Tag: security

VPN with Wireguard

Today I spent some time setting up a Wireguard VPN on a Linode VPS.

Overall the process is not too complicated, but there are some things I was confused about initially. Initially I followed the [cached]guide on the Linode website, but then I switched over to this excellent article: [cached]How to setup a VPN server using WireGuard (with NAT and IPv6).

My biggest confusion was about the distinction between the private IP assigned to the server/client within the VPN, and the externally visible IP of the server (the client does not need a public IP). Importantly, the …


Censorship and the Great Firewall

I just arrived in China for my vacation and noticed one thing immediately: All kinds of useful sites are blocked. Google Search and Maps, Gmail and Facebook. This is a major pain in the ass for doing anything from looking up directions to uploading pictures for those back at home, not even to speak of any human rights aspects.

My initial approach was using OpenVPN on my phone, but that doesn't seem to work - Facebook is still blocked, etc. What does help is ssh -D <PORT> <HOST>, but even that seems to get slowed down after some use. It's enough …


dDoS - now on a phone near you

You may or may not now that your desktop browser can do arbitrary http requests using java script, all without any action from you. Of course, this can be abused to dDoS websites into oblivion, [cached]as shown by Anonymous. Funny thing is, this also works on mobile browsers - and you can't even tell that anything is happening if the site is at least a little clever.

Implementation is astonishingly simple:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
function loop() {
    for(var i = 0; i < requestsPerLoop; i++) {
        try {
            var xhr = new XMLHttpRequest();
        xhr.open('GET', target …

Protecting your mails with GnuPG

You probably know that you can encrypt and sign your emails using GnuPG, and there's even a bunch of programs and plugins to make it easier for you. However, if you are like me and use Gmail's browser interface, there's no plugin for you. Your only choice is to copy & paste your mails to some external program, encrypt / decrypt them and paste them back into Gmail. Certainly not very comfortable.

Today, I set out to change this. I wrote a small Chrome extension which interfaces with GnuPG so you can encrypt and decrypt your mails directly from the browser. It …


P2P DNS

I don't really like the direction of the "official" project, especially the part where they decided to use a central authortiy, so I started my own. This is a true distributed approach, for everything else we don't need to develop anything new.

The basic idea is that each and every node of the network caches all the domains we have. Before you cry foul, let's look at how much space this will really need.

Our DNS record has several parts:

  • The domain itself. At 8 bit for one char, we'll assume a generous average length of 50 chars, which leaves …

© Julian Schrittwieser. Built using Pelican. Theme by Giulio Fidente on github. .