Tadek’s Blog

Inspired by discussions with Ashish, here are some thoughts on tracking connections in Linux.

PROBLEM: flag TCP/UDP connections longer than XXX seconds as suspicious. (more…)

I got DNSTunelling to work. It’s a PoC code now, but it works. I managed to get ppp up and send a few packets and even SSH to the other computer! The more I think about it, the more I am convinced that the choices I made were not the bad ones.

1. The use of PPP instead of TUN/TAP – makes the application more language independent (no need for ioctls, fnctls), supports compression, authentication, etc.
2. The use of dnsjava package – maybe not the fastest one but the code is nice, understandable, doesn’t segfault and the whole thing is only 400 lines of code.
3. The use of DNS structures – CNAME, instead of IP – it is standard and allows to transmit quite a few data in the CNAME record

(more…)

I’ve again got lost in my Java and R programs that I wrote almost a month ago. I dread to think what I forgot about other stuff I wrote much earlier. THAT’S INFURIATING!

I finally decided to keep all my stuff docummented, so that I can refer to it later.

Resolution: To write a blog entry at least once a day.