TP-Link wr1043nd + DD-WRT build 14896 = Memory Leak [Solved]

There appears to be a pretty nasty memory bug when using DD-WRT build 14896 on a TP-Link WR1043ND router. From the Cacti graphs below it clearly shows a sudden drop off in available memory, then after a reboot things get cleared up again.

Seems others have had similar issues.

I intend to try the BrainSlayer r20675 release to see if that resolves the issue – and will report back.

graph_image.php

graph_image.php2

 

[Update 14-Mar-2013]
Confirmed the BrainSlayer r20675 release firmware did the trick! Here are some new graphs showing no downtime with no complete memory drop-outs over 2 days with very high numbers of connected clients:
graph_image.php1graph_image.php2graph_image.php3

“Windows Live Support” – Scam

The other day I received a random call on my home line, when I answered I heard a guy within an Indian accent stating that he was from “Windows Live Support” and that “they had detected some ‘activity’ from my Windows computer”. He was able to address me by my full name, which was concerning at first. Almost immediately I was picking up on some cues that made me rather certain that this was a scam, but I thought I’d play along to see where this goes.

He asked if I was “authorized” to use this computer, which I found a bit of an odd question.. like they’d care if I was… Anyways he proceeded to ask be to start-up the computer and let him know once ready. During the boot up process I could clearly hear that we was in a very busy call centre, and I could hear many other Indian accent voices in the background going through the same process with other potential victims. Sounded like a large operation.

Once the computer was booted up I announced to him that I was ready to proceed.

Directs me to press Windows key + R to bring up the run box, then get Event Viewer open by issuing the “eventvwr” command. In Event viewer he directed me to the “Application” log and asked me to estimate how many red error entries I see… I response “about 50”, and he proceeds to say (in a very scripted fashion)… “Oh! my goodness! your machine is very badly infected and it’s going to break my Mother Operating System” LOL!… I continue to play along. Next up was the “System” log and he again asks that I estimate the quantity of red errors, this time I respond “about 30”, and in exactly the same scripted sentence he says “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”, by this stage I’m constantly going on mute to have a good laugh, then get my composure and return to the call. I acted like a real sap and agreed with him that my machine must be very badly infected. At each step I pretended to be a computer novice, saying things like “what is the Windows key??”

Next up, it’s back to the “Run” box and this time I need to type “prefetch”. Similar to previous, this time he wanted to know how many files are being displayed… I say “about 20”, then comes the scripted response again: “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”. This time he adds that I have “Spyware” on my machine, and asks me if I know what it is… I say “no”, then he proceeds to explain that “Spyware is like a Terrorist on your computer”. LOL!

After this he reads be a number: “80041820” and tells me if I see this somewhere then it’s a bad thing..

Next stop, Right-click My Computer, then go Manage. Then he proceeded to direct me to an area in the ‘Manage’ box that I’ve never had the occasion to use: Index Service -> Query the Catalog. He has me search for “Software Security Services”, which by no surprise gives a result that the services does not exist and a magic error code comes up….. yes, “80041820”. He tells me to compare the error code to the code he gave previously, and I agreed with him that they are the same, then proceeds to summarize everything that has happened and to finally convince me that my machine is boned. So far this has taken a good 20 mins. 20mins spent on building my confidence, impressive.

Now, he directs be to go to the Run box and type in http://www.support.me – at this point I was not willing to play along further, who knows what’s going on at this site. So instead I decide to figure out what exact information to they have on me, I tell him that I not willing to proceed until he provide some key information about me. He proceeds to read out my full name, phone number (duh!) and physical address… not cool. I press him to provide an identity number for me. He just keeps dodging the question – good thing so I gather that was the extent of the information they had. At this point I tell the guy that I think this is a spam, which he denies with the lame response “How could we use the Windows name in our company name if we where not a Microsoft partner”. Funny. He realizes that he’s not getting very far with me, so hands me to his very well spoken supervisor “Chris”. Chris tries to reassure me that all is good and that I should proceed. I tell him I will not proceed, and he gets rather aggressive asking “Why would I not want to fix my infected computer??!!”. I ask where they are located, he responds: “London”, then if I asked him if he is aware of the DNC (Do Not Call) list law in UK?, he says “Yes”, I say put me on it, then hang up. Like a scam operation would actually adhere to that law, but anyway.

