Marc's Blog

Things from me about me …

by Marc

Why T.38 is not the solution

As VoIP gets more and more popular, it’s users are struggling how to deal with their existing needs for fax services. Some may just connect their fax machine to an analog telephone adapter (aka ATA) and send their fax transmissions via their ITSP. While some may experience random success with this setup, most will experience an unacceptable high failure rate. The T.38 protocol was thought to be THE solution for fax over VoIP as T.38 uses data packets instead of analog modulation but it has its share of issues as well.

So what is the problem? Continue Reading →

by Marc

SimQuadrat offers own mobile numbers and supports SMS in Roaming.

I have tested a new product by SipGate called SimQuadrat for about 4 months so far. The service was initially launched as a mobile phone service with a geographic german phone number. Recently SimQuadrat added the possibility to add a mobile number for free. The system even allows to select from a few numbers during the subscription process.

As SMS transmission didn’t work in Roaming (tested in Luxembourg), I was curious and tested SMS transmission using my new mobile number. The SMS to a LuxGSM number arrived within a minute. I retested the transmission using my geographic number on the SIM card, delivery to LuxGSM worked fine as well. Unfortunately LuxGSM can only reach SimQuadrat mobile number via SMS, the geographic number are unreachable by SMS from LuxGSM.

by Marc

Basic paranoid iptables firewall for an AMPRnet gateway

I have been asked a couple of times to provide a starting point for a firewall based on iptables for AMPRnet gateways based on Linux. I’ll try to accomplish this here.

I’m assuming your Linux gateway uses the following interfaces:

  • eth0 : connected to the Internet, has a public static IP address (this post does NOT cover AMPRnet gateways behind NAT or within DMZ)
  • eth1 : connected to your local AMPRnet LAN, has a static 44net IP address
  • tunl0 : the IPIP tunnel interface

The following script will allow to receive IPIP, RIPv2 and Management traffic. It will also allow connection to be initiated from the gateway or the LAN by employing a stateful firewall:

Continue Reading →

by Marc

HowTo setup an AMPRnet Gateway on Linux

I had to setup many AMPRnet gateways on Linux machines and I always had a hard time remembering the different steps, so I try to provide a quick start over here.

I have been using the RIP44d deamon for all my installations, so we’ll start with downloading the current version of RIP44d:

sudo wget -O /usr/local/sbin/rip44d

The file needs to be executable by root

sudo chmod 744 /usr/local/sbin/rip44d

Continue Reading →

by Marc

Recent JAVA 0-day exploit takes down online banking in Luxembourg

The online banking in Luxembourg can be combined with certificates from LuxTrust to ease the login and electronic signing of banking transactions. LuxTrust delivers the digital certificates on a SIM card to the enduser who is then required to use a specific hardware device and middleware software to use the certificates.

Most banks use a JAVA applet to reach the middleware which has now proven to be a very serious single point of failure. Mozilla and Google deactivated the JAVA plugins in their browsers on January 12th, 2013 leaving the online banking portals with no access to the LuxTrust Middleware.

ORACLE has announced a patch for the exploit but didn’t announce a release date. LuxTrust users shouldn’t expect a solution within a short time frame and they will need to revert to the proprietary login procedures applied by each bank.

The issue shows how tightly the services provided by LuxTrust and LuxTrust partners are bound towards a single piece of software. While the usage of a JAVA applet and the JAVA security features should protect the LuxTrust services, the issue also clearly shows how vulnerable the product becomes in case on element in the production chain becomes compromised.

by Marc

Changes to the TANGO Blue product

TANGO Blue is TANGO’s counterpart of the EPT LuxFibre. From the start TANGO Blue users received a public IP (compare “No public IP for EPT LuxFibre“). TANGO Blue users weren’t affected by the issues present with LuxFibre. For a while TANGO is now offering an IPTV service on the TANGO Blue access. This combination however provides the user with only a private IP, giving the TANGO Blue+IPTV users the same disadvantages. Several user reports seem to point to TANGO’s CGN, which seems to have difficulties to provide a stable bandwitdh, in some cases reports indicate a reduction of bandwitdh by ~50%. In case you have issues with your TANGO Blue product you should contact the TANGO helpdesk a.s.a.p.