Static in the Ether » Networking

A Mafia take on the OSI stack

Barry Irwin — Wed, 29 Oct 2008 08:29:39 +0000

Laura A. Robinson has a nice piece describing the traditional OSI stack in terms of the negotiation of a meeting between two mafia a Dons. While probably not for the technically minded ( I’m sure most people in the networking and security fields have their own little mnemonics to remember the PDNTSPA acronym), I think it may serve as a useful example when illustrating things to people who have at least seen the Godfather trilogy or the Sopranos.

New Infosec Viz Tool – Picviz

Barry Irwin — Fri, 24 Oct 2008 06:48:46 +0000

Version 0.3 of PicViz has been released, based on python and QT – which bodes well for potential portability. This is yet another tool to help one actually filter through piles of connections, using a classic parallel axis setup. Drilldown is offered. Some example renderings of the Kaminsky DNS attacks are available.

A more advanced version of the kind of output achievable is also provided showing how with the help of a pre-processing script, the SSH login process can be graphed:

Graphs are produced via an intermediate scripting language which has by design strong similarity to that used by Graphviz. I’ll definatley be adding this to my toolset and seeing how it handles processing of some of the rather large data sets Ive got.

Internet Redlight districts

Barry Irwin — Tue, 08 Apr 2008 10:54:17 +0000

Taking some data gathered form various filters I’m investigating for the local schools network,a nd combining with some custom scraping tools which Blake has been assisting with Ive drawn a map of the location of some 15 000 IP addresses representing the seedy side of the Internet.

The image is rendered using the Hilbert Curve Program developed in conjunction with Nick Pilkington, as a project for VizSec 2007 last year.

Sorting IPv4 Addresses with GNU Sort

Barry Irwin — Tue, 08 Apr 2008 00:36:13 +0000

While processing some rather large lists of addresses as part of a side project, I needed to be able to sort them in a numerical order within a shell script. I had a file with lines like:

69.90.132.19
69.90.132.22
66.152.91.84
208.122.204.181
69.90.132.22
69.90.132.31
216.131.106.249
216.131.84.26
67.55.105.252
208.64.44.102

Standard sort using sort –n only sorts on the first octet, and although it’s a improvement on alphabetic sorting its not ideal. The solution comes in specifying a pile of switches to sort:

sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4

This gets it sorted in Numerical order, by octet, using a period (dot) as a separator between octets. Combining this with a –u flag gives one a nicely sorted, unique list of IP addresses. This could probably be extended to IPv6 without too much hastle.