Blog 2002

As you all know I'm going to japan this morning. I will be there for over two weeks. I plan to take at least 200 pictures daily. I will be trying my best to upload them every day.

Due to the large volume oh photos i will be uploading ... i set up a whole seperate site just for them.

Along with my photos I will be posting in the forums.

I want to wish you all a happy new year and thank you for pitching in to buy our own server. It's good to have this site be self sufficient.

=]

-eek

I will be taking a plethora of photos while I'm in Japan. I will be posting them all here for you all to see. I hope everyone has a great new year!

See you next year!

One of the main reasons I am going to Japan is to enjoy the most wonderful food on the planet. Japanese food is the finest, most delicate and delicious sustanance ever concocted. It combines all my favorite things and creates things you would never even consider eating if it weren't there in front of you.

Here is a photo journey into what i will be eating:

so don't sleep.... here is what i have for sale:

[IBM Thinkpad $5.00

Neon Genesis Evangelion 0:2 $10.00

Neon Genesis Evangelion 0:1 $10.00

Tupak Shakur: Before I Wake $10.00

Queen of the Damned $10.00

The Opportunists $10.00

Strange Days $10.00

Fritz the Cat $10.00

The Replacement Killers $10.00

Xetex Geiger Counter $20.00

Symbol Wireless Barcode Scanner PDA $40.00

IBM Hub 3299-2 NPFA Type II $5.00

Orckit DSL modem

Fluke 80T-IR Infrared Temperature Probe $40.00

2.4ghz antenna ceiling mount s2403bh $20.00

Rave MP3 Player $8.50

AT&T Cable modem $20.00

Ricochet USB Modem $5.00

Conar Model 202 Frequency Counter

Alinco DJ-S41 $31.00

Ezonics EZ Cam Digital Camera/Webcam USB $20.00

Aceco Frequency Counter $10.50

ICOM IC-Q7A $79.01

AOR AR8200MKII w/computer interface and more $113.50

Fujitsu 10GB Laptop HD $10.00](http://cgi6.ebay.com/ws/eBayISAPI.dll?ViewSellersOtherItems&userid=eecue&include=0&since=-1&sort=3&rows=25)

so place your bids!

I have released the latest version of slacker ... slacker version 1.4.1

it has many bug fixes and enhancments.

I wrote an article a few months ago about using freebsd and ipfilter to do transparent bridging in combination with ipfw. This article goes into further detail about monitoring the firewall.

In my previous article I talked about zeebeede. I've decided against using at as I found that net-snmp now allows for the daemon to bind to tcp instead of udp. This makes it easy to set up an ssh tunnel which will give us a secure means of transfering the snmp queries over the wire...

As you can see by my article from Friday, I went to New Mexico to visit my mom. I drove by myself, I left on Saturday at about 11am and drove on the new part of the 210 that connects to the 15 and then to the 40....

Early Saturday morning I will be driving out to new mexico (12 hour drive) to see my wonderful mother! She just moved in to her new condo in Albuquerque! It will be great. I went to High School in new mexico and I really miss it. They have the best green chile in the world there!

I'll take lots of pictures so you all can see pics of the Land of Enchantment.

I have selling a bunch of my stuff that I don't really need anymore. Check out all auctions and bid on them if you see anything interesting!

=]

thanks!!!!

osaka (i'll be there for three days (new years eve day, new years day and the next day)

then on to a suburb of kyoto where i will stay with bree for a week in her place there. that will be the best part of my vacation and actually the whole point of my visit really.

then on to tokyo where i will stay for the final week of my trip. i plan on buying a nice older laptop (maybe 3 years old) as well as a smart card writer (usb) and maybe a little music playing device of some sort,

i plan on bringing $1000 for food, $1000 for lodging and $1000 for toys.

ok I have a new office in El Segundo... Today I just got a plant! yay... it's really nice...I love plants! Check here for the picture section on junglescene.com. Or....

The self contained, easy to set up Cobalt RAQ server appliance now maintained by Sun Microsystems is vulnerable to a remote root exploit which ironically affects the SHP (security hardening package). Grazer released the advisory along with an exploit on i-security.nl. A patch for the problem is available for download.

The feds have some crazy idea in their minds that making a gigantic database of everyones information is a good idea. It's not. The feds can't even secure there own computers let alone a system with everybody's info on it... did i mention a convicted felon will be heading this project?

now i just need to get my passport!!!! i will be paying extra for the rush version!

