/\  /^/_ _ __  __ _|^|_ __ ___
          /  \/ / _` '_ \/ _` | | '_ ` _ \
         / /\  / (_| |_)  (_| | | | | | | |
        / /  \/ \__, .__/\__,_|_|_| |_| |_|
                   |_|

.                                 .                      . ..n9: 2000.02.05
---------------------------------------------------------------------------
all content copyright © 2001 by the individual authors. all rights reserved
---------------------------------------------------------------------------

# prtvtoc
. . . .....................................................................
0x00  Editor's Comments
0x01  Subscriber Emails
0x02  Cable Modem Quicky: Hiding Inside the Data Link Layer
0x03  The Hacker's Survival Kit
0x04  On Binary Size and Reduction
0x05  Hacker 'Zines and Information Security Magazine
0x06  Press Release: Cybertech Magazine
0x07  More Holes in Sun Cluster 2.x
0x08  Masquerading as IPSEC for Fun and Profit
0x09  Music Reviews
0x0A  Credits
..................................................................... . . .

___________________________________
--------------------------- - kynik
[=] 0x00: Editor's Comments

We've got the second-largest issue to date, and by the number of articles,
the largest. Issue 9 has quite a wide selection of topics, from how
'hacker' zines are viewed by the 'legit' corporate world, to more on IPSEC
in the continuing saga. Also plenty of stuff in here for you UNIX-philes.
It is with sadness that we wave goodbye to the music reviews as they've
been. I just can't get enough people to commit to doing them when the
time comes. No, I don't want any volunteers. See that section for details.
I'm happy about the subscriber response we've received, as can be seen in
the following section...keep them coming! I'm very willing to post your
questions and comments here. Enjoy!

___________________________________
--------------------------- - kynik
[=] 0x01: Subscriber Emails

George Dodd <gdd@siliconinc.net> wrote [forwarded from _azure] :


All of them are related to kernel memory tuning.

> > > option          BUFCACHEPERCENT=25

Percentage of memory to allocate for FS caching. Defaults to
5% and can be no greater than 70. Nice performance improvement.
Keep in mind this can make for a pretty memory greedy machine
though.

/usr/src/sys/arch/$ARCH/$ARCH/machdep.c for more info.

> > > option          NKMEMCLUSTERS=8192
> > > option          MAX_KMAP=120
> > > option          MAX_KMAPENT=6000

The other 3 are sorta legacy stuff. Under older versions like
less than 2.7, you would see problems with kernel memory being
insufficient, ie "mb_map_full" messages. Its much much
better under recent releases, but I put it in there anyway just
to be safe. The KMAP stuff increases the number of kernel maps
that are available. It was required when softupdates first
came out. After 2.6, I have only managed to hit the limit on
that once. Documentation can be found under the performance
tuning FAQ from 2.5 and earlier. From vm_map.[c,h]

The new way: (2.8 snap as of 1 month ago)
#ifndef MAX_KMAP
#define MAX_KMAP        20
#endif
#ifndef MAX_KMAPENT
#if (50 + (2 * NPROC) > 1000)
#define MAX_KMAPENT (50 + (2 * NPROC))
#else
#define MAX_KMAPENT     1000  /* XXXCDC: no crash */
#endif
#endif


The old way: (2.6)
#ifndef MAX_KMAP
#define MAX_KMAP        20
#endif
#ifndef MAX_KMAPENT
#define MAX_KMAPENT     1000
#endif

If you are really into the obsd kernel hacking thing, you
may want to check out Phrack #54 also. It had some pretty
neat stuff in it on 2.4 kernel mods.

Ciao,

George Dodd
jhh@EFnet

--------------------------------------------------------

Jack Trades <j0atz@hotmail.com> wrote:

  I was just catching up on your e-zine, since I have been out of the
country for a few months now on business. Upon returning I read the
second zine again while I was persuing some sites and I realized that you
were looking to 'mentor' some people. Now, no, I am not looking for a
mentor, but I did want to compliment you on taking on such an endeavor.

