Posts

Posted on

Updating the anti-SIP attack script

The anti-SIP attack script has been doing a great job, but I did note a few shortcomings I wanted to fix.  For one thing, I was noticing a few “clusters” of networks that justified (to me) blocking larger networks.  No one outside the US has any reason to connect to my server, for example.  I can block entire /8 networks…  but doing so manually was cluttering up the iptables rule sets.

I modified the script to store a little more information in the text file, so i can go through it manually from time to time and make changes.  It’s easy to run the file through sort -n and see if it’s time to block a /16 or /8 network.

#!/bin/bash
/bin/grep "No matching peer found" /var/log/asterisk/messages|cut -d "'" -f 4 | \
   cut -d "." -f 1-3 |sort -n |/usr/bin/uniq >> \
   /root/anti-sip-attack.tmp
for d in `cat /root/anti-sip-attack.tmp`
do
  if [ `/sbin/iptables -L -n | grep -c $d` = "0" ]; then
    /sbin/iptables -I INPUT -s $d.0/24 -j DROP
    echo $d.0/24 >> /root/anti-sip-attack.txt
  fi
done
rm /root/anti-sip-attack.tmp
Posted on

Exploring Mars

Last night I took Lauren (my grand-daughter) to the National Geographic Exploring Mars presentation at the Holand Center.  Kobie Boykins was the speaker; Kobie is originally from Omaha and manages the engineering team that designed and built all of the moving parts of the Mars roving science lab Curiosity.  Pretty awesome evening!  Lauren and I both enjoyed it.  Many thanks to Lisa Van Stratten for providing the tickets.  After the presentation Lauren got to meet Kobie and had her picture taken holding one of the wheels used for testing a couple of the earlier Mars rovers.

2014-04-22_21-54-41_943

Posted on

AWESOME garbage collection job!

Man, the City of Omaha and Deffenbaugh are aces.  What a fantastic job of not only picking up the garbage, but making sure our street stays nice and quiet…  since you cna’t drive down it without zig-zagging around the chicanes.

Posted on

Back to building

Between HR 3708 and S.2103 and the FAA’s recent decision to look at some easing of the third class medical requirements, I am hopeful enough that I will be able to fly the RV-7 that I’ve decided to keep it and continue building.  I’ve ordered the fuselage kit and am finishing up the wings while waiting for it to arrive (which will be 8-10 weeks).

I was just about to pull the trigger on a Champ to fly…  but just couldn’t do it.  I’ll have to content myself with flying with a CFI for a while, and/or bumming rides whenever I can.

Posted on

Squelching SIP attacks

Since I run an Asterisk server, it seems every third-world slime crawler wants to see if they can get free phone calls.  So far none have succeeded, but if you let a million monkeys keep pounding on keyboards, eventually they’ll guess something right.

Unfortunately Asterisk doesn’t have any facility for doing anything with SIP attacks other than logging them.  I finally got tired of seeing thousands of connection attempts from various places and blocking them individually, so I came up with a script to add the offending IP addresses to my iptables filter.  When an invalid connection attempt comes in, I block their entire /24 net just for good measure.

#!/bin/bash
/bin/grep "No matching peer found" /var/log/asterisk/messages|cut -d "'" -f 4 | \\
  cut -d "." -f 1-3 |sort -n |/usr/bin/uniq >> /root/anti-sip-attack.tmp
for d in `cat /root/anti-sip-attack.tmp`; do
  c=`grep -c $d /root/anti-sip-attack.lst`
  if [ "$c" = "0" ]; then
    /sbin/iptables -I INPUT -s $d.0/24 -j DROP 
    echo $d >> /root/anti-sip-attack.lst
  fi
done
rm /root/anti-sip-attack.tmp

This script gets run from cron every few minutes…  so far it’s worked quite well.  The next step is to tee the Asterisk log file and do it in real time, so they only get one shot and they’re blocked.  As it is now they have up to five minutes to try to brute-force their way in.