So after working 19 days straight and having a really lame weekend I finally got my R&R on!

It all started Friday night. I was hanging out at ezw's apartment and Jason Game rolled through talking about a party up in the hollywood hills. When I heard that I was like... forget free thinking... I'm going up to the hills. So we jumped in my car around 11 and drove up into the hills.

After about 2 miles driving up that one curvy ass road we came to the house. It had the most amazing view I have ever seen at a house. It was even better than the high-tech mansion was! The whole front of the house was glass from floor to ceiling.

The night was so clear you could see all the way to signal hill in long beach. There was all the beer you could drink and a fill wet bar (ok pretty full). and some nice melodic dnb was playing... the only problem is that we were the only ones there at 11pm.

After a little while a few more carloads of guys showed up until there were 2 girls (on had left) and about 20 guys.

At this point I told jason i thought i was gonna take off... unless 5 carloads of girls showed up. As I sat there I kid you not, girls kept coming down the stairs until the ratio was even at about 12:30...

The ratio got even better as guys started leaving after about 2am... but there was still booze flowing and i was in my element... i walked around and met every single woman that was at the party...

i recognized them but didn't know where from... then i heard sombody mention it was like club bang in here and it all clicked....

The head graphic designer for House of Blues, Martin Gee is laying out the groundwork for a Street Fighter Mod based on a drum'n'bass community that i do the programming/design/hosting for.

he put me in there using a picture he took of me when my flash popped... the lens flare is not faked. check it out...

When I first moved to Santa Fe, New Mexico in 1992 my dad worked for Los Alamos National Labratory in the ADP-4 dept coding old mainframes. He told me about, then took me to the most wonderful place I'd ever been...

I instantly fell in love as I am an avid junk collector. The black hole is an old supermarket, it's parking lot and the church next door along with it's parking lot (plus a house or tow a few miles away... which we once found a nice little disk (about 1 or 2 grams of weapons grade uranium! ) all filled up with piles of Lab suprlus.

See every first friday (or some day it's been a while) the Lab does somthing it calls salvage. Salvage is a silent auction where everybody gets a chance to inspect pallets of wonderful junk the lab no longer feels it needs. You can get anything from a pile of bolts to boxes of laser tubes. All for pennies on the thousands if not millions.

link to the package

NetBIOS Auditing Tool Release

As of February 16th Secure Networks Inc. has released a free (GPL`d) 


NetBIOS auditing tool for use both on WindowsNT and UNIX platforms. 


The tool itself is designed to test NetBIOS file-sharing configurations as 


well as Password integrity of remote stations. 


The toolset is available via the following channels: 


ftp://ftp.secnet.com/pub/tools/nat10/nat10bin.zip (For NT and Win 95 binaries) 


ftp://ftp.secnet.com/pub/tools/nat10/nat10.tgz (For full source) 


http://www.secnet.com/ntinfo/ntaudit.html A technical description of how the NetBIOS auditing tool works follows. 


The NetBIOS Auditing Tool (NAT) is designed to explore the NETBIOS file-sharing 


services offered by the target system. It implements a stepwise approach to 


gather information and attempt to obtain file system-level access as though 


it were a legitimate local client. 


The major steps are as follows: 


A UDP status query is sent to the target, which usually elicits a reply 


containing the Netbios "computer name". This is needed to establish a session. 


The reply also can contain other information such as the workgroup and account 


names of the machine`s users. This part of the program needs root privilege to 


listen for replies on UDP port 137, since the reply is usually sent back to UDP 


port 137 even if the original query came from some different port. 


TCP connections are made to the target`s Netbios port [139], and session 


requests using the derived computer name are sent across. Various guesses at 


the computer name are also used, in case the status query failed or returned 


incomplete information. If all such attempts to establish a session fail, 


the host is assumed invulnerable to NETBIOS attacks even if TCP port 139 was 


reachable. 


Provided a connection is established Netbios "protocol levels" are now 


negotiated across the new connection. This establishes various modes and 


capabilities the client and server can use with each other, such as password 


encryption and if the server uses user-level or share-level Security. The 


usable protocol level is deliberately limited to LANMAN version 2 in this 


case, since that protocol is somewhat simpler and uses a smaller password 


keyspace than NT. 


