technology – Page 24

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall

[this post has been partially damaged during a server failure on 11 July 2004; with the exception of the images, it was recovered on 13 October 2018]

Paul has been stuck with a problem of late – he’s now living in university accomodation, and he’s found that he can’t connect through the university firewall to his external mail server. I advised him that it’s possible to set up an ‘SSH Tunnel’ (through central.aber.ac.uk) to fix this problem, but he hasn’t met with much success (see his blog entry for more details). In any case, here’s my investigation (and solution) to the problem.

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall
In my example, I’m going to try the opposite to what Paul is trying to achieve. I’m going to try to allow my POP3 e-mail client to get access to the university e-mail server (pophost.aber.ac.uk). As things stand, this server is on the other side of the university firewall, and is inaccessible from outside. The server central.aber.ac.uk, however, is accessible from both sides of the firewall. So what I’ve got is this (yes, I know that this is a gross oversimplification):

As you can see, connecting from my home PC is futile:

C:\Documents and Settings\Dan>telnet pophost.aber.ac.uk 110 Connecting To pophost.aber.ac.uk...Could not open connection to the host, on por t 110: Connect failed

But if I SSH-in to central.aber.ac.uk…

central:~ $ telnet pophost.aber.ac.uk 110 Trying 144.124.16.40... Connected to pophost.aber.ac.uk. Escape character is '^]'. +OK mailsplit Oct 2000 ready

So, what I need to do is to tell my SSH client to connect to central.aber.ac.uk, and forward specific traffic through the firewall to the mail server. Here’s what I needed to know:

(a) A free TCP port number on my own computer from which I can virtually ‘pipe’ the connection. Most numbers over 1024 are fine. I chose ‘9110’.
(b) The name of the mail server – ‘pophost.aber.ac.uk’.
(c) The TCP port to which I wanted to connect – the standard port for a POP3 mail server is ‘110’.
(d) My user name on a server which: (1) I can connect to; (2) can connect to the server specified in (b). It happens to be ‘dlh9’.
(e) The name of the server specified in (d) (i.e. ‘central.aber.ac.uk’).
(f) My password on the server. Like I’m going to tell you that.

The syntax is:

ssh -L (a):(b):(c) (d)@(e)

I’m using the non-commercial version of SSH Secure Shell Client, so here’s what happens:

C:\Documents and Settings\Dan>"\Program Files\SSH Secure Shell\ssh2.exe" -L 9110 :pophost.aber.ac.uk:110 dlh9@central.aber.ac.uk dlh9's password: Authentication successful.

At this point, I’m ready to go. Look what happens when I connect to port 9110 on my own computer, now…

C:\Documents and Settings\Dan>telnet localhost 9110 +OK mailsplit Oct 2000 ready

I could simply point my e-mail program at the ‘mail server’ at localhost:9110, and I’d be able to collect my university e-mail (so long as my SSH connection remained open).

Hopefully this guide will help some folks out there who are struggling with this kind of thing, and in particular, help Paul.

My Very First Operating System

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[more of this post was recovered on 13 October 2018]

I’ve just written my very first Operating System! And I’m putting it here, online, so that you can give it a go if you like. And no, you don’t need to install it – just put it on a floppy disk and try it from there (no, you can’t boot it from a CD yet)!

Don’t expect too much. There’s no user interface (not even a command line). All it is is a bootloader and a kernel that ‘displays pretty squares’ (I stole the ‘pretty squares’ code from somebody else – my Assesmbly needs some work!).

Hardware Requirements
386SX/25MHz or faster processessor
520K or better memory
Floppy disk drive

Instructions For Use
1. Download the floppy disk image file [34K]
2. Download and install WinImage 6.1 (this program lets you write floppy disk image files to floppy disks).
3. Open the image file in WinImage, insert a floppy disk, and select “Format And Write Floppy Disk” from the “Disk” menu. The Operating System will be written to the floppy disk.
4. To run it, you need to reboot your computer with the floppy disk in the drive. If this doesn’t …

I AM Scared Of Bootloaders

I’ve spent the evening looking at bootloader source code (small programs, crucial to every Operating System, which do the first fundamental steps towards loading the kernel, the ‘core’ of the OS). Just to show you quite how scary this stuff is, here’s a snippet of code to “stop the floppy drive motor from spinning”:

mov dx,3F2h mov al,0 out dx,al

Remember Microsoft vs. Netscape?

Then you’re old enough to appreciate this: OSNews is running an article about the upcoming fight between Google and Microsoft. Where the Netscape/Microsoft battle involved web browsers, the weapons of the Google/Microsoft battle will be search engines and e-mail services.

If you’re confused as to how companies can be fighting by trying to increase the market share of their free product, read the article.

EU To Use Quantum Crypto-Key Passing To Beat ECHELON

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further parts of this post were recovered on 13 October 2018]

Now here’s an interesting article [security.itworld.com]. It seems that the European Union is investing €11 million over four years into developing a secure communication system based on quantum cryptography.

