Over at the "Internet protocol Jornal (issue 10.4) you can find a good read on the dangers of IP spoofing. This problems is very old and very wide known. Even when I was in networking (1997-2002) this was wideley known and there was an easy cure. So I dont understand why Cisco decided to publish this now, a decade ago it would have been yesterdays news.

Everyone who ever read the TCP/IP bible (TCP/IP illustrated) knows this. All you have to configure on a router is IP UNICAST REVERSE PATH, in combination with cisco CEF. Then all packets that are routed are inspected. If the sender address (the From IP address) is in the routing table, it is checked to see if the router would route it the packet would have been send over the same interface the packet orginated from. If so, the sender is valid and the packet is routed, if not, it is proabbly a forged packet and it is dropped. That simple, one command and there is no IP spoofing anymore. In 1998 cisco released this feature I think, a decade ago!

All ISP's (at least in the Netherlands) have this kind of ingress filtering acitvated on their routers since a decade, it is impossible to spoof and route a packet in the Netherlands and most parts of the world for that matter.

I remember though that Casema (which I used as a cable modem provider between 1996-2001) didnt have this feature for some time. You could route a packet towards 1.1.1.1 with the sender address 10.255.255.255. 1.1.1.1 would give an "ICMP unreachable message" from the border routers of casema and it would be send towards the complete internal network -all systems- of Casema creating a kind of internal DoS.

But to publish this article one decade after a decade seems like rerunning old stories. 10 years is on the net a lifetime.

Back in the old days... I did some netmastering for AS1136 (now AS286). And while I am not in to routing anymore, I still like this song performed at the RIPE 55

So bye bye, folks at RIPE 55
Be persuaded to upgrade it or your network will die
IPv6 just makes me let out a sigh
But I spose we'd better give it a try
I suppose we'd better give it a try

See also the grow of the internet and a report from cisco on IPv4 and v6

Other funny quotes:
* ...and all my traceroutes showing stars
* Saw a man with whom I used to peer
* My Cisco shares completely worthless

Some time ago I blogged about the excellent Skype Blackhat presentation. Now you can read on Heise how Skype bypasses NAT and firewall, something that is rather trickey with open standards VOIP protocols.

How Skype get round firewalls

But anyone who has used the popular internet telephony software Skype knows that it works as smoothly behind a NAT firewall as it does if the PC is connected directly to the internet. The reason for this is that the inventors of Skype and similar software have come up with a solution.

Since my girlfriend and I are expecting another baby due around 20 November, Brecht will move from here current babyroom to the room that was used by me. So all my computers had to move as well. Last weekend we redid the wooden floor again (oiling), this weekend I moved my computers to the second floor. I rewired the PSNT/ADSL, moved my computers (closed the current case of Willt, this website since it had one harddisk outside), did the switches, the wireless etc. Then I booted and sure enought Linux was comming up fine. And even the ADSL worked, like a charm. Or so it seems.

The connection was very very slow. I open standard some 20 sites in firefox on my laptop and they loaded like when I had PSTN or even worse casema cable in the late 90ies. Showing Pat and mat videos to my doughter (buurman en buurman for the Dutch) from youtube, I found out that the loading took longer then the display time, not normal for the quality connection I have to XS4ALL. Doing some speedtest I saw that my download speed dropped from the normal 4Mb to 200Kb while my upstream capacity stayed at 600Mb (no torrents in the background).

And even worse, when I was doing a huge test download, the ADSL connection dropped after 10 seconds I had a link, so I had to shut the interface on my Linux box or my ADSL modem just to have 10 seconds of slow internet connection. Try to troubleshoot your connection without having a one!

Since I did some netmastering back in the 90-ies, I knew I was going to solve this one. The first thing I saw was that not the ADSL connection was dropping but the ethernet from my Linux box to my ADSL router. So it was local and should be easy to solve. Somehow, the link on my eth1 going to my modem was 10Mb full duplex auto negotiate. Now autonegotiate is bad and if you know the wirespeed on both sides, never use it!

So once I did a

and the line was stable and fast again! I dont know how the wrong speed was changed. But I am sure glad to be online again. And I might have solved some other problems my website has as well. I'll keep you posted.

Best Howto make a crossover ethernet cable I have seen...