[ Thanks, and for those who are interested, I've become much too busy to
  be able to handle a mentoring spot anymore. If anybody has any
  questions they'd like answered, though, I will take those and put them
  in Napalm, though. {kynik} ]

  You did ask for some unbiased opinion on the zine and what things other
people (or groups in our case) would be interested. We have been around
for quite sometime in the security of all hardware (instead of just the
actual computer - the hub, the switch, the phone), etc. Where we would
like more information, have found it hard to come by is one the phone
networks themselves - their weaknesses and flaws (info in likeness to the
Phone Mazters who were busted a little over a year and a half ago). Not
only would we find this information useful, but so would, we believe,
many others - both old school and newbies.

  Keep up the good work and we look forward to hearing back from you or
your crew.

jack

PS: it may take a while to xfer - they be a bouncing everywhere.

[ I personally don't know much about phone networks or the like, but I'll
  try to tap some more knowledgeable people and see if they'd do an
  article in the future. Thanks for the request! {kynik} ]

--------------------------------------------------------

Rudi Ruesell <vincetier@hotmail.com> wrote:

  Hi my name is vince and i´m not really far in computing or all the stuff
you talk about in your zine, but what i´d like to know is: are there
things like worms, or whatever you call it (i read shadowrun thats why i
cal it so), that crawl throgh the web offline or online searching for
exactly that you looking for and coming back with tons of information(
you know like in Matrix while Neo sleeps)? If there are stuff like that
how may i use it or what exactly is it. I feel a bit ashamed to ask
someone about something i don´t even know the name but i´d be happy if
you could answer or at least say piss off with that toy shit little boy.
OK thanx that´s it ... Vince

[ Piss off with that toy shit? I think you've got the wrong zine. If
  we're gonna pick on you, we'd be more mature about it. Just kidding.
  Anyways, let's get some terminology down. A worm is an automated
  program that moves itself from computer to computer, without any human
  interaction. The difference between a virus and a worm is the human
  interaction part. Now, what you're asking about (presumably) is called
  a web spider or web robot. Most web search engines do this constantly,
  and update their databases of links accordingly. When you type "Napalm"
  into a search engine, it will use the data its spiders have already
  grabbed and return you all sorts of relevant and irrelevant links.
  There's no way currently to read your mind and spit out a nice report of
  it all. You need a human to do that ;) So, there's not that much point
  (besides geek value) to run your own spider to gather specific
  information. Where do you go about finding out more information about
  web spiders? Try a search engine. www.google.com is my personaly
  favorite. Type in "web spiders" (with quotes) and click Search. Voila!
  How does google give you relevant information?
    http://www.google.com/technology/index.html      {kynik} ]

--------------------------------------------------------

Brian Levy <brianglevy@hotmail.com> wrote:

Hello....could you tell me if it is possible to copy the SAM from one
system to another?!

thanks
Brian

[ I think you'd be better off using something like Norton Ghost (?) to
  copy the entire partition over, as the SAM probably references user IDs
  that may not exist on the new system. Here's a page with more
  information on SAMs and their grooming:
  http://www.microsoft.com/technet/winnt/storpass.asp  {kynik} ]

--------------------------------------------------------

Adam Goral <AdamG@btconnect.com> wrote:

Hi,
First of all excellent article you have there.
Do you know of any sites I could find similar info on uk phones?

thx

[ Any British subscribers want to field this one? Bobtfish? {kynik} ]

--------------------------------------------------------

Monkey Boy <monkey-boy@biteme.com> wrote:

have been working my way through your back catalogue & have just finished
Issue #8... the Nortel phone section was excellent - witty, articulate &
frikkin interesting to boot (as with the rest of it)... keep up the good
work

Monkey-Boy (UK)

ps any more stuff on crypto shit would be real cool. Cheers Again.

