Updating IP Address in Dynu

Dynu is a free dynamic DNS service. As described in Microsoft Brought Down No-IP.org I have to cope with big business just pushing their own interest and not caring on small business or private customers.

I tried to update IP address for Dynu using ddclient using package ddclient. This failed. The version 2 of Dynu’s API allows to do that with curl/wget.

Steps to set it up:

1. Go to API Credentials to get your “API-key”
2. Go to API and authorize using your “API-key”
3. Run first “GET /dns” to gather your so called “id”. Alternatively, run the below curl command

The curl command to get your “id” is as follows:

curl -X GET "https://api.dynu.com/v2/dns" -H  "accept: application/json" -H  "API-Key: yyyyyyyyyy"

Output is like this:

{"statusCode":200,"domains":[{"id":12345678,"name":"eklausmeier.mywire.org","unicodeName":"eklausmeier.mywire.org","token":"aaaaaaaaa","state":"Complete","location":"office","group":"office","ipv4Address":"109.90.226.205","ipv6Address":null,"ttl":90,"ipv4":true,"ipv6":false,"ipv4WildcardAlias":false,"ipv6WildcardAlias":false,"createdOn":"2019-05-25T08:37:16","updatedOn":"2019-06-29T12:33:04.707"}]}%

Once you know your “API-key” and “id” you can set-up a simple script to run periodically. I use a Perl script which first fetches my current internet address, $remoteIP, and then updates Dynu.

open(F,"curl -sX POST \"https://api.dynu.com/v2/dns/XXXXXXXX\" "
        . "-H \"accept: application/json\" "
        . "-H \"API-Key: yyyyyyyyyyyyyyyyyyyyyyyy\" "
        . "-H \"Content-Type: application/json\" "
        . "-d \"{\\\"name\\\":\\\"eklausmeier.mywire.org\\\","
                . "\\\"group\\\":\\\"office\\\","
                . "\\\"ipv4Address\\\":\\\"${remoteIP}\\\","
                . "\\\"ttl\\\":90,\\\"ipv4\\\":true}\" |")
        || die("Cannot curl to dynu.com");
while (<F>) {
        print;
}
close(F) || die("Cannot close dynu.com");

If all goes well then output is:

{"statusCode":200}

Advertisements

Blocking Network Attackers

In Using Odroid as IP Router I wrote about using my Odroid as router and firewall. Additionally I inspect who tries to log-in to my machines using the lastb command. Sample output is below:

$ lastb
admin    ssh:notty    202.166.220.10   Mon Oct  1 09:51 - 09:51  (00:00)
admin    ssh:notty    202.166.220.10   Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    14.162.42.98     Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    14.162.42.98     Mon Oct  1 09:50 - 09:50  (00:00)
telecoma ssh:notty    197.46.98.211    Mon Oct  1 09:50 - 09:50  (00:00)
telecoma ssh:notty    197.46.98.211    Mon Oct  1 09:50 - 09:50  (00:00)
ubnt     ssh:notty    2.235.144.121    Mon Oct  1 09:50 - 09:50  (00:00)
ubnt     ssh:notty    2.235.144.121    Mon Oct  1 09:50 - 09:50  (00:00)
root     ssh:notty    78.111.43.138    Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    96.89.181.5      Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    96.89.181.5      Mon Oct  1 09:50 - 09:50  (00:00)
Admin    ssh:notty    139.5.159.74     Mon Oct  1 09:50 - 09:50  (00:00)
Admin    ssh:notty    139.5.159.74     Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    183.89.73.176    Mon Oct  1 09:50 - 09:50  (00:00)
user     ssh:notty    115.178.98.57    Mon Oct  1 09:50 - 09:50  (00:00)
user     ssh:notty    115.178.98.57    Mon Oct  1 09:50 - 09:50  (00:00)
auxiliar ssh:notty    118.221.123.81   Mon Oct  1 06:53 - 06:53  (00:00)
auxiliar ssh:notty    118.221.123.81   Mon Oct  1 06:53 - 06:53  (00:00)
debian   ssh:notty    180.76.162.111   Mon Oct  1 02:39 - 02:39  (00:00)
debian   ssh:notty    180.76.162.111   Mon Oct  1 02:39 - 02:39  (00:00)
admin    ssh:notty    123.21.175.214   Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    123.21.175.214   Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    183.157.189.232  Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    183.157.189.232  Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    181.211.61.234   Mon Oct  1 02:23 - 02:23  (00:00)
admin    ssh:notty    181.211.61.234   Mon Oct  1 02:23 - 02:23  (00:00)
user1    ssh:notty    186.149.47.141   Mon Oct  1 00:34 - 00:34  (00:00)
user1    ssh:notty    186.149.47.141   Mon Oct  1 00:34 - 00:34  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)

Furthermore I use Fail2ban. This way I gather a number of suspicious IP addresses which apparently do not have best intentions, so I better block them completely. Using

$ lastb > L
$ perl -ne 'if (/\s+(\d{1,3}\.\d{1,3}\.\d{1,3})\.\d{1,3}\s+/) { printf("-A PREROUTING -s %s.0/24 -i ethusb0 -j DROP\n",$1); }' L 

Below is my list of addresses which I block. This list is somewhat similar to the list of hosts given in Suppressing Advertisement on Web-Pages a.k.a. Ad-Blocking. Watch out if you use that many iptables rules that a low powered machine like a Raspberry Pi or Odroid will significantly diminish network performance.
Continue reading →

Towards web-based delta synchronization for cloud storage systems

Very interesting article.

