MavEtJu's Distorted View of the World - 2003-11

Posted on 2003-11-25 14:18:03, modified on 2006-01-09 16:29:21
Tags: Networking, Rant

There is an old joke: The great thing about standards is there are so many to choose from.. This log is not about that but more about the point that if you stick to a standard you should implement it properly.

Comindico is one of the australian providers for dialin services. If you are an ISP the workflow goes like this: An user dials in to a Comindico terminal server, that terminal server asks the Comindico radius server for authentication, that radius server asks your radius server for authentication and the yes or no goes back the whole way to the terminal server which either lets you in or disconnects you. Works fine in theory, and mostly in real life too.

Your radius server can give more information to the Comindico radius server, for example an IP address and subnet mask. An maximum session time limit and your DNS servers. It all works fine, as long as you keep in mind that you take the right attributes and dictionary.

Comindico says "Please use Ascend-Client-Primary-DNS and Ascend-Client-Secondary-DNS for this". They are defined in the Ascend dictionary (number 529) as attributes number 135 and 136.

Except in the radius server from Comindico, there they are in the default dictionary.

With the result that their broken radius doesn't understand my perfectly legal answer with all the information in it. And I have to put these attributes in my default dictionary, where they will be overwritten the moment I update my software and the whole system will come apart if the IANA ever approves attributes 135 and 136 in the default dictionary.

Moral of the story: If you use an open standard, use it the way it was intended to be and don't invite your own wrapper around it.

This whole story wouldn't have been here if I wasn't reminded about this whole drama by the move to a new ADSL provider which is nothing more or less than a reseller of the Comindico ADSL services. Once we finally had the authentication of our users working, we couldn't get the DNS servers configured correctly because they haven't figured out the story above yet. If ever.

Standard compliant radius packet:

13:30:56.513559 172.16.1.10.1812 > 192.168.1.14.4738: rad-access-accept 62 [id 68]
Attr[ Framed_ipaddr{203.111.122.2} Framed_ipnet{255.255.255.255}
Vendor_specific{........X.} Vendor_specific{........X.}
Session_timeout{168:00:00 hours} ]
0x0000   4500 005a bba3 0000 3f11 b8ae dab9 580a        E..Z....?.....X.
0x0010   cb6f 090e 0714 1282 0046 0eb6 0244 003e        .o.......F...D.>
0x0020   6224 b0bb d92e 341e 14dd e2c2 b0ce abde        b$....4.........
0x0030   0806 cb6f 7a02 0906 ffff ffff 1a0c 0000        ...oz...........
0x0040   0211 8806 dab9 5801 1a0c 0000 0211 8706        ......X.........
0x0050   dab9 580e 1b06 0009 3a80                       ..X.....:.

Comindico compliant radius packet:

13:28:51.958102 172.16.1.10.1812 > 192.168.1.14.4738: rad-access-accept 50 [id 67]
Attr[ Framed_ipaddr{203.111.122.2} Framed_ipnet{255.255.255.255}#136#135
Session_timeout{168:00:00 hours} ]
0x0000   4500 004e f27a 0000 3f11 81e3 dab9 580a        E..N.z..?.....X.
0x0010   cb6f 090e 0714 1282 003a a842 0243 0032        .o.......:.B.C.2
0x0020   c1a0 ac29 4931 4fbf 3440 7714 9d52 c3ea        ...)[email protected]..
0x0030   0806 cb6f 7a02 0906 ffff ffff 8806 dab9        ...oz...........
0x0040   5801 8706 dab9 580e 1b06 0009 3a80             X.....X.....:.

Spot the difference. And be afraid.

Posted on 2003-11-25 10:08:26, modified on 2006-01-09 16:29:21
Tags: Memories, My Computers

The first computer I ever used was the Philips Videopac G7000. My father brought it home from work now and then and I wasted afternoons playing on it.

It was a game console, but not one like you know today. Instead of true colour 3D imaging, this thing had pixels the size of your thumb. Instead of a gyroscopic multifunction gamecontroller, it had an analogue joystick with one button...

As you can see on this picture, the images weren't perfect and the story line was either "Shoot me or I'll shoot you" or a thinking game. The keyboard was a 'push-through' plastic plate which would have given everybody RSI.

Unfortunatly I don't remember much of it, I was too young to understand what the impact of this machine was. All I saw where enemy ships on the screen which I had to bomb with my torpedos while they tried to bomb me with their depth charges.

Some links to other sites:

Philips Videopac and Philips Videopac G7000 page.

