November 23, 2008
Posted by on
On the village-telco mailinglist there were a lead about these Accton wlan mesh routers. The routers are not new, FON uses them extensively, but I decided to try them out. I ordered three of them from the open-mesh website and got them a week later. My first impression was: “Damn, so small!!”.
They came in a brown box each, no manual, just a power supply and a strange flat Ethernet cable. It was really just to plug them into an Internet connection and do all of the configuration on www.open-mesh.com‘s Dashboard. Here you can edit the two SSIDs, one open and one private. On the open SSID you can configure a splash (welcome) page and if you want to use user authentication. You can choose from four commercial or if you have your own RADIUS server. I would believe FON would be one of these, but was not there. Probably you gotta flash the router with FON software, but that is probably a one-way road since FON has closed the SSH access.
The units were up and running from the box, I only had to type in the 5.x.x.x IP or MAC address to add the nodes to my network. I thought of what would happen with these unit if Open-Mesh put down their business, but was really relaxed reading their roadmap: Open Source management. Open-Mesh.com is supporting open-source mesh management solutions. We are contributing to a project being done at UNC Chapel Hill (http://orangemesh.sourceforge.net) to create a truly open-source management server for RO.B.IN mesh networks. It will automatically migrate your open-mesh networks to your own server without needing to re-enter data. We will re-integrate with that solution when it is complete and release our server as open-source as well (as one combined project). So stay tuned, these projects are both expanding and merging and will be completely open source.
I plugged a pc into the LAN port on one of the units directly linked to the one with Internet access. First I just managed to get 390/90 Kbit throughput, but realizing it was set a bandwidth limitations on it through the Dashboard. I set this to “0”, disablign it, and I was able to make up to 4Mbit throughput either ways. I found this very little to be a 802.11g WLAN. I will do further studies of what limits this traffic.
There is no encryption as far as I know on the mesh connections. These are open-air traffic easy to sniff. There is a strong advice also to change the default root password on SSH through the Dashboard. If you put one of the routers on a public IP, anyone can SSH into it with the default password. They will then get a shell like this:
BusyBox v1.4.2 (2007-11-02 12:20:05 PDT) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----. _ | |.-----.----| |__
| - || _ | -__| | |_| | | | || -__|__--| |
|_______|| __|_____|__|__| |__|__|__||_____|____|__|__|
|__| http://www.open-mesh.com ---------------------
Powered by these open source projects:
Version: r1421 18.104.22.168
November 20, 2008
Posted by on
I’ve had several responses to my previous article about VoIP attacks, and people are approaching the Honeynet organisation for help to figure out what they to do after being abused. This is both good and bad. Good that they seek help, bad that they do not have a IT security plan.
IT hacking costs money, and when implementing mis configured VoIP it shows up on the telephony bill as well. Previously it was costs that were not that obvious, down-time for the firm, stolen documents used against them in business competitions or just abuse of their Internet bandwidth to hurt others. How would the world been if all the security faults a firm had would show up on their monthly Internet bill? “Your computers have been participating in a DDoS attacking costing a firm 5 million, this is your cost”
The companies need to take security more serious. It is a war going on on the Internet where the strongest one will survive. And the war has begun for a long time ago…
November 17, 2008
Posted by on
I started digging into SRTP and Asterisk sphere. There does not seems to be any functional deployments. I’ve just found old stuff from 2006 where it was supposed to work, but I’ve not been able to re-do it. I thought it would be standard in Trixbox or other Asterisk distributions by this time!
Quote from voip-info.org “As of now (Jul 2008) Asterisk does not come with released support for voice encryption!”
The links I’ve found:
There is a stand-alone VoIP software named Zfone you can use for encrypting your RTP stream, made by Phil Zimmermann (also created PGP).It is a plug-in to tunnel your existing RTP stream through its encrypted ZRTP protocol. To use ZRTP with Asterisk you need to get a special patch, for this you need to e-mail the Zfone Project for a copy…. here is a short study of Zfone by Samuel Sotillo.
So were does it leave us? Skype has 256bit AES encoding, good for the most of us. Link it up with a Skype channel for Asterisk and you can at least access Asterisk encrypted, but not from a SIP phone.
Do you have any working installations you would like to share? Please e-mail me!
November 8, 2008
Posted by on
I have been following with great excitement the projects to provide phone and Internet communication to the 3rd world! They are called Village Telcos. There is great work been done by local people bringing communication to those who normally can not afford it. I believe information is the solution for a better world! Knowledge is power! Here is some good projects and organisations:
Dabba is a telecom and Internet provider in Orange County in South Africa. Dabba telecom is a company that is providing voice and data services to under-serviced areas. dabba has built a distributed community based ownership model.They have been helped by the Shuttleworth Foundation to create a usable wireless and telephony device. It is a combination of WLAN mesh networks and VoIP to deliver their services.
Inveneo is an organization helping projects in the 3rd world. “Inveneo is a non-profit social enterprise whose mission is to get the tools of ICT into the hands of organizations and people who need them most: those in remote and rural communities in the developing world.” They help other organisations to help Africa.
Inveneo are experts in:
- Ultra low-power computers and servers
- Long-distance wireless (WiFi) Local-Area Networking (LAN) gear
- VoIP telephony software and integrated hardware
- Free and Open source operating systems for servers and desktops
I love the idea to combine open source, wlan mesh (wireless p2p networking) and VoIP to bring information to the ones needing it the most! I’m trying to help as best as I can on these projects, but its not that easy as a by-stander. There are good discussions on the mailing lists and they all get proper responses. I’ve ordered several of the WLAN units to set up a neigbourhood mesh network to learn more.
I’ve talked with one that was in Uganda, and the advise from him was to go down yourself and see how you can help. It’s hard trying to help when you don’t even know what is happening locally. I’ve checked up on plane tickes, expensive…, but also gotta get some local contacts before travelling down there. If you know any, please let me know!
Next steps: Build the WLAN mesh network, set up the VoIP billing server, share the knowledge!
November 8, 2008
Posted by on
Just got a tip from my friends to watch Fredrik Härén presentation on the “Day of Knowledge” in Sweden. It is on youtube free to watch for anyone understanding Swedish. It is totally about 47 minutes in five parts. (Part 1, Part 2, Part 3, Part 4, Part 5)
He has a formula for ideas which goes like this: idea(s) = People ( Knowledge + Information )
Get knowledge, get information about the situation and then come togheter for the great ideas! Fantastic!
He also mentioning the divide about developing and developed countries. When developing countries are more technology advanced than the developed world, why use these terms? It is just stupid. He argues that the developed countries must stop sitting on their “high chairs” and get down to business. The developed world has been lazy the last decades and is falling behind on creating the future! I only wish the Norwegian politicians could see and understand this….
Fredrik is also in charge of Convenient Info which is a company to create information from all the data available on the Internet.