[ Thanks, and I'll see if I can't put something up about AES sometime soon
  for all you cryptophiles ;) {kynik} ]

--------------------------------------------------------

David Bryant <david@datashadow.net> wrote:

Greetings,

Cool Zine, I hope you can keep it up (I notice that you've been quiet for
a couple of months).

[ Yeah, motivation and offline stuff keeps me a slacker. {kynik} ]

In reply to kynik's query about Sun EEPROM work around's in issue 4
here's some information...

--------------------
Miscellaneous ramblings on EEPROM passwords

If a system has an EEPROM password set, and you can login as root, you
can then run "/usr/sbin/eeprom security-mode=none".

If you get a machine that has "security-mode" set to "command" or "full",
and you don't know the security-password, or root's password, then you
won't be able to boot off of anything but the configured boot device.

1. Determine the current boot disk, usually SCSI ID 0 or 3. Disconnect
it. Connect an external Sun bootable CD-ROM drive and set its SCSI ID to
that of the normal boot drive. Put a Solaris Installation CD-ROM into the
drive. Power on the system and allow it to boot from the CD-ROM. After
answering a few questions during the initial part of the installation
you can Ctrl-C out of the installation process and be presented with a
root prompt. Run "/usr/sbin/eeprom security-mode=none" to clear the
EEPROM password. Turn off auto-booting by running "/usr/sbin/eeprom
auto-boot\?=false" (Escape the question mark). Power down (init 5) the
system. Reattach the original hard drive, move the external CD-ROM drive
to ID 6 (or use the existing internal CD-ROM if there is one). Power on
the system, it should stop at the OK prompt. Follow the normal procedures
to reset a lost root password (boot cdrom -s, mount /dev/dsk/c0t0d0s0 /a,
ex /a/etc/shadow, wipe password, w, q, umount /a, init 6)

2. Locate another system with the same architecture as the one with the
unknown password. Ensure that the other system has "security-mode" set to
none. Power the system down and remove it's EEPROM chip (usually in a
plastic carrier with an orange barcode on top). Replace the EEPROM on the
unknown system with the one from the known system. Boot up with the known
EEPROM Follow the steps above to reset the root password. Power down and
return the known EEPROM to the original system.

I was once told by a Sun instructor that once an EEPROM security-password
has been set there is no way to "clear" it. I've not tested but I wonder if
a password of "" (null) would work.
--------------------

Best of luck!

David

[ Thanks David, on the great answer and mini-article. You sound like
  someone who can write and knows something. (Two rare qualities when
  combined) If you have anything else you'd like to write, please drop me
  a line. {kynik} ]

________________________________________________________________________
--------------------------------------------------------------- - _azure
[=] 0x02: Cable Modem Quicky: Hiding Inside the Data Link Layer

/Intro and Background

  When my cable modem was first installed, I was out of the house at a
jobsite. I returned home that evening to find out that I had not been
provided with data concerning the two additional IP addresses I requested.
Eventually, I was able to contact my ISP on the phone and was provided
with my additional addresses. I was assigned two IPs that were in a
different subnet from the one I received when my cable modem was first
installed. Having recently done some work for a competing cable company,
this seemed fishy since the technology I was previously exposed to was
not capable of supporting addresses on multiple networks. It would be
several days (and phone calls) later when I was actually able to get all
of my addresses functioning - but they did eventually fire up and pass
traffic.

  Since that time, I've continued to have quite a bit of trouble with my
cable modem. Typically, my ISP reboots their 'servers' at least once a
week, which disrupts my Internet access, sometimes for hours at a time.
Often there is a problem when their system comes back up, and my cable
modem falls into a 'failure loop'. When this happens, my access to the
Internet will be down until the next time they decide to reboot 'the
servers'.

  Most recently, I suffered an outage that lasted from late one Thursday
evening until the morning of the following Tuesday. During this time, I
was never able to use more than two of my IP addresses at the same time.
I discovered through trial and error that if I manually rebooted my cable
modem, the working addresses would switch places with the inactive ones,
and I would suddenly have access to my 'dead' machines again.

