Frater 219's New Writeups

I wanted to eat; I had fir-trees (idea)

2003-03-22T17:28:54Z

Ya khotyel yest';
U menya yest' yeli.
Moi droog khotyel yest';
My yeli yeli.
I wanted to eat;
I had fir-trees.
My friend wanted to eat;
We ate fir-trees.

This little Russian rhyme is a double pun upon some coincidences in Russian grammar. The word yest' is both the infinitive to eat and an irregular verb meaning something like to be or to belong to. The word yeli is both the plural past-tense of to eat, and also the plural noun fir-trees.

Pretty silly, da?

127.0.0.1 (thing)

2003-01-14T02:19:54Z

127.0.0.1, being the first IP address on the 127.0.0.0/8 netblock reserved for loopback use, is the address most commonly used for a loopback network interface. Every properly functioning TCP/IP network stack has one of these -- it is an address reserved for the host to use when talking to itself.

If you ping 127.0.0.1, you should always get a response, with a truly minuscule latency. This is because packets sent to the loopback don't have to transit any actual network -- they go down the kernel network stack to Layer 2 and come right back. If you have a Web server running on your host, you can often test it out at http://127.0.0.1/. Pranksters may sometimes suggest that address as a place to look for warez or pr0n ....

Under no circumstances should you disable the loopback interface whilst connected to the Internet. On some systems, this may cause your kernel routing table to direct packets for 127.0.0.1 out one of your real network interfaces, where they…

127.0.0.0/8 (thing)

2003-01-11T03:11:16Z

In TCP/IP, the 127.0.0.0/8 netblock is reserved for the loopback interface on each network-connected host. This is a Class A netblock, equal to 2²⁴ addresses, reserved entirely for each host to communicate with itself.

The most commonly used address for a loopback interface is 127.0.0.1, but there is no restriction on how many of these addresses a host may use. The stereotypical use for loopback addresses is testing of network programs -- but any time you refer to localhost on a Unix system, you're probably referring to the loopback.

No address in the loopback range is valid on any physical IP network. Packets with source addresses in this range can confuse older network stacks (see martian).

shell (idea)

2003-01-04T19:42:24Z

On Unix-like systems, the shell is the command interpreter, which accepts command line input and runs other programs accordingly. It's also usually one of the first programming languages that Unix users and system administrators learn. Though relatively simplistic as languages go, the shell is useful because it can easily run other programs and respond to their output or error code results.

Programs that are commonly written in the shell include startup scripts for daemons, installer scripts for binary-only software packages, and system maintenance routines. It is relatively rare today to write larger application programs in a shell language, though it has been done in the past: for a long time, the master DNS and WHOIS databases at InterNIC were maintained by one big shellscript. Most sysadmins today prefer Perl or another more powerful scripting language for many of the tasks that were formerly done in the shell.

There are…

login command (thing)

2003-01-04T19:29:50Z

On Unix-like systems, login is a program responsible for authenticating terminal users.

Ordinarily, when you sit down at a terminal of a Unix box, you will see a login: prompt. Confusingly enough, this isn't actually provided by the login program, but rather by getty, the daemon that awaits activity on an idle terminal. When you enter your username, getty runs login, which asks for your password and -- if you enter the right password -- sets up your environment and spawns your shell.

Depending on the setup of the system you're on, login may check your password against any of several different authentication sources. The default on most systems is the /etc/passwd file. Others may use LDAP, NIS, or even such oddities as NetInfo.

port scan (idea)

2002-08-19T03:05:44Z

A portscan is an attempt to discover information about the network services on one or more hosts by opening connections to multiple TCP and UDP ports. Since a host will respond differently on a port if a service is running, and since there are only 65536 total ports, one can relatively quickly characterize a host's services by portscanning. At the same time, a host's responses can tell you facts about the kind of operating system or network stack it is running.

Portscans and Security

You will usually hear about portscans in the context of network security. A cracker attempting to break into a given host will often portscan that host in order to discover possible attack paths. Since every network service a host is running represents a possible path of attack, the portscan results are essential intelligence to an attacker. A script kiddie looking to break into as many hosts as possible with a single script, on the other hand,…