeout to 600

keep-alive-timeout 600
socket-timeout 600

– Start privoxy

/etc/init.d/privoxy start

– Change your browser to point @ your proxy
– Check that you connect over tor

– Next up, install proxychains so you can use other tools over tor

apt-get install proxychains

– Verify the following line is in /etc/proxychains.conf

socks4 9050

– Remove tor & privoxy from startup (init when you need them)

update-rc.d -f tor remove
update-rc.d -f privoxy remove

– Start them up

service tor start
service privoxy start

– Check its working – “proxychains <command>”

root@bt:~# netstat -antp | grep LISTEN
tcp        0      0*               LISTEN      3569/privoxy
tcp        0      0*               LISTEN      3562/tor

root@bt:~# curl -s

root@bt:~# proxychains curl -s
|S-chain|-<>-<><>-<><>-OK Have fun, then shut em down when you are done

service privoxy stop
service tor stop

– There are many reasons you may not want IPv6 running on your machine (for example if you were using tor & didnt want IPv6 traffic to go directly to a target instead of via your IPv4 socks proxy)

root@bt:~# vi /etc/sysctl.conf

#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

root@bt:~# sysctl -p


Telstra3G USB in Linux

23 06 2012

Telstra 3G USB Dongles are good for connectivity on the go.

root@bt:~# lsusb | grep ZTE
Bus 001 Device 005: ID 19d2:0031 ONDA Communication S.p.A. ZTE MF110/MF636

root@bt:~# dmesg | grep ttyUSB
[ 2306.101269] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB0
[ 2306.101613] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB1
[ 2306.102140] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB2
[ 2306.102487] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB3

There is a hard way using wvdial etc – or an easy way. I chose the easy way – a great little script called sakis3g


wget “;
gunzip sakis3g.gz
chmod +x sakis3g
./sakis3g –interactive


root@bt:~/scripts# ./sakis3g connect USBINTERFACE=”3″ APN=”telstra.internet”

root@bt:~/scripts# ./sakis3g connect info
MF626s connected to Telstra (50501).
Connection Information

Interface: P-t-P (ppp0)

Connected since: 2012-06-11 20:52
Kilobytes received: 376
Kilobytes sent: 57

Network ID: 50501
Operator name: Telstra
APN: telstra.internet

Modem: MF626s
Modem type: USB
Kernel driver: option
Device: /dev/ttyUSB2

IP Address:
Subnet Mask:
Peer IP Address:
Default route(s):

root@bt:~/scripts# ./sakis3g disconnect

My Raspberry Pi comes to life

16 06 2012

Like most of the rest of the world’s IT population, I got excited about the Pi & ordered one.

It has arrived & I have had a little bit of time to play with it & I am pretty impressed.


The first thing to do was a case, I didnt want to short it out on anything & it just felt too fragile & vulnerable naked

I printed this one ( on some card (manila folder) & folded it up


A larger selection can be found here:


Next we need a Distro:

For each image, just use dd in Linux **Be Careful – make sure you have the right device to write the image to. This would be the SD card, not your hard drive !!

dd if=.img of=/dev/sdb

I have been primarily playing with the Debian Squeeze distro
User: pi / raspberry

Raspbian is based on Debian Wheezy, which is newer than Squeeze
User: root / raspbian

The developing Raspbmc (XBMC) looks very promising – I have watched a couple of movies with it, with no performance issues

Note: you need at least a 2GB SD card. Raspbmc will use the full size of your card.

**First boot needs internet (ethernet cable/ dhcp) – the installer prepares the sdcard, then raspbmc is downloaded & setup at first boot.


The Pi runs on 5v, connected via Micro USB – which can be supplied by pretty much any phone charger / USB port these days. The only recommendation provided by the vendor is choose a supply that will provide 5v and ~700mA. They will apparently run “stable” on any voltage between  4.75 and 5.25 volts.

Many people have been using the iPhone / iPad chargers without any issues (me included). But as an experiment, I decided to see what they were putting out. The Pi has two test ports TP1 & TP2 – these are to check the voltage being supplied to the board. There are mutterings about voltages under 5volt providing unexpected behavior on some boards.

I found that my white iPhone/iPod power supply (Rated @ 5V 1A dropped to about 4.8v when the Pi is running with HDMI, SD Card & USB WiFi Dongle.

Apple (A1205) Drops to about 4.8V under load

My HTC charger (Rated @ 5V 1A)performed about the same – around 4.8v under load

HTC (TC P300) Drops to around 4.8V under load

Another generic branded “Switching power supply” that was also rated @ 5V 1A showed the same voltage drop to around 4.8V under load.

Enter the Samsung Galaxy Tab 5V 2A charger, this bad boy kept me running at 5V under load.

Samsung (ETA-P10X) Keeps pushing 5V under load

The general consensus is that a 5V 1A phone charger should be fine, but if you are planning on plugging things into the USB port (WiFi / Storage etc) then you would be probably best off getting a higher rated PSU. I am going to check out Jaycar for a regulated 5V 2A supply next. Your results may vary, I didnt experience any strange issues or performance problems when running of any of the listed PSUs – but possibly got more interface drops on the USB WiFi adapter (thats a subject for another blog post).

