Internet traffic

Share

I estimate (badly, I might add) that I currently use about 200gb of Internet traffic on my DSL link a month. If I’m going to move back to Australia sometime, that’s going to become a killer. Unfortunately, because my ISP doesn’t bill for traffic here in the US, they don’t appear to track my use at all. I think it might be time for me to do some tracking myself.

So, one of life’s little questions. Do I use pcap to snarf traffic on the DSL, or use iptable’s conntrack stuff in /proc? Just one more thing to ponder.

Share

The witty worm with Vern Paxson

Share

I’m sitting in a tech talk from Vern Paxson about the witty worm, and he’s just described how they could determine the state of the random number generator on infected machines when it sent probes to possible victims. Which gives you the uptime of the infected host, and they can see the distance between random numbers in the sequence, which means they can calculate the speed of the network link of infected machines, because they know the time distance between repeated probe attempts and how many packets were sent in between.

They can also determine the number of disks plugged into the infected machine, because a bug in the worm only re-seeded the random number generator when it trashed a disk block on the machine. It can only do that if that randomly selected disk exists.

The talk is being taped, so other people will be able to see it in a week or two.

Very cool.

Share

Domain name lookup helper for python?

Share

Hi. I have a list of the domain portion of URLs which looks a bit like this:

Whois lookup for fycnds.digitalpoimt.com
Whois lookup for wvgpzdea.digitalpoimt.com
Whois lookup for zhnsht.digitalpoimt.com
Whois lookup for frigo25.php5.cz
Whois lookup for handrovina.php5.cz
Whois lookup for blabota.php5.cz
Whois lookup for pctuzing.php5.cz
Whois lookup for viagraviagra.php5.cz
Whois lookup for poiu.php5.cz
Whois lookup for flasa.php5.cz
Whois lookup for yoy4.digitalpoimt.com
Whois lookup for hskly.digitalpoimt.com
Whois lookup for 2i0wjwbc.digitalpoimt.com
Whois lookup for harnhjc.digitalpoimt.com
Whois lookup for gqru.digitalpoimt.com

I need some code which determines which portion of these hostnames is a whois-able domain name. My problem is this doesn’t seem all that simple to do — some countries have a second layer of TLDs, and some do not.

Does anyone know of a python library, or failing that simple algorithm, which will do this for me?

(For those left wondering, I am trying to do some analysis of the spam I get on this blog, and for that I want to know if the whois information for a domain that left a suspect comment indicates anything suspicious.)

Share

Why does every man and his dog put man pages online?

Share

So, I know that I have a few man pages online, but then again I wrote either the code they document, or some of the generation toolchain to create them, so I think that is different. Why does every man and his dog feel that he should put man pages online? It actually makes it really hard to search for things if the first page of Google results are the same man page over and over again from sites who seem to think that they’re making a contribution to the community.

Are they just doing this to grab some pagerank?

Share

Sensis Australian search

Share

With Sensis obviously spending the entire national debt of most third world nations on advertising their “search engine for Australians”, I got curious as to what they return for queries about me, given that I am an Australian, living in Australia. It seemed relevant as well because of recent discussions about the Pandora archive here. They did return results, but none for the “results about Australia column”. So, let’s try some other queries:

A search for G’Day world (an Australian podcast) returned a bunch of Australian blog entries, all from sites ending in .au (so, ironically not the G’Day world site itself). A search for Linux Australia seemed to do the right thing, but their domain is an .org.au.

I checked my traffic logs. A user agent claiming to be from Sensis hasn’t crawled my site this week, and I have no entries for them in the referrer logs either.

So, I surmise from this that Sensis is reselling someone else’s results, and doing the equivalent of a site:.au at the end of the query to get the Australian column, which seems like the most ham fisted way possible to return that kind of result set? So, apart from propping up advertising providers, Sensis doesn’t appear to have much to contribute to the search space.

Share