Posted on

Pursuit of a new airplane

It looks like I won’t be able to fly the RV-7 (barring a major change in medical certification requirements).  I can still fly with Sport Pilot privileges, as long as I can self-certify that I’m fit to fly.  Since both my regular doc and the cardiologist agree that there’s no reason I can’t fly, I’m looking forward to getting on the air again.

The problem?  There are no light sport aircraft around here to fly.  No one rents them, and as yet I have not found any clubs or partnerships that offer one.  My attempts to get my own flying club to look into LSA ownership were met with considerable resistance…  odd, given that we have lost or are losing at least three memberships due to lost medical certificates, and there is at least one other member who hasn’t flown in quite some time due to – yeah, you guessed it, no medical.  Still, the average pilot who does NOT have to fly LSA knows virtually nothing about light sport aircraft.

Anyway, it looks like if I want to fly again in the foreseeable future, I’m going to have to either own outright or form a partnership or club.  I’d looked into forming a partnership to purchase an RV-12, but we were only able to get two partners together — wed need at least 4, preferably 5.  After exploring all other options, I have pretty much settled on an Aeronca 7AC Champion, commonly known as a Champ.

Why a Champ?  There are a number of reasons.  Cost is a big one.  Champs are plentiful and relatively inexpensive.  With tandem seating (front & rear seats) they’re roomier than, say, a side-by-side Taylorcraft or Luscombe.  They’re faster than a Cub, and are flown solo from the front seat instead of the rear.  They also generally cost less than a Cub.  If equipped with a (slightly) upgraded engine, say an 85 HP C-85 instead of the original 65 HP A65, I’m told the climb and cruise performance is quite good for the type.

There are plenty of flying Champs out there for sale.  I’m chasing one or two “projects” that will need to be restored.  Why do that, when I can get a flying aircraft for about the same cost?  Simple.  These planes were built in the mid to late 1940s.  If I’m going to fly it, I want to know that every single tube, weld, fastener and part is sound and airworthy.  While rebuilding I can use all new hardware and replace or repair any part that is not 100% up to snuff.  I can also take the opportunity to do some updates to the plane — better brakes, for example; newer fabric, better seat restraints, etc.  How far i take that depends a lot on what kind of deal i can get on an engine, since either of the ones I’m looking at will need the engine replaced.  Of course it’s also a balancing act — literally — to put what you want in it, but keep the empty weight as low as possible.

Of course, this doesn’t mean I wouldn’t consider a flying example if the right airplane comes along at the right price.  I would not complain about a year spent flying instead of building.

 

Posted on

Elvis With a Tan

We picked up some peanut butter with cocoa from Costco.  TOO good.  So this morning I tried a new variation of Elvis oatmeal — 1/3 C oatmeal, 1/3 C + about 2 TBSP water, 1/3 C almond milk, 1 tsp chia seeds, 1 TBSP cocoa peanut butter, 1/2 TBSP maple syrup and about 1/3 of a ripe banana, thinly sliced.  The extra water is for the chia seeds; they’re optional for those of us in the clogged artery club.  If you put them in, let the chia seeds and water sit for 10-15 minutes before adding the rest of the ingredients.  Nuke for 2 minutes 15 seconds, stirring a couple of times along the way.  Dee-lish.

Posted on

Elvis Oatmeal

This morning I tried something new for breakfast.

1/3 cup Quaker quick oats
1 Tbsp. organic peanut butter
1 tsp. organic honey
About half a banana, sliced thinly
1/3 cup skim or 1% milk
1/3 cup water

Microwave around 2 minutes, stir once or twice while it cooks and stir thoroughly afterward.  Next time I may try either a bit less peanut butter or a bit more water or milk.  Or maybe not, it’s pretty good.  Not something I will eat every day, but if you’ve got to eat oatmeal you need to change things up every once in a while.