bohnsack.com

Attendance/Participation/Homework

To obtain full credit for attendance and class participation, you must:

1. Fill out your name and email address on an attendance sheet I'll pass out half way through class.
2. Comment on this weblog entry, using the comment form.

Outline

Today's lecture will include detailed screenshots of some of the applications I talked about last time and cover:

1. Lessons about giving tech demos
2. What's WEP worth, if a potential eavesdropper has the key?
3. Empirical versus theoretical research
4. Ethereal usage
5. More on nmap
6. More on Netstumbler on Windows
7. More on Kismet on Linux
8. WiFi scanning with PDAs
9. WEP and WEP weaknesses - technical details
10. More on WEP cracking with Aircrack
11. Improvements to WEP
12. Modern high-speed interconnects
13. Accuracy in specification and proper SI usage
14. Concluding randomness / a fun idea for a summer project

Presentation materials

Presentation in PDF format (~ 1.5 MB)

Behold America's fringe, and draw your own conclusions, as Zombie gets it done with photo, audio, and video documentation of Ward Churchill speaking in the Bay Area:

• Women's Building on March 25th
• Anarchist Bookfair on March 26th
• "Academic Freedom in Peril" Forum at U.C. Berkeley on March 28

You can't make this stuff up.

Here's a picture of Monday's sunset from my backyard, looking down into and across Albuquerque to Mount Taylor in the east.

This kind of display is not atypical.

I'm starting to really geek out about RABGRAI XXXIII. Plane tickets have been purchased, and I'm ready to travel. Some resources I found this morning:

• SoundSeeing Tour Podcast (audio documentary from 1999)
• RAGBRAI message board
• RAGBRAI Book

Yesterday morning, Dr. Jordán asked to give this week's ECE540 (Advanced Networking Topics) lectures. I only had a few hours last night to prepare, but I still think today's lecture will be very informative. I was hoping to give an equal balance to demo, theory, and technical detail, but due to limited prep time, today will mostly be demos and hands on material. Thursday's lecture will cover more of the theory.

Attendance/Homework

1. Fill out the in-class attendance sheet
2. Make at least one comment to this blog entry with a question or comment about today's lecture or a suggestion for Thursday. If possible, use your real name in the comments, so I know who has commented. If you'd rather use a pseudonym, because you don't want your name on my website, send me an email message letting be know how your pseudonym maps to your real name.

Outline

I'll try to cover the following topics in today's lecture:

1. Live security audit of ECE network and bohnsack.com using the namp port scanner and other tools:
   • ECE webserver / bohnsack.com webserver
   • open services
   • firewalled services
   • OS fingerprint
   • service version detection
   • tape backup service?
   • problems with multiple services on a single box
   • How to hide/protect exposed services
   • dig
   • Network sweep (nmap -sS -O 192.168.1.0/24)
2. Reacting to port scans: IDS, blackhole routes, etc.
3. What good is WEP?
4. Live packet sniffing using Ethereal (802.11b's layer 2 not shown, but possible. Is there a difference between sniffing a WEP-encrypted link and an open link?)
5. War driving
6. Live 802.11x scanning with Netstumbler on Windows (weak)
7. Live 802.11x scanning with Kismet on Linux (much more 'leet)
8. Live WEP attack demos:
   • Airsnort
   • Aircrack
9. Alternative secure wireless architectures that don't rely on layer 2 encryption

I've recently become a giant Keith Jarrett nut (so much so, that I almost no longer wish for the Glenn Gould De-Vocalizer 2000 Jarrett Module). I really must see him perform live, but Carnegie Hall on June 22nd might be a bit of a stretch. Do I risk assuming that the trio will play more US dates next year?

Morning on the left. Evening on the right. Lunchtime not shown.

Update with current program as of 02006-10-25

Steven recently left a worthwhile comment on one of my earliest blog entries from Aug 02000.

This caused me to look at my archives and realize that the transition from MovableType to WordPress left a lot of them in a strange state with respect to line breaks and formatting. I'm just officially noting this. I'll fix things eventually, but it might take some time.

As of today, the current US National debt is $7,755,070,133,634.15. This figure can be alternatively stated as:

• $7.755 x 10^12
• Seven point eight trillion US dollars
• $26,248.59 for each of our estimated 295,684,246 citizens
• 64% of 2005's estimated 12.04 trillion dollar US GDP (and this is only March!)

Also check out the U.S. National Debt Clock.

One's first reaction is "Holy sh#t!, bring out Ross Perot", but if you analyze things carefully, you'll see that although we're in some serious debt, we're not doing all that bad, if you look at debt as a percentage of GDP. Historically, we're doing OK against this benchmark.

Here's a graph I made, after combining data from two sources. The spreadsheet I used to make the graph is also available. Click on the graph for a larger version.

I'm not apologizing for deficit spending. I don't manage my personal finances this way, and I wish our government wouldn't either. However, while I'm still rooting for a little more of Greenspan's influence on our fiscal policy, I can see that the sky is definitely not falling from a historical perspective.

A must for fans of the Muppets and/or Buddy Rich (requires QuickTime):

WTF is this? It was near 80 degrees last week. I turned my furnance off last Tuesday. It looks like I'll be turning it back on tonight.

Update Tue 02005/03/15 - The wettest winter in recorded New Mexico history continues with this freak snow storm:

Here are some photos I took of the UNM campus yesterday:

I went to the 17th Annual National Fiery Foods and Barbecue Show yesterday.

It was downtown at the ABQ convention center:

There was lots of hot sauce. I bought about $50 worth:

I ate a chocolate covered Habanero, because I am 'leet. Jerry wouldn't eat one, 'cause he's a pansy:

I finished my second midterm yesterday. Assuming I continue to take 2 classes each semester and ignoring the time needed to do my thesis, I'm around 1/8 of the way through my masters degree.

The sqeezebox2 is out...

New stuff:

Fairly elite DAC
802.11g
can work as a wireless bridge
built in FLAC support
Way better display
More on their website.

Fairly pricy at $299, but I might have to make it happen.

Anello's got this graph of the Albuquerque juniper pollen count thing going on. Nice, 'cause you can see trends vs time.

You'll note that it's started to suck fairly hard recently.

I think he's collecting the data from this page. It would be more elite if he put the captured data in an RRD, which can be used to create beauty graphs like this, but I'm not complaining. It would be nice, if the city of Albuquerque considered keeping this kind of historical data on their website.

I've had all but one juniper removed from my yard a few weeks ago and am planning on removing the last one this weekend.

I'm so covering the walls of my home office with whiteboards.

In case you don't pay attention to this kind of thing, the stock market hit a 3.5 year high today, after a surprisingly strong job creation report.

Those were the best of times, but I'm still pissed that they didn't include me in the photo that made the paper.