taint.org: Justin Mason’s Weblog

I’ve just spent a rather frustrating morning attempting to debug major performance problems with my home wireless network; one of my machines couldn’t associate with the AP at all anymore, and the laptop (which was upstairs in the home office, for a change) was getting horrific, sub-dialup speeds.

I did lots of moving of Linksys APs and tweaking of “txpower” settings, without much in the way of results. Cue tearing hair out etc.

Eventually, I logged into the OpenWRT AP over SSH, ran iftop to see what clients were using the wifi, and saw that right at the top, chewing up all the available bandwidth, was a multicast group called 224.0.0.56. The culprit! There was nothing wrong with the wifi setup after all — the problem was massive bandwidth consumption, crowding out all other traffic.

You see, “pulseaudio”, the new Linux sound server, has a very nifty feature — streaming of music to any number of listeners, over RTP. This is great. What’s not so great is that this seems to have magically turned itself on, and was broadcasting UDP traffic over multicast on my wifi network, which didn’t have enough bandwidth to host it.

Here’s how to turn this off without killing “pulseaudio”. Start “paman”, the PulseAudio Manager, and open the “Devices” tab:

(click on the image to view separately, if it’s partly obscured.)

Select the “RTP Monitor Stream” in the “Sources” list, and open “Properties”:

Hit the “Kill” button, and your network is back to normal. Phew.

Another (quicker) way to do this, is using the command-line “pacmd” tool:

echo kill-source-output 0 | pacmd

It’s a mystery where this is coming from, btw. Here’s what “paman” says it came from:

But I don’t seem to have an active ‘module-rtp-send’ line in my configuration:

: jm 98...; grep module-rtp-send /etc/pulse/* /home/jm/.pulse*
/etc/pulse/default.pa:#load-module module-rtp-send source=rtp.monitor

Curious. And irritating.

Tags: multicast, pulseaudio, rtp, wifi, wtf

Over the weekend, this really hit the Irish blogosphere — several Irish guys have apparently figured out the algorithm used by Eircom to generate WEP keys.

I blogged that page in the link-blog this morning, but it’s worth writing about a little more. WEP is apparently easy to crack nowadays, so in a way all those wifi users were insecure anyway — but this is interesting as a case study of how not to write a key generator:

• Compiled code != secret: the first mistake Eircom made was to generate the WEP key entirely from a little “secret” text, some “secret” shuffles, and the serial number of the hardware. There should always be some randomness in there. Compiled code running on a user’s desktop, is not secret.

• Don’t share secrets: Secondly, it’s a good demo of why you don’t generate two separate key values from the same source data. In this case, both the WEP key and the SSID are generated from the Netopia router’s serial number — and sufficient bits are accidentally exposed in the SSID to enable computation of the WEP key. (This is kind of moot in many cases, since the serial number is also exposed in the MAC address, in even more detail.)

As far as I can tell — although it’s not quite clear who did what — that guy Kevin Devine did a pretty great job of reversing this code. Nice one.

I’m impressed that there’s now an app which detects the static tables (S-boxes, constants etc.) used in crypto algorithms — that idea seems very clever in retrospect, hadn’t occurred to me.

Here’s a boards.ie thread where this exploit was discussed; there are plenty more details there, if you’re curious. It seems this has been quietly floating around back-channels since the start of September.

(By the way, am I missing something, or did Eircom ship unstripped binaries for the key generator library? I could swear that when I looked at the Boards thread earlier today, there was a cut-and-paste from IDA Pro listing a function prototype. Oh dear; if so, add that to the ‘case study’ list above. ;)

It seems Eircom are now recommending all customers switch to WPA — good luck with that, since it’ll break all those Nintendo DSes. That won’t be popular!

Tags: eircom, ireland, reverse-engineering, security, wep, wifi, wpa

Life: I’m moving house — I’ve just filled about 20 boxes, now to get moving them! Sadly, there’s no wifi in range of my new house, so the upshot is I may be offline for a few days. Boo.

Tags: boo, house, life, offline, range, upshot, wifi

Tech: I should note this here just in case anyone finds it useful. A handy tip for anyone visiting Caesar’s Palace; their ‘Business Center’ doesn’t have wifi yet, but (cough) one of their neighbours certainly does ;)

Tags: anyone, business, caesar, case, center, cough, palace, tech, tip, wifi

thanks to blogs, wifi and the web, bullshitting a keynote at a conference isn’t quite as easy to pull off as it used to be! From Dan Gillmor’s keynote at Supernova, via BoingBoing:

At PCForum, Joe Nacchio, the CEO of Qwest was on-stage, doing a Q and A. Joe was whining about how hard it is to run a phone company these days. Dan (Gillmor) blogged, “Joe’s whining.” A few moments later, he got an email from someone who wasn’t at the conference, someone in Florida, with a link to a page that showed that Joe took $300MM out of the company and has another $4MM to go — gutting the company as he goes.

Esther Dyson described this as the turning point. The mood turned ugly. The room was full of people reading the blog and everyone stopped being willing to cut Joe any slack.

Tags: boingboing, ceo, company, conference, keynote, pcforum, someone, supernova, web, wifi