Jacob Appelbaum (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} ioerror) wrote,@ 2005-04-18 08:42:00 |
|
Communication while in Iraq (and beyond)
Most of you are perhaps wondering how the hell I am online in Iraq. It's a good question so I'll answer.
I am using a satellite connection. I have access to a network with a 1.8 meter dish for an uplink. It's not a small dish but it's not huge either. The people providing my service are the same people that have helped me travel here so far. Lots of the traffic here is behind proxies specific to the application, ie: ftp/http/dns proxy. The network itself has traffic shaping, we have VoIP phones and other lines tied into a pbx. It's a real network with better service than most offices in the USA have as far as options go (most of it can be moved). Tyler and Jayme are super awesome for helping me get online, make phone calls and all of that.
Today I am headed out of Arbil to Sulimaniya with Jayme and two guards to learn how to install one of these 1.8 meter dishes.
In addition to the guards, I will be carrying these:
Now for network stuff.
As I was saying, lots of stuff is being man in the middled on purpose by the servers on this end, but other services are being trapped by the ground station the satellite network. DNS for example.
I have my own proxies on my laptop that allow me to bypass all this nonsense but for a normal user here's what some of the network looks like:
traceroute appelbaum.net
traceroute to appelbaum.net (64.142.98.227), 30 hops max, 38 byte packets
1 192.168.2.1 (192.168.2.1) 0.366 ms 0.142 ms 0.128 ms
2 *
Selected device eth0, address 192.168.2.179 for outgoing packets
Tracing the path to appelbaum.net (64.142.98.227) on TCP port 80, 30 hops max
1 appelbaum.net (64.142.98.227) [open] 0.252 ms 0.141 ms 0.134 ms
tcptraceroute appelbaum.net 25
Selected device eth0, address 192.168.2.179 for outgoing packets
Tracing the path to appelbaum.net (64.142.98.227) on TCP port 25, 30 hops max
1 appelbaum.net (64.142.98.227) [open] 0.240 ms 0.134 ms 0.136 ms
ping appelbaum.net
PING appelbaum.net (64.142.98.227) 56(84) bytes of data.
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=1 ttl=41 time=910 ms
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=2 ttl=41 time=829 ms
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=3 ttl=41 time=801 ms
--- appelbaum.net ping statistics ---
5 packets transmitted, 3 received, 40% packet loss, time 3999ms
rtt min/avg/max/mdev = 801.678/846.969/910.188/46.083 ms
$ dig appelbaum.net
; <<>> DiG 9.2.4rc5 <<>> appelbaum.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19563
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;appelbaum.net. IN A
;; ANSWER SECTION:
appelbaum.net. 3442 IN A 64.142.98.227
;; Query time: 12 msec
;; SERVER: 195.238.50.254#53(195.238.50.254)
;; WHEN: Mon Apr 18 08:06:38 2005
;; MSG SIZE rcvd: 47
I won't show you the network in reverse because it's not my place to post any of the satellite links addresses here. Essentially this is the important last two hops from a traceroute:
156.645 ms 156.578 ms 156.574 ms
840.696 ms 1084.341 ms 1073.037 ms
Obviously this is when we are sending data into space.
As we can see, some services that traverse the satellite connection are seriously lagged. Using a shell is nearly impossible when you type fast, I actually type faster than the connection about 99% of the time. The downlink can be 200/KBs when installing debian packages. Sometimes it's faster, with a larger dish it can be much much faster.
Anyway, today I am learning how to setup the physical hardware and the software all the way to the router. This is fine, everything else is well known to me. I haven't ever setup a 1.8 meter dish, the last dish I setup was two years ago. It was a .89 meters I believe. Satellite networking is a really awesome part of networking I have always wanted to learn more about. However, it's expensive. You can't just setup a lab in your basement. Microwave point to point links are another. Again, you can't just setup a lab in the basement. Almost none of this has any cryptography is use while transmitting, so it would be interesting to intercept, depending on where I am in the world, it might even be legal.
To inspire you to care about satellite networking I suggest you read about these two events:
Capitan midnight. He did an interesting thing and then did a really boring stupid thing.
The Falun Gong hijack Chinese state TV. These guys are fucking awesome. Ethical hacking in action.
I don't want to say the future is wireless. The present is wireless, the past has been wireless. However, there's a lot more interesting (read not unlicensed wireless networking) wireless gear I want to learn about. Having only setup a few satellite connections prior, this stuff has always fascinated me. So one might say that my future is going to be invested in serious wireless networking (again not 802.11a/b/g) options for places that need it.
Short range stuff is interesting, I love war driving. However most of the places I want to travel to in the future will require this type of technology.
Anyway, I am off to setup this VSAT link and hopefully come back in one piece to explain how it's all done.