  Throughout this downtime, I continued to tinker with my setup, and
eventually discovered that it was possible to grab other IPs from my
original subnet (guessing as to what addresses might be free). I was
actually able to start using these addressees to make contact with the
Internet.

/Cable Modems

  My cable modem is a Nortel Networks Cable Modem (CM) 100. As it turns
out, the CM-100 is a Data Over Cable Service Interface Specifications
(DOCSIS) device, and actually functions more like a bridge than a router.
There is no IP address assigned directly to the CM itself; and in fact
the default gateway addresses for each subnet point to a 'server' machine
at the cable plant. It is equipped with both a coaxial (for connection to
the cable plant) and RJ-45 Ethernet (for connection to customer network
devices) connector. No other I/O interfaces are evident on the exterior
of the unit. It is capable of both Data Link and Network Layer bridging,
and allows up to 16 individual MAC addresses to connect through it
simultaneously. MAC authorization is assigned in blocks of four at
the cable plant.

  The documentation also purports that the CM-100 is a SNMP manageable
device, with support for firmware updates via TFTP. I have not yet
experimented with trying to alter the firmware of the unit myself.
What I've found more interesting is the fact that by assigning multiple
addresses to a single Ethernet interface on a client machine, it is
possible to bypass the MAC limiting and make use of more IP addresses
than were assigned to the unit.

  Since the purpose of DOCSIS is to create a standard that different
vendors can design their hardware against, it is assumed that the
following techniques will be effective against other DOCSIS systems.
Exploration is left up to the reader.

/Unix Routing with OpenBSD and IPNAT

  Utilizing a spare box and OpenBSD's native NAT capabilities, it is
possible to create a single Firewall Machine that can be the 'face' on
a theoretically unlimited number of internal Internet Hosts. A single
MAC address will communicate with the CM, while holding a number of
public IP addresses and routing traffic between an Internal Network of
hosts and the Internet outside.

--/Hooking It All Up

  Let's be sensible about this. You're going to want to use a crossover
cable directly between your cable modem and your external interface on
the Firewall. This way, you will get full-duplex 10MBs throughput at
your most crucial bottleneck (a diagram for constructing a crossover
cable from scratch is included at the end of this article). Doing this
eliminates the network congestion created by plugging your CM into a hub.

  Wiring your Internet Hosts can be done in a number of ways. A single
Ethernet interface (100MBs is suggested) plugged into an internal hub or
switch may be sufficient to handle traffic to and from the Firewall.
Other applications may require Physical Layer separation of the
individual Internet Hosts. This can be accomplished by connecting each
machine to its own NIC in the Firewall with a crossover cable.

In the end, you should have a setup that looks something like this:

    Your.Internet.Host <--> OpenBSD/router <--> Cable Modem


--/Preparing OpenBSD to Route

  OpenBSD does not come out of the box ready to route traffic. You'll
need to edit /etc/sysctl.conf and enable the following variable:

    net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets

/etc/rc.conf will also need the following:

    ipfilter=YES
    ipnat=YES                # for "YES" ipfilter must also be "YES"

  A kernel option you might want to consider for performance tweaking on
100MBs enabled systems is:

    option          NMBCLUSTERS=8192

Upon reboot your system should be ready to go.

--/IPNAT

  Take a look at what you've got. Select another IP address from the
same subnet as your legitimate EXTERNAL_IP for use on your internal
Internet Host(s). (If your ISP is using multiple subnets, and you have
access to information regarding these addresses, it may be possible to
use IPs from any legitimate subnet they support).