Armed with all this information, I started to do some Googling and found that many people have received such calls. The end game that is operation aims for is to persuade you to purchase some software to “clean up” your machine.

This operation seemed large and pretty well-organized, and it was amazed that they were willing to spend upward of 20 minutes with me on the phone just to build trust/confidence.

Check out this hilarious YouTube video, where I guy recorded some of this:

StrongVPN PPTP on DD-WRT – Source based routing

Update: Improved version posted here

I’m a StrongVPN customer and just today I had a use case that required that I was able to setup the VPN tunnel from my router and only route a specific host down the VPN.

Here is how I did it using these:

Do the following on your router:

Services->VPN

  • PPTP Client Options: Enable
  • Server IP or DNS name: <this is the IP of the VPN server, hostnames DON’T work>
  • Remote Subnet: <This is the IP that the YOU receive from the VPN server, to get this first connect on Mac/Win and check what IP you get)
  • Remote Subnet Mask: 255.255.255.0
  • MPPE Encryption: mppe required,stateless
  • MTU: 1450
  • MRU: 1450
  • NAT: Enable
  • Username: <This is your StrongVPN user ID>
  • Password: <This is your StrongVPN password>

Setup -> Basic Setup

Under: Network Address Server Settings (DHCP)

  • Static DNS 1: 216.131.94.5
  • Static DNS 2: 216.131.95.20

Security -> Firewall

  • SPI Firewall: Disable

Administration -> Commands

  • EDIT the INT and SOURCETOROUTE variables to suite and paste the following, then click ‘save firewall’. The IP specified in SOURCETOROUTE is the source IP that will be routed via the VPN.
    INT=ppp0
    SOURCETOROUTE=192.168.1.119
    echo "sleep 40" &gt; /tmp/firewall_script.sh
    echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $INT --jump MASQUERADE" &gt;&gt;  /tmp/firewall_script.sh ;
    echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" &gt;&gt; /tmp/firewall_script.sh ;
    echo "ip rule add from $SOURCETOROUTE table 200" &gt;&gt; /tmp/firewall_script.sh ;
    echo "REMOTEIP=\$(ifconfig $INT | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')"  &gt;&gt; /tmp/firewall_script.sh ;
    echo "ip route add default via \$REMOTEIP dev $INT table 200"  &gt;&gt; /tmp/firewall_script.sh ;
    echo "ip route flush cache" &gt;&gt;  /tmp/firewall_script.sh ;
    sh /tmp/firewall_script.sh &amp;
    
  • Reboot your router, after which give it about 5mins and give it a try from the machine specified in SOURCETOROUTE

Paste text without formatting or kill it with a key sequence

I find it very annoying when you copy-n-paste formatted text in Windows as I very seldom actually want the formatting to come with it, and rather just want the raw text. The process I’ve been using up until now is to first paste the text into notepad, then copy it from there for pasting – not exactly an efficient workflow.

I came across a little single executable tool called PureText which allows you to assign a special key sequence to paste text without the formatting, I use Windows Key+V. The tool is a tiny 13K and just sits quietly in your task tray.

On a similar note – here is a quick way to removing any formatting from text within a Word doc or Outlook e-mail message:

Select the offending text area and hit ctrl + spacebar

Removing a colon : from a Windows directory

Problem:

Ok, so check this out… I somehow got a colon (:) in a directory folder name on my Windows 7 RC1 box. Why do I care you ask? because I could not access the folder’s contents, as colon in Windows is reserved for device names, such as disk partitions C:,D: etc.

Windows - Colon in directory name

Windows would not allow be to rename, delete, move this folder. If I executed a DIR /X, which shows legacy 8 character MS-DOS directory names, it came up without a short name – not good. I can only imagine that this directory name was created  by one of the MP3 tagging tools I’ve used, which may use a non-standard API call for creation of the directory.

Solution:

After trying a bunch of things under the Windows environment I gave up and brought out the big guns… Went to www.ubuntu.com and downloaded the latest ISO image and burnt it to CD. I booted up of on the live CD, and simply went into the default file manager app and renamed the folder. Done.

Ubuntu saves that day!

P.S. Don’t laugh too hard at the unfortunate example of my music collection… this album is often played in our bedroom after a long day to help put us to sleep… it does the job well!