Most of you are perhaps wondering how the hell I am online in Iraq. It's a good question so I'll answer.
I am using a satellite connection. I have access to a network with a 1.8 meter dish for an uplink. It's not a small dish but it's not huge either. The people providing my service are the same people that have helped me travel here so far. Lots of the traffic here is behind proxies specific to the application, ie: ftp/http/dns proxy. The network itself has traffic shaping, we have VoIP phones and other lines tied into a pbx. It's a real network with better service than most offices in the USA have as far as options go (most of it can be moved). Tyler and Jayme are super awesome for helping me get online, make phone calls and all of that.
Today I am headed out of Arbil to Sulimaniya with Jayme and two guards to learn how to install one of these 1.8 meter dishes.
In addition to the guards, I will be carrying these:
Now for network stuff.
As I was saying, lots of stuff is being man in the middled on purpose by the servers on this end, but other services are being trapped by the ground station the satellite network. DNS for example.
I have my own proxies on my laptop that allow me to bypass all this nonsense but for a normal user here's what some of the network looks like:
traceroute appelbaum.net
traceroute to appelbaum.net (64.142.98.227), 30 hops max, 38 byte packets
1 192.168.2.1 (192.168.2.1) 0.366 ms 0.142 ms 0.128 ms
2 *
Selected device eth0, address 192.168.2.179 for outgoing packets
Tracing the path to appelbaum.net (64.142.98.227) on TCP port 80, 30 hops max
1 appelbaum.net (64.142.98.227) [open] 0.252 ms 0.141 ms 0.134 ms
tcptraceroute appelbaum.net 25
Selected device eth0, address 192.168.2.179 for outgoing packets
Tracing the path to appelbaum.net (64.142.98.227) on TCP port 25, 30 hops max
1 appelbaum.net (64.142.98.227) [open] 0.240 ms 0.134 ms 0.136 ms
ping appelbaum.net
PING appelbaum.net (64.142.98.227) 56(84) bytes of data.
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=1 ttl=41 time=910 ms
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=2 ttl=41 time=829 ms
64 bytes from appelbaum.net (64.142.98.227): icmp_seq=3 ttl=41 time=801 ms
--- appelbaum.net ping statistics ---
5 packets transmitted, 3 received, 40% packet loss, time 3999ms
rtt min/avg/max/mdev = 801.678/846.969/910.188/46.083 ms
$ dig appelbaum.net
; <<>> DiG 9.2.4rc5 <<>> appelbaum.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19563
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;appelbaum.net. IN A
;; ANSWER SECTION:
appelbaum.net. 3442 IN A 64.142.98.227
;; Query time: 12 msec
;; SERVER: 195.238.50.254#53(195.238.50.254)
;; WHEN: Mon Apr 18 08:06:38 2005
;; MSG SIZE rcvd: 47
I won't show you the network in reverse because it's not my place to post any of the satellite links addresses here. Essentially this is the important last two hops from a traceroute:
156.645 ms 156.578 ms 156.574 ms
840.696 ms 1084.341 ms 1073.037 ms
Obviously this is when we are sending data into space.
As we can see, some services that traverse the satellite connection are seriously lagged. Using a shell is nearly impossible when you type fast, I actually type faster than the connection about 99% of the time. The downlink can be 200/KBs when installing debian packages. Sometimes it's faster, with a larger dish it can be much much faster.
Anyway, today I am learning how to setup the physical hardware and the software all the way to the router. This is fine, everything else is well known to me. I haven't ever setup a 1.8 meter dish, the last dish I setup was two years ago. It was a .89 meters I believe. Satellite networking is a really awesome part of networking I have always wanted to learn more about. However, it's expensive. You can't just setup a lab in your basement. Microwave point to point links are another. Again, you can't just setup a lab in the basement. Almost none of this has any cryptography is use while transmitting, so it would be interesting to intercept, depending on where I am in the world, it might even be legal.
To inspire you to care about satellite networking I suggest you read about these two events:
Capitan midnight. He did an interesting thing and then did a really boring stupid thing.
The Falun Gong hijack Chinese state TV. These guys are fucking awesome. Ethical hacking in action.
I don't want to say the future is wireless. The present is wireless, the past has been wireless. However, there's a lot more interesting (read not unlicensed wireless networking) wireless gear I want to learn about. Having only setup a few satellite connections prior, this stuff has always fascinated me. So one might say that my future is going to be invested in serious wireless networking (again not 802.11a/b/g) options for places that need it.
Short range stuff is interesting, I love war driving. However most of the places I want to travel to in the future will require this type of technology.
Anyway, I am off to setup this VSAT link and hopefully come back in one piece to explain how it's all done.