For those of you not in the know, quantum cryptography (for passing crypto keys) works like this:

Quantum Cryptography For Dummies

Alice wants to send Bob secret message, confessing her undying love, but doesn’t want anybody else to know how she feels.
She fires some photons out of a special tube, so that some of them spin in different directions.
Numbers are assigned to the different directions of spin, and she multiplies these together – along with a few prime numbers, for good measure – to get a Really Big Number.
Then, Alice does some clever sums on the letters in her love letter, using the Really Big Number.
Alice posts the first line of the new love letter to Bob (the line that says “Dear Bob,”). This is known as the ‘message header’. If Bob sends a message back saying that he got this, Alice will send the rest of…

Half-Life 2 To Be Released As Twin-Pack

Yay! Take a look at this piccy (especially you, Paul).

Common OS Myths Debunked

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

In this era of pro-Linux and pro-Windows hoo-hah, it’s good to see an article who’s writer really has his head screwed on: Common OS Myths Debunked is a wonderful piece; go read it.

Linux is not the answer!

Windows is not the answer either!

Don’t even get me started on MacOS…

Operating…

New XML-Based Markup Language: MRML

Take a look at this, fellow geeks.

Everything You Ever Wanted To Know About The ID Card But Were Afraid To Ask

The Register are running an article about the new UK ID card, and what it all means. They’re always a great source of information on such things, if slightly cynical… and this document is no exception. Go read it. Then throw rocks at Mr. Blunkett. <grin>

All Questions Answered

Have you seen AQA (All Questions Answered), a new online/SMS service? The idea is that you text message a question to 63336 (only on O₂, Vodafone, and Orange, right now: costs £1) and their server uses a clever combination of intelligent algorithms, data mining, and human researchers to provide you with an answer.

They’re working on the policy of ‘All Questions Answered’. It could make the Scholars pub quiz a little easier. =o)

Killer Cyberloo Kidnaps Kiddie

As The Register reports, a Plymouth child was kidnapped on Saturday by a public convenience. Go read the story.

A Demonstration Of The Next Generation Of ‘Phishing’ Attacks

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further content was recovered on 13 October 2018]

If you’ve been on the internet for any length of time at all, you’ll probably have come across the concept of a phishing [wikipedia] attack, or even been the target of one. The idea is that Joe Naughty sends you an e-mail, pretending to be your bank, credit card company, or whatever, and when you click the link in the e-mail it takes you to your bank’s web site. Or that’s what you think, anyway. Actually, you’re at Joe Naughty’s web site, and it just looks like your bank’s web site. And so he tries to trick you into giving him your bank details, so he can rob you blind.

I was recently the target of such an attack (one related to the CitiBank browser-bar scam [bbc news]). In this particular attack, the fake site tries to trick you into thinking it is the real site by making your Internet Explorer address bar ‘disappear’, and then replaces it with a picture of an Internet Explorer browser bar saying that you’re on the real site.

I decided that this was a particularly crude hack, and that I could do better. And …

Chicken-Heated Atomic Weapons, And Quake [TM] For Those Who Miss Text-Based Adventures

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further fragments were recovered on 13 October 2018]

Two fantastic bits of funny news for you this April Fool’s morning:

1. A seven-ton atomic landmine, designed to prevent Soviet advance through West Germany, would have been kept warm while underground by being filled with live chickens (with enough food to keep them alive for a week). This (not an April Fool’s – really!) report brought to you by the BBC. Weird.

2. Do you remember a couple of years ago when somebody wrote ttyQuake, a front-end for iD‘s groundbreaking game, Quake, which replaced the graphics with live-generated ASCII-art [screenshot]? Well; somebody’s gone one step further: IF Quake. IF Quake is an Inform program that acts an an interface between your Z-Machine Interpreter and the Quake data files. What does this mean? It means that it’s a text-based-adventure version of Quake. So instead of wiggling your mouse and…

All We Need Is A Microsoft-Hating US Judge And…

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further fragments of this post were recovered on 12 October 2018]

First, some info for the non-geeks out there, so you can truly appreciate the irony in what’s to come:

Lindows – manufacturer of a distrubution of Linux which is designed to be easy to migrate to for former Windows users – have been in court with Microsoft in the US for some time, who claim that their name infringes upon their trademarked name, Windows. The courts haven’t been friendly to Microsoft extending their tentacles in this way so far, and so Microsoft have mostly been trying to buy time, stalling proceedings, while they bring the case to courts internationally. The Netherlands, Belgium, and Luxumberg have already caved-in and declared Lindows illegal (interestingly, it’s now being marketed in these countries as Lin—-, pronounced Lindash, which Microsoft also claim they own).

Okay, now you non-geeks are up-to-speed:

Just announced – Lindows are taking …

PHP 5 RC1

Terribly geeky I know, but I find it awfully exciting: PHP 5 Release Candidate 1 was released today. PHP 5 can now be considered feature-complete, and mostly stable. If only the program I’m writing with it could be considered the same…