  You'll need to add the ILICIT_EXTERNAL_IP(s) you selected to the
EXTERNAL_INTERFACE on your Firewall, and an INTERNAL_IP  on its
INTERNAL_INTERFACE for each INTERNAL_NETWORK you plan to create. We'll
each INTERNAL_NETWORK you plan to create. We'll use Darren Reed's
IPFILTER package (which includes IPNAT) to redirect incoming traffic
through the Firewall to the Internet Hosts on each INTERNAL_NETWORK, and
back out again.

In /etc/ipnat.rules:

    bimap EXTERNAL_INTERFACE INTERNAL_HOST_IP/32 -> ILICIT_EXTERNAL_IP/32

  This creates a (as the name implies) bi-directional map between
ILICIT_EXTERNAL_IP and INTERNAL_HOST_IP. The internal Internet Host will
be able to surf the net, and any incoming traffic destined for
ILICIT_EXTERNAL_IP will be immediately forwarded to INTERNAL_HOST_IP.

Remember to flush and re-initialize IPNAT:

    # ipnat -CF -f /etc/ipnat.rules

  Traffic should now pass freely from the Internet to ILICIT_EXTERNAL_IP
on any port that you have open on the internal Internet Host.

--/Other Considerations

  It would be a good idea to create a set of comprehensive filtering
rules for the internal Internet Hosts with IPF, either on the Firewall or
on the machines themselves. As this is not necessary to achieve
functionality, and I've beaten the IPF issue to death in previous
articles (see Napalm 7 and 8); I won't go into the intricacies of
stateful packet filtering at this time. Keep in mind though that the
IPNAT configuration above does not protect the internal Internet Hosts in
any way shape or form - they are in fact just as vulnerable as any
regular host sitting uprotected on the Internet.

/Conclusion

  Utilizing an OpenBSD box as a router, we have bypassed the MAC address
limits assigned to your CM and successfully snatched another functioning
IP from the Ether. This technique has only been tested with the Nortel
Networks CM-100, but other DOCSIS cable modems using MAC-based access
controls are probably vulnerable to the same circumvention techniques.

  Brochure propaganda for the Nortel Networks CM-100 states that the
system thwarts hackers by utilizing 56-bit DES encryption and RSA keys
to ensure that only authorized personnel make changes to your cable
modem's configuration. This is just another example of why encryption
does not always save the day by its lonesome when the basic
implementation of access controls is flawed. In this case it wasn't
necessary to 'hack into' anything but common sense to bypass security
restrictions.

Happy hunting, and don't shoot your foot off.

/Further Reading

    Nortel Cable Modem 100
        [ http://www.mercury.com.ar/htm/nortel/CableModem100.htm ]
    Ethernet 10BaseT or 100BaseT Crossover Cable
        [ http://www.gcctech.com/ts/doc/crossover.html ]
    IPF/IPNAT reference from Napalm #7 and 8
        [ http://napalm.firest0rm.org/issue7.html#integ ]
        [ http://napalm.firest0rm.org/issue8.html#ipsec ]
    ipnat(5)
    ipf(8)


/Signed

.-------------------------------------------------------------------.
|                                                                   |
|   _azure                                                          |
|                                                                   |
`-------------------------------------------------------------------'

_________________________________________________
----------------------------------- - Thomas Icom
[=] 0x03: The Hacker's Survival Kit

  Hackers are notorious gadget freaks, and often like to go out and about
into the real world to see what kind of trouble, eh, exploration they can
get into. I've detailed a list of items that can be thrown into a
hacker's survival kit and fits into a courier bag or daypack. The list is
derived from my own experiences as a technological hobbyist. All of the
items are self-explanatory, and there is plenty of leeway to customize
the kit towards your own tastes and preferences. I've designed this kit
to be easily portable. Many of you are too young to (legally) drive, or
live in urban areas where your transportation is usually public, bicycle,
or shank's mare.