Some remarkable excerpts:

To isolate performance issues to the JavaScript VM, the authors rebuilt the client side of WebRsync using the Chrome native client support and C++. It’s much faster.

Replacing MD5 with SipHash reduces computation complexity by almost 5x. As a fail-safe mechanism in case of hash collisions, WebRsync+ also uses a lightweight full content hash check. If this check fails then the sync will be re-started using MD5 chunk fingerprinting instead.

The client side of WebR2sync+ is 1700 lines of JavaScript. The server side is based on node.js (about 500 loc) and a set of C processing modules (a further 1000 loc).

the morning paper

Towards web-based delta synchronization for cloud storage systems Xiao et al., FAST’18

If you use Dropbox (or an equivalent service) to synchronise file between your Mac or PC and the cloud, then it uses an efficient delta-sync (rsync) protocol to only upload the parts of a file that have changed. If you use a web interface to synchronise the same files though, the entire file will be uploaded. This situation seems to hold across a wide range of popular services:

Given the universal presence of the web browser, why can’t we have efficient delta syncing for web clients? That’s the question Xiao et al. set out to investigate: they built an rsync implementation for the web, and found out it performed terribly. Having tried everything to improve the performance within the original rsync design parameters, then they resorted to a redesign which moved more of the heavy lifting back to…

View original post 728 more words

Using Odroid as IP Router

I purchased an Odroid-XU4 for ca. 80 EUR including power-supply and case from Pollin. The original manufacturer is hardkernel. I intended to use this small ARM computer as a router and firewall. In the past I had used routers from multiple vendors, e.g., Linksys/Cisco, TP-Link, AVM/FritzBox, Netgear, and so on. There is a rule of thumb with all these devices: Usually you have to reboot them once or twice a month, otherwise they misbehave somehow. At least three of these device went completely catatonic. Now I had enough of this, I also wanted a command line interface to the router, ideally a real Linux system with bash, cron, gcc, etc. Although I already own an Intel NUC and I am very happy with this computer, an Intel NUC is a little bit too expensive to be used as just a router.

I recommend to additionally purchase a RTC backup battery. The Odroid has a realtime clock, but loses all date and time information once powered off. This way the log of the computer is garbled.

Continue reading →

Cablesurf Channel Statistics

Cablesurf is a German internet-cable-provider. They deliver Technicolor modem and set-top boxes to the end customers.

My cable modem model is:

HW Revision       1.0            VENDOR           Technicolor
BOOT Revision     2.4.0          SW Revision      STDD.01.05
MODEL             TC7200.20      Software Version STDD.01.05
Serial Number     00997509604426		
Mta Serial Number 00997509604426

Software Build and Revision
Firmware Name         TC7200.20-DD.01.05-150924-F-1FF.bin
Firmware Build Time   11:45:59 Thu Sep 24 2015

Signal/Noise ratio for downstream is:

Channel	Lock     Modulation  Channel   Symbol   Freq  Power      SNR
        Status               ID        Rate
1       Locked   QAM256      145       6952000        4.1 dBmV   40.3 dB
2       Locked   QAM256      146       6952000        4.4 dBmV   40.4 dB
3       Locked   QAM256      147       6952000        4.8 dBmV   40.8 dB
4       Locked   QAM256      148       6952000        5.1 dBmV   40.8 dB
5       Locked   QAM256      149       6952000        5.2 dBmV   40.8 dB
6       Locked   QAM256      150       6952000        5.0 dBmV   40.8 dB
7       Locked   QAM256      151       6952000        4.7 dBmV   39.9 dB
8       Locked   QAM256      152       6952000        4.1 dBmV   40.3 dB

Signal/Noise ratio for upstream is:

Channel	Lock    Modulation   Channel   Symbol   Freq   Power
        Status               ID        Rate
1       Locked  QAM64        1         5120 Ksym/sec   45.5 dBmV
2       Locked  QAM64        2         5120 Ksym/sec   47.0 dBmV
3       Locked  QAM64        3         5120 Ksym/sec   47.0 dBmV
4       Locked  QAM64        4         5120 Ksym/sec   47.5 dBmV

I ordered 120MBit/s, but speed according T-Online speedtest is as follows:

I attribute the drop from the bought speed to peering between Telekom and Cablesurf.

Checking my Unitymedia connection with T-Online speedtest gives:

Surfing the internet with 100 MBit/s

This week I upgraded again, this time from 50 MBit/s to 100 MBit/s. My internet service provider is Unitymedia with whom I had positive experience since 2009, see Unitymedia experience. They phoned me mid of November and asked whether I would be interested in upgrading from 50 to 100, it would cost 2 euros more per month. I said yes. Here we go. I pay 35 euros per month for 100 MBit/s and a telephone flat rate within whole Germany.

Continue reading →

50.017291 8.786961

Patrick Pichette on Google Fiber

Google CFO, Patrick Pichette, on the evolution of

1. computing power
2. storage capacity
3. network bandwith

He shows the following remarkable slide on the disparity of the latter to the former. It was this disparity which apparently led Google to enter the broadband market with its own infrastructure.

This speech was held in Kansas, 2012. The full speech is in below YouTube video.

50.017291 8.786961