by Vasil Kolev

The day started with a boring lecture on BGP/MPLS, etc., which mostly said “if someone has access to your core network, can do bad stuff”. Well, duh.

In the afternoon there was a great panel with the boss of BREIN (the dutch RIAA) and two people, really fun. Especially the moment in which the BREIN guy was saying how thepiratebay was making a lot of money and someone on the mike asked “And do you know where that money is, I want some of it” – turned out that one of the TPB people is at the conference. We almost died laughing… It was really interesting, especially in the end the moderator said that all of the arguments on both sides he had described 10 years ago in his doctor thesis. It’s a bit sad…

There were a few fun problems on the network – like that someone has looped their switch that was also eating the STP packets and was flooding us with broadcast, some people had bridged the wired and wireless networks (fuck knows why, that didn’t create any problems). We also needed to replace a 99m UTP cable with fiber as it was flapping…
But the funniest discovery was that all the flow control needs to be disabled, as some of the switches when some ports overloaded started to send upstream pause frames and were fucking up their upstream link.
(and just a bit ago we fixed one problem of the co-lo center by unplugging a cable, as some machine had managed to overload their foundry switch. We left it to them to find out why – and we’re waiting for them to tell us, maybe the machine was doing bridging).

Dan Kaminsky’s lecture was great, we continued to talk afterwards, with his whisky (we drank well, I definitely need to bring him a bottle). He is saying that until the end of the year the root will be signed, and that in year or two we’ll see serious usage of DNSSEC. I told him that he’s too optimistic, he replied – when have you seen an optimistic security guy?:)

And of course, there was one really successful hack in the network – because we support DDNS update for the people on DHCP, someone registered wpad.visitors.har2009.net (WPAD is a protocol for automatic proxy configuration), after which he gave the people that connected to him himself as a proxy server and started to listen to the traffic. In short, around 800 idiots^Wpeople started using that… At some point we setup the wpad in our part of the network and I’m recording the traffic to it, to see who is trying to use it and with which client.

Recordings from the talks can be found here, I’m mirroring them at the end of each day to home.

(and a new day is starting, with a lot of fun things. I should’ve uploaded this last night, but got lazy after so much drinking)


Leave a Reply