Show 2 comments | Share on Facebook | Share on Twitter

Posted on 2003-11-23 22:36:36, modified on 2006-01-09 16:29:21
Tags: Rant, Spam

Since the last two weeks I have been receiving email bounces with [email protected] as source address.

Posted on 2003-11-22 23:44:06, modified on 2006-01-09 16:29:21
Tags: Sports

Why Australia wouldn't win the 2003 Rugby World Championship.

It was all predictable:

• 1992 and 2003 - The final game is England versus Australia.
• 1992 and 2003 - Australia beats Ireland with just one point.
• 1992 and 2003 - Australia beats New Zealand without any problems.
• 1992 and 2003 - Bush declares war on Iraq.
• 1992 and 2003 - The home-side team loses the final match.

So everybody who thought Australia would win because of the similarities in the history... If you forget history, you are forced to live it again!

Posted on 2003-11-21 23:47:26, modified on 2006-01-09 16:29:20
Tags: Coding, Networking, DHCP, DHCPDUMP

DHCPDUMP version 1.6 is released.

Fixed are:
- display of pad options
Added are:
- display of option 83 (and others)
- flushing of stdout after printing one packet.

Available via http://www.mavetju.org/unix/general.php.

Posted on 2003-11-20 18:58:47, modified on 2006-01-09 16:29:21
Tags: Voice over IP, DHCP, Alcatel

How to configure the ISC DHCP server to serve the Alcatel Voice over IP phones.

At BarNet, we are testing Voice over IP phones from Alcatel. C., The company which helps us with it isn't really up to date with their IP network skills. With the result that I had to spent the last days with trying to find out how to configure the ISC DHCP server properly for these phones. Fortunatly that I got some Alcatel OmniPCX 4400 manuals via a friend which described exactly what I needed to configure.

Please take note that...

• If somebody says that the manuals don't exist, don't believe them. The name of the PDF files is 03-IP-Phones-03.pdf, they are available from http://business.alcatel.com (on which I don't have an account and C. didn't want me to look around).
• Alcatel VoIP phones do need two DHCP options in the answer but don't ask for them. I call this broken.

So here is the config for the ISC DHCP:

class "ipphone" {
  match if option vendor-class-identifier = "alcatel.tsc-ip.0";
  option dhcp-parameter-request-list 1,3,28,43,54,58,59,60,66,67;
  option vendor-encapsulated-options "alcatel.a4400.0";
  option tftp-server-name "10.192.13.10";
  option bootfile-name "ST_JAMES";
}

That's a little bit shorter than the two pages of "click here, tick this button" for the Windows DHCP servers, isn't it?

Posted on 2003-11-18 19:00:00, modified on 2006-01-09 16:29:21
Tags: Radio, Rant

What is news, what is entertainment?

Emmanuel Goldstein in Off The Wall on 18 November 2003: You know what this means? It doesn't matter what happens in the rest of the world for the next six months at least. It's gonna be Michael Jackson this that everywhere. Aliens landing from Mars? You can do that in the entertainment section, you have to deal with Michael Jackson in the second and third news story.

Posted on 2003-11-18 00:14:19, modified on 2006-01-09 16:29:21
Tags: Networking

What started as two people on level 14 of the St James Hall building who couldn't work anymore at the end was nothing less than a whole floor who didn't have internet access.

Monday late in the afternoon I was experimenting with a guy from C. (the telephone company used by BarNet) to get an Voice over IP card working. Didn't work, at the end he pulled out all cables from the PBAX towards the router and went home.

At that same moment SJH level 14 disappeared from the network and nobody informed us that the internet didn't work again (this was 16:22)

The next morning, because nobody had informed us, it still was gone from the network. Interestingly enough, two people complained at our standby phone saying that their internet didn't work. A quick scan showed their IP addresses as 169.254.x.x, meaning: no answer from the DHCP server. Big mistery, I hadn't changed anything in the DHCP configuration for that subnet last night.

Michael had to go to court, so I jumped on the train to the SJH building and started to look what was actually happening. No answer from the DHCP server, no packets over the line, nothing. Two more people came to me saying that their internet didn't work. This was strange, suddenly the whole floor seemed to be out!

Level 13 and level 14 of the SJH building are on the same IP subnet, so why could one work and one not? The lights at the switch were on. Except for one: the one to the switch/router. Back on level 13 my biggest fears got confirmed: The interface towards level 14 didn't have a network cable in it. And the cable which came from level 14 was plugged in into a port on the switch on level 13.

Quickly plugging them back solved the problem. According to C., the company who had done work the day before in that room, they hadn't touched that cable. Gnomes. Network gnomes. Or people who don't want to say they screwed it up.