  We will start with the basics: Something to carry your gear around in.
Most people go with either a courier bag or day-type backpack. Urban
bicyclists seem to like the courier bags while walking types prefer
backpacks; it's all a matter of preference. We like backpacks as they
stay out of the way better, leave both hands free, and are less
cumbersome than a bag hanging off your side. A decent military-surplus
backpack is sturdier and less expensive than some of those courier bags.
Also, the "shittier" your bag looks, the less likely it is that someone
will try and rip it off you.

  Get something in a neutral earth-type color like green, brown, grey, or
black. This not only stands out less, but also makes it easier to cache
(hide) if you can't bring it in with you. Our recommendation is that it
never leave your possession, but we know some places will want you to
check it at the door. Whether you check it or hide it depends on what you
have in the bag, and the relative time needed to get to it.

  Another thing you will want to start wearing, if you already don't, is
a belt. It doesn't matter what type of belt as long as it's sturdy.
Besides helping hold your pants up (which I'm sure is difficult
considering some of you wear your pants 5 sizes too big), you can carry
equipment on it: pager, Mini Maglite, Leatherman Tool, Buck Knife, etc.

  Now that you have something to carry your gear around in we can begin
to almost fill it. You never want to run around with a full bag, in case
you find something you want to take with you.

  I'll start with what you'll be carrying on your person. Get a
Leatherman Tool, Gerber Multi-Plier, or Swiss Army Knife. My Leatherman
PST-2 has neeedlenose pliers, wire cutters, file, clip point
serrated/plain edge knife blade, metal saw, regular and phillips
screwdrivers, can/bottle opener, and a small pair of scissors. I also
occasionally carry a Camillus U.S. Military pocket knife. This is your
classic four item "boy scout type" knife that has a plain-edged spear
point blade, screwdriver/bottle opener, can opener, and mini
screwdriver/awl.

  For heavier cutting tasks and possible self-defense usage get a good
lock blade knife. The Rolls Royce of these (in my opinion) is Benchmade.
Until recently I carried a CQB Folder which replaced the Cold Steel
Folding Tanto that I retired. The tanto-point blade, while excellent for
self-defense, is not the best for general purpose use and it is also a
little bit heavy for everyday carrying. I went back to a Spyderco Endura
Clipit. Spyderco blades are serrated and offer tremendous cutting power
for their size. I've owned mine for quite a few years now, and it has yet
to require sharpening. The other nice thing about the Spyderco is that if
you lose it, you're only out $45 as opposed to $120 for some of the
Benchmade knives. While you shouldn't lose tools, it happens (In the past
30 years I've misplaced several pocketknives, a Gerber Multi-Plier, a
Spyderco Worker, and an Al-Mar folder that have yet to reappear). For
those on a budget, the Schrade Cliphangers are a lot of knife for the
money, and I believe United Cutlery (I believe) makes a nice "Mechanics
Liner Lock" with a 3-4" serrated blade (and they went for no more than
$20 and were well made knives).

  Being a hardware hacker, I also carry around a few extra tools. A
multi-bit screwdriver and a set of tamper proof bits have come in handy
on numerous occasions; as have a little 6" pry-bar (nicknamed "the goblin
bar" by an old acquaintance of mine) I picked up at a dollar store for,
well, a dollar. A Radio Shack mini-multimeter also resides in my kit.
Those heavy-duty scissors known as "EMT Shears" that will cut through a
penny and only cost a few bucks are nice to have as well. A roll of duct
tape and electrical tape complement the package. It is said that you can
fix anything with duct tape. Now you need fire. Disposable lighters are
nice. What's even better is one of those butane lighter/torches that put
out a jet of blue flame. You can solder and almost weld with one of
those. Include a butane refill cylinder. Some really "elite" types carry
the miniature battery-operated Dremel Tool with a small case of relavent
bits. Dremel tools have several thousand uses.

