Security

Actiontec UDP ports 517 and 518

Leave a comment

Responded to an odd incident tonight.

An admin noticed UDP ports 517 and 518 were reported as open on a linux system, but they knew of no services that were supposed to be attached to them:

    # nmap xx.xx.xx.xx -sU -p 500-520
    Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-28 23:20 PST
    Interesting ports on xx.xx.xx.xx:
    (The 19 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    517/udp open|filtered talk
    518/udp open|filtered ntalk

No services seemed willing to confess that they were using the ports flagged by the network scan:

    # netstat -tunap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5387/mysqld
    tcp 0 0 :::80 :::* LISTEN 5633/httpd2-prefork
    tcp 0 0 :::22 :::* LISTEN 5356/sshd
    tcp 0 0 :::443 :::* LISTEN 5633/httpd2-prefork

Monitored all traffic to the port via tcpdump, and saw no unusual UDP packets. Tried to establish communication with the listener, but it instantly closed the connections. Did a quick rootkit check and looked for signs of hidden processes, trojaned binaries, etc. on the system but it came back clean. Considered doing a signature match on the binaries themselves, but then had a hunch that a network device might be at fault.

Swapped out an Actiontec GT701-WG with a Cisco 678 and sure enough, the ports closed:

    # nmap xx.xx.xx.xx -sU -p 500-520
    Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-28 23:36 PST
    All 21 scanned ports on xx.xx.xx.xx are: closed

Might be enough to finger-print the Actiontec’s of the world (scan Quest blocks for UDP 517/518). Also might be worth isolating the device to get a better idea of how broken/exposed it is, if it turns out enough people are still using these things.

Poetry

North Beach in Winter

Leave a comment

Genny Lin has a unique way of describing life in the North Beach neighborhood of San Francisco. “Winter Place” has a kind of gritty-flashy feel to it, but I especially like the imagery at the end of her poem:

    It ain’t so bad
    the Coolies reasoned
    as they jumped ship only to
    sweat in baskets
    with pickaxes and dynamite
    twenty thousand feet in the Sierras
    like wet human laundry
Food, Security

Real Cheese

Leave a comment

It was only a matter of time before I created a food category. A small block of Taleggio Cheese finally pushed me to document a few fun food facts:

First of all, who knew that a cheese might have a union? After tasting a fine slice of Taleggio this evening I found a site called the Consorzio per la Tutela del Taleggio, which provides English information under the title “The Union of Teleggio Cheese”. According to the Union:

“The Taleggio cheese is, therefore, one of the Italian cheeses whose peculiar characteristics are protected by the European Union, and it is for that reason that milk supplying, its production and its seasoning must be effectuated in the area indicated by the Italian and community legislation.”

Second, the Taleggio moniker apparently requires a certain degree of enforcement. Perhaps if you eat enough of the stuff you might develop a taste for it like bourbon versus rye whiskey, or merlot versus pinot, etc. It thus stands to reason that if a Taleggio doesn’t achieve compliance with Union cheese laws it will not get the required stamp of approval:

“The Union was, since 1981, charged to the vigilance on production and on commerce of the Taleggio cheese, the Union marks each cheese conforming to the requisite specified in the disciplinary of production.”

Sadly, I must confess that I was uninformed as a consumer about how to validate the authenticity of my cheese until after I had eaten it. Next time I will definitely check to see whether I am about to purchase contraband Taleggio, or at least cheese with a forged seal of authenticity.

Real Taleggio

Warning: This entry was written while under the influence of Taleggio

Security

US Senate to consider Data-Breach Bill

Leave a comment

Just before the 2005 Thanksgiving holiday the Senate Judiciary Panel approved a Personal Data Privacy and Security Act, authored by Specter and Leahy. The soon-to-be-called “Specter-Leahy Act”, also known as the SLA, has some exceptionally vague language even compared to laws (already in effect) at the state level:

  • Giving individuals access to, and the opportunity to correct, any personal information held by data brokers;
  • Requiring entities that maintain personal data to establish internal policies that protect such data and vet third-parties they hire to process that data;
  • Requiring entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data;

    • In my experience the use of the word “reasonable” in California’s AB1950 law has been remarkably useful in discussions about how to comply. Unfortunately, I do not see anything comparable here that would help clarify when law enforcement should be contacted or how to measure the internal policies for effectiveness (it is easier to draw a line for “reasonable encryption”, for example, than “protective policies”). Enforcement, on the other hand, seems to be very precise:

  • Section 103 makes it a crime for a person who knows of a security breach requiring notice to individuals under Title IV of this Act to intentionally and willfully conceal the fact of, or information related to, that security breach. Punishment is either a fine under Title 18, or imprisonment of up to 5 years, or both.
  • Any person who, during and in relation to a felony violation of the computer fraud law, knowingly obtains, accesses or transmits a means of identification of another person without lawful authority, may be imprisoned for up to 2 years in addition to the punishment provided for such felony.

    • Rumor had it that a Representative from Oklahoma was lobbying to delay consideration of the bill by talking turkey, which caused some to suggest that Cole might stop the SLA from being passed. Ha, just kidding.