I recently received an email from an Italian gentleman that stated my “Design of a Honeynet” paper was really neat and he wanted to translate it into Italian. Well lo and behold he sent me an email stating the translation is complete. Cool!
Monthly Archives: November 2003
DJB’s advice on buying a computer
D.J. Bernstein has advice on buying a computer workstation.
RealPlayer 8 woes on Redhat 9
I was trying to get RealPlayer 8 working on my Redhat 9 workstation so I could listen to NPR and ran into a problem. Apparently, Redhat 9 uses a new threading library NPTL which does not work with RealPlayer. But, there is a solution by using the old LinuxThreads implementation by exporting an environment variable, LD_ASSUME_KERNEL. I moved the realplay binary to realplay.old and created a script called realplay containing:
#!/bin/sh
LD_ASSUME_KERNEL=2.4.1 /usr/lib/RealPlayer8/realplay.old $*
Trusecure’s elite hax0r group
According to an article at BBC there is an “elite group of hacker infiltrators, codename IS/Recon (Information Security Reconnaissance)” at Trusecure which consists of “an average of five or six people … each with 20 to 30 personalities”. It seems their job is to gain access to different hacker groups, likely through IRC, lurk for awhile and then slowly build relationships which in turn leads to trust and what Trusecure is after: juicy details on virus authors, 0-day tools, and who’s who and what they’re doing.
Bruce Schneier on WGN Radio
Bruce Schneier will be interviewed on WGN Radio Chicago on 25 November from 9:00 PM – 11:00 PM. The shows title is “Moving Beyond Our Security Fears”. I’ll have to check it out.
Workstation upgrade from Redhat 7.3 to Redhat 9
I recently upgraded my desktop machine from Redhat 7.3 to Redhat 9. A few notes for posterity follow 
. First, I set up stow so my filesystem can be much cleaner than the last go-around. Stow is used in my case for the installation of compiled source programs that I have downloaded and want to install. It sets up symlinks in a common target tree (/usr/local/bin /usr/local/lib etc) from the source tree. Stow can then be used to easily remove the installed files by removing the symlinks it created or assist in upgrading software by pointing the symlinks to the newer source tree. Second, I was getting an error of no PTYs when running screen. Looking into the issue further I find that I need to mount /dev/pts. The /dev/pts is a pseudo filesystem consisting of /dev/ptmx which “hands out” pseudo terminals, which screen uses. Third, after using Mozilla 1.2.1 for an hour or so thinking for some reason it’s going to be faster than the other times I have run it I find myself at the download page for Firebird. The Firebird I download didn’t have the anti-aliased fonts Mozilla 1.2.1 had but I found the gtk2+xft tarball in http://ftp.mozilla.org/pub/mozilla.org/firebird/releases/0.7/. I found that you can find out the configure arguments by throwing “about:buildconfig” in the URL box. Fourth, fluxbox-0.9.6pre9 kicks ass!
WiFi IDS
I ran into a snort 802.11 patch. The newest rage, wifi IDS? According to the website http://www.snort-wireless.org “The Snort-Wireless project is an attempt to make a scalable (and free!) 802.11 intrusion detection system that is easily integratable into an IDS infrastructure. It is completely backwards compatible with Snort 2.0.x and adds several additional features. Currently it allows for 802.11 specific detection rules through the new “wifi” rule protocol, as well as rogue AP, AdHoc network, and Netstumbler detection. Many more new features are planned for future releases. Bascially, Snort-Wireless intends to eventually be the opensource answer to AirDefense.” Be sure to check out snort on a Linksys WRT54G too.
Fast Knoppix mirror
I found a screaming fast (475KB/sec) Knoppix mirror.