Entropy gathering changes in Debian Buster

Alternative title: Using RDRAND to cope with early boot entropy starvation This blog post, as well as the described investigation, was a joint effort of Alexandros Afentoulis and Nikos Kormpakis. Intro At Skroutz we operate a wide variety of services comprising the ecosystem behind Skroutz.gr, a comparison shopping engine which evolved to an e-commerce marketplace. We run these services on our own infrastructure, bare metal servers and virtual machines. All hosts are running Debian GNU/Linux, which on July 6th 2019 had its latest stable release, called Buster. [Read More]

Sweet Debian Packaging

Some days ago, thanks to apoikos’ sponsorship, I got my first package accepted in Debian! https://tracker.debian.org/pkg/pytest-flask And I will maintain it within the Debian Python Modules Team. Woooooooohoo! I snatched at the occasion to create something sweet, a tiramisu. But a tiramisu alone would not be something remarkable. I wanted to adorn it in a Debian-ish theme. So I asked a friend, an elite practitioner of the sugar-fu, to create some cupcake-packages and… look at these sweet, edible little packages! [Read More]

ARP proxy going rogue, part 2: tracing the kernel

Introduction This is a story of ARP Proxy going rogue. Writing down that story took more than I expected so it’s split in two different posts. In the first part I explained what proxy ARP is and how it’s used in GRNET Ganeti clusters to provide public IPv4 to guest vms. I referred to the incident of a certain host hijacking all IPv4 addresses within a VLAN. In this second part I track down this particular behavior by reading the linux source code, setting up a Debian Buster testbed environment with network namespaces, and playing around with python scapy, eBPF Compiler Collection toolkit and linux kernel static tracepoints. [Read More]

ARP proxy going rogue, part 1: the incident

Intro This is a story of “Proxy ARP” going rogue. Writing down that story took more than I expected so it’s split in two different posts. In this first part we explain what proxy ARP is and how it’s used in GRNET Ganeti clusters to provide public IPv4 to guest vms. I’m going to investigate a particular incident where certain hosts caused DOS by hijacking all IPv4 addresses within a VLAN. [Read More]