  Another thing you should have on you is a Mini Mag lite or similar
small two AA-cell flashlight. If you've ever been caught inside a modern
office building or apartment when the lights go out, you'll appreciate
how handy having a little flashlight is. You can get a headband which
places a Mini-Mag on the side of your head at eye level; an excellent
idea when you need to work on something with both hands in the dark. You
should also get the accessory kit for the red filter lens, as the red
lens enables you to have a light source that doesn't fuck up your night
vision. A cheap set of 8x or 10x binoculars are nice to see things that
are far away and don't take up much space. Recently a friend gave me
this piece of optics the size of a large pen that is both an 8x telescope
and a 30x microscope. It was supposedly standard KGB issue. I also like
to have a jewelers loupe handy for reading part numbers on electronic
components (jeweler's loupes have coolness factor). For memory-aids, I
include a copy of Pocket Ref, a little notepad, and writing implements.
While individuals have taken to carrying around electronic notepads or
Palm Pilots, I'm a little retro in my choice of memory aids, as they
don't require batteries that go dead at inopportune times.

  Communications tools are next. If you can get your friends to carry FRS
or 2-meter radios that's all fine and dandy, otherwise get a one-piece
phone, cut the modular plug off the end, and attach alligator clips to
the red and green wires. Get one of the portable touch-tone pads from
Radio Shack. Get a pager with voice mail. If someone wants to reach you
they page you and you can then call them back by whatever means you have
or desire. Communications receivers (scanners) have come down in price
and size. An Icom R2 and Alinco DJ-X2T are small wide-band receivers
capable of picking up everything from AM/FM broadcasters, to shortwave
stations, to local public safety communications.

  Throw a set of work gloves in your pack. Not only will they keep you
from leaving fingerprints, but they also protect your hands from damage
and keep them warm. For the summer, I get a "six pack" of cotton work
gloves for about $5. In the winter I replace them with wool army "glove
liners" and black leather "glove shell". Speaking of damage, throw in
some assorted Band-Aids, "butterfly strips", gauze pads, first-aid tape,
tweezers, alcohol pads, and some Mercurichrome or similar ointment in
your kit. You will in the course of your adventures get minor dings,
scratches, slivers and cuts, and will be glad you have it. It beats
bleeding all over the place.

  Clothing is next. Cold weather and rain just happen some times and you
may spare yourself some discomfort or hypothermia with nice dark sweater
or sweatshirt and a rain poncho or anorak. You can add spare socks and
possibly undergarments if there is the possibility of staying overnight
unexpectedly somewhere. Start wearing a hat. Baseball caps are OK, but I
like outback "Crocodile Dundee" style hats that are made of waxed cotton
and shed water like a duck's back.

  Now I will discuss weapons. Whether or not you decide to carry them is
a personal decision. In most areas they are heavily frowned upon or
illegal. I personally feel that "An armed society is a polite one"
(Robert A. Heinlein)  and that everyone should have the right to carry
defensive weaponry if they so choose. Some places such as Massachusetts,
California, and New York don't share my feeling. If you live in a
Communist state, either move or follow the Eleventh Commandment (Thou
shalt not get caught). In most places you can carry pepper spray with
little hassle. It works most of the time, but be advised some people have
an immunity to it. Don't spray into the wind, as you will dose yourself,
and if you spray it in an enclosed area everyone nearby will get a sniff
of it, yourself included. High-voltage stun-guns are pretty effective,
despite claims to the contrary. To quote Kurt Saxon in The Poor Man's
James Bond, "Anyone unaffected by 50,000 volts is from another planet".

  It's neat to be able to do field surgery on electronic devices, fix
your ride, or be able to do a little "urban exploration" on a moment's
notice. Carrying around a portable techie's work-shop has its own flavor
of eliteness. Being prepared for sudden changes in plans or unforeseen
circumstances is a good thing. Hopefully, this article got your
brain-gears going, and that's another good thing.

12/31/2000 - Thomas Icom <ticom@iirg.org>
http://www.iirg.org/~ticom/

[ Thanks for the article, Tom. It's a little different from what I'd
  normally include here, but I figured many of you out there would find
  it interesting. {kynik} ]