If the server requires further session setup to establish credentials, various 


defaults are attempted. Completely blank usernames and passwords are often 


allowed to set up "guest" connections to a server; if this fails then guesses 


are tried using fairly standard account names such as ADMINISTRATOR, and some 


of the names returned from the status query. Extensive username/password 


checking is NOT done at this point, since the aim is just to get the session 


established, but it should be noted that if this phase is reached at all MANY 


more guesses can be attempted and likely without the owner of the target 


being immediately aware of it. 


Once the session is fully set up, transactions are performed to collect more 


information about the server including any file system "shares" it offers. 


Attempts are then made to connect to all listed file system shares and some 


potentially unlisted ones. If the server requires passwords for the shares, 


defaults are attempted as described above for session setup. Any successful 


connections are then explored for writeability and some well-known file-naming 


problems [the ".." class of bugs]. 


If a NETBIOS session can be established at all via TCP port 139, the target is 


declared "vulnerable" with the remaining question being to what extent. 


Information is collected under the appropriate vulnerability at most of 


these steps, since any point along the way be blocked by the Security 


configurations of the target. Most Microsoft-OS based servers and Unix SAMBA 


will yield computer names and share lists, but not allow actual file-sharing 


connections without a valid username and/or password. A remote connection to 


a share is therefore a possibly serious Security problem, and a connection 


that allows WRITING to the share almost certainly so. Printer and other 


"device" services offered by the server are currently ignored. 


For more information about NAT see: 


http://www.secnet.com/ntinfo/ntaudit.html - Oliver Friedrichs 




---


Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211 

yay that was fun!

check it out here

i wonder how long before it's in the tree?

Ok so i hacked up nat so that it would compile on jaguar (os x 10.2) and i have it available for download here

i want to add it to the fink tree but i'm not sure where to start... the online docs didn't help me during the 10 mintues i looked at them... for now you can grab it off my site here. but

somday i'll figure out the right way to put it in fink...

check out one of the dopest UK garage groups the streets. i really like their music. you can get more info about the show on my 2step website. there is also an after party. hope to see you there!

I just found a great new browswer based on mozilla but much more streamlined for OS X.... i'm posting this with it right now and it is wonderful!

tonight at the knitting factory... mad mixer... looks pretty cool... it's for web designers to meet each other. i think i will go and check it... flyer inside:::

i am ready to release the next version of slacker. it's been a bit since the last release, but this one is really an improvment. it now fully works with no tweaking. i have also written shell scripts that deliver what the project had originally intended. full automation of adding users to apache, system, ftpchroot, dns, mail, and it even copies over the slacker skeletons...

'Calling spam "the scourge of the Information Age," Attorney General Bill Lockyer said PW Marketing sent millions of illegal, unsolicited e-mails that advertised books, software and lists of e-mail addresses as a way to make money.'

we need a monday night club... tonight i have nothing to do but:

a. laundry

b. clean

c. program

this is LA's only 2-step club. It rocks and I go every week (I've been too busy the last two weeks though). See everyone there tonight! .. check inside for pictures:

it was pretty easy to do the code is contained in the article:

"A one night parade of sweat and adrenaline pitting viewer against viewer in brutal virtual cockfighting theatre. Audience volunteers will don custom-made wireless game controllers with full sized wings and feathered helmets. Combatants will step into an arena to control their life size game avatars through vigorous flapping and pecking, competing for blood and birdfeed while rapaciously inflicting onscreen bodily harm. Cockfight Arena is free and open to the public. Gambling and smoking will be permitted. No animals or humans were injured in the production of this event."

I am so there!

see everyone there! it's gonna be rockin! here is a link for some more info.

PROGRESSION SESSIONS TOUR:

art show this Saturday, September 21 7-11 PM

@ the PRODUCE DEPT.

2323 East Olympic Blvd. #7

Los Angeles, CA 90021

this is gonna be really cool... i'll be there.

213 - 629 - 1668

after setting up my secure snmp network i needed something to parse the data with. MRTG is too basic so i opted for rrg. I used the software package called cacti. It's very nice.

i've been working on setting up a system of bridging ip-less packt filters with ipfilter (for logging, filtering, accounting, proxying, NAT) and ipfw (for bandwidth limiting). I also wanted to set up a private mointoring network with a thrid NIC in each box. Even though this link was privat I still wanted to keep everything on the wire encrypted.

this section will replace my journal. enjoy the site. my old journal can be found here more inside...