On the subject of power – having such a tiny / portable device is much more useful when you can take it with you away from a power point. From our local Aldi store, I picked up a “Tevion MPP 7400” This is a portable 7400mAh Li-Po Battery Pack. This little guy has two USB ports on it & will apparently provide up to 2.1A on one, or 1A each with both in use. Its primarily aimed at charging a smartphone on the go, but it works beautifully as a portable power supply for the Pi. I have not tested how long it will keep the Pi running, but I was playing on it for several hours without the pack dropping an LED on the power meter.

Battery Pack – providing 4.78V under load – just within the allowable range – so far no problems, but we will see how it goes.

Well, that’s it for now, my Pi lives and breathes (as much as a piece of electronic equipment can) – time to try out some more distros & “projects” with it.

holy flapping mobile wireless batman

27 02 2012

I had been seeing more & more 10.x.x.x addresses blocked in my FW logs hitting the inside interface. The address range on my inside network is – so naturally I was concerned & wanted to know what the hell it was.

Digging through firewall logs, I found the MAC address of the offending device. It turned out to be my Wife’s mobile phone. Samsung Galaxy Ace.

What I saw was plenty of connections permitted on the internal address, then a couple blocked on a “random” 10.x.x.x address – followed by more on the internal address.

This cycle repeated for hours on end.

Trojan / Malware / What The ??

Using the MAC address – I checked the Assosciations to my Wireless Access point:

Sure enough, it turns out that the wireless connection is flapping like crazy. Dropping on & off my wireless network.

It drops off the network, Telstra gives it a private 10.x address

It get back on the WLAN, still transmitting on the 10.x until it gets a DHCP lease from my Access Point.

The traffic that it sends onto my wireless lan while it still has the 10.x address from Telstra is blocked – and reported.

Another mystery solved…… now to work out why its flapping so much – and not behaving like my Samsung Galaxy S2 – Associates once & is done with it (example below when I got home at 6pm)

Large URL List Processing

9 02 2012

So – a quick detour came to my attention in the form of a list of urls.

These 680 odd urls were neatly formatted in a list, and lets for this excercise say they presented an image.

Now what – copy & paste each one into a browser to see if it works – FAIL.


So – using simple cli-fu I verified the URLs were valid & then created a page, embedding them all in there.

First – run your list through wget to verify its valid & working

# wget –spider -i urls.txt -T 2 -t 1 -nv -o urls.out

Then just grep for the HTTP 200 OK string out of urls.out

# grep “200 OK” urls.out > urls.out.httpok

Then tack on the html code so you can browse them all at once

# cat urls.httpok | awk ‘{print “\<img width=\”200px\” src=\””$4″\”\ />”}’ > urls.htm

Then simply fire it up in your favourite browser

# firefox urls.htm

IPv6 Adventures – Part 1

31 01 2012

So – I decided it was finally time to finish implementing & document my IPv6 config – mainly so I remember how I did it, but also to help others on their IPv6 journey to the interwebs

High Level:

– Get a IPv6 subnet (duh) – This will depend on your scenario, several ISP’s offer native IPv6 (Internode) – mine does not (Telstra Bigpond).
– Configure a router / firewall / host with IPv6 address from your subnet
– Configure an IPv6 DNS address on that device to resolve AAAA records
– Bask in the IPv6ness of the interwebs – it looks eerily like the IPv4ness of the interwebs.

My Journey:

– I was already running the awesome Astaro for my border FW & home – which has great IPv6 support built in.
– I signed up for a subnet with Freenet6 / gogonet –


Ok, before we move on with turning the IPv6 up – you need to plan out a couple of things.

– Your IPv6 address is PUBLIC – it is reachable from the outside world, consider the consequences & firewall appropriately, also turn off NAT for IPv6 if your FW supports it – it will be a PITA when testing with your web browser & getting a different IPv6 address than you expect.

– IPv6 Subnetting – depending on the provider, you will be allocated something like a /56 subnet (4722366482869645213696 host IP’s — SERIOUSLY)

I broke my /56 up into /64 subnets for each zone (INSIDE / DMZ1 / DMZ2 / DARKNET) – still giving me 256 subnets containing 18446744073709551616 host addresses each …. I dont think im going to run out of addresses any time soon.

I could have broken em up into /96 subnets, giving me 1099511627776 subnets with 4294967296 (4 billion) hosts in each …. but really, when we are talking numbers like this, its just academic – use whatever fits your network design. I figured that im not going to ever need 256 subnets or more, so I just broke it up there, and /64 is a nice subnet mask boundry.

So what does this actually look like ?

2406:A000:F006:A400::/56 – My allocated IPv6 subnet from my tunnel broker

You can get some good info about your subnet using tools like

IP address: 2406:a000:f006:a400:0000:0000:0000:0000
type: GLOBAL-UNICASTnetwork2406:a000:f006:a400::
Prefix length: 56
Prefix address: ffff:ffff:ffff:ff00:0000:0000:0000:0000
address range start: 2406:a000:f006:a400:0000:0000:0000:0000
address range end: 2406:a000:f006:a4ff:ffff:ffff:ffff:ffff
total IP addresses: 4722366482869645213696

As I mentioned above, I carved out 4x /64 subnets from this.

You can do in offline, but I cheated & used this IPv6 subnet calc –

Here we go – nice & neat /64 subnets – im using 4 from the possible 256.


ffff:ffff:ffff:ffff:0000:0000:0000:0000 – /64 Mask

Now that we have our subnets planned out, we can continue on to implementation

Next Time ….

History of Operating Systems

9 03 2011