Tag: fraud

Double Nattering……..

Well, stepped far out of the world that I’m allowed to exist in.

I’ve said before that I really don’t particularly care about computers.

Didn’t say that I didn’t understand them, just that I didn’t particularly care about them.

Recently one of the last remaining electro-mechanical elevators was modernized at the hospital. Due to a misunderstanding there was no provision for connecting the elevator to the existing monitoring system to allow the shift engineers to be notified when an elevator breaks down or when someone accidentally presses the alarm button but doesn’t stay to answer the operator, the engineer can prioritize responding to the elevator depending on if the system says the car is out of service or if the car is in service.

Anyways, to run a direct line from the elevator controller to the computer in the engineer’s office was going to cost about $10k to run the shielded CAT6 cable in conduit with about four holes that would need radiographs and coring.

Existing hospital network to the rescue.

The entire hospital is covered with CAT6. Each subnet on the network is basically a switch or gang of switches. The switches in use have 48 ports on them and the switches can be physically uplinked together giving the hospital at least 6 switches per subnet which is 288 ports, 286 when you take away the broadcast and gateway for the subnet. That’s 254 subnet ports + 32 ports that can be used by other VLANS.

So, lots of room for a measly elevator controller to traverse the network.

Isolation Meets Legacy Monitoring: A Practical NAT Story

For the sake of illustration, I’ll use the following fictional IP addressing:

NAT 1 (Engineer’s Office)
  WAN uplink: 1.2.2.3
  Monitoring gateway (LAN): 2.2.1.1
  Monitoring workstation: 2.2.1.2

NAT 2 (Comox Building Elevator Closet)
  WAN uplink: 1.2.3.4
  Elevator B11 gateway (LAN): 2.2.2.1
  Elevator controller: 2.2.2.2

My goal was straightforward: keep the elevator controllers off the main hospital user network, while still allowing structured monitoring traffic to traverse it. To solve this, I deployed a pair of Moxa NAT‑102 devices as dedicated Network Address Translation gateways between the monitoring workstation and the elevator controller domains.

Though NAT devices live in private space internally, they behave more like protocol-opinionated security routers than plug-and-play default gateways. Their firewalls operate in a default-deny, stateful inspection mode: inbound traffic is rejected unless it matches an existing outbound session or a specifically declared rule. In this architecture, flows are permitted because they originate from the monitoring workstation (the client) and are expected by the controller (the host) — not because broad inbound access was opened.

Here’s the packet walk:

  1. The monitoring workstation (2.2.1.2) sends an outbound request for controller data, addressed to the remote NAT’s WAN (1.2.3.4) using the local closet NAT (2.2.1.1) as its next hop.
  2. NAT 1 modifies only the source address, replacing the original host IP 2.2.1.2 with its own egress IP 1.2.2.3, and forwards the packet across the backbone to NAT 2.
  3. NAT 2’s firewall permits the packet because a rule exists to allow flows from NAT 1’s WAN IP (1.2.2.3) into its routing table.
  4. NAT 2 routes the session internally to the Elevator controller LAN (2.2.2.2) via its local gateway interface (2.2.2.1).
  5. The elevator controller processes the request and replies with the requested data. The reply is not blindly broadcast across the LAN — it is returned inside the NAT session state table, allowing NAT 2 to map the translated session back to NAT 1.
  6. NAT 2 applies NAT in the same direction as the reply flow: replacing its own source 2.2.2.1 with its WAN 1.2.3.4, and sends the packet back across the backbone.
  7. NAT 1 permits the inbound packet because it matches an expected reply from NAT 2 and then delivers it back to the original client (2.2.1.2) through its LAN interface.

This design keeps critical OT equipment segmented, predictable, and unscannable from the wider network, while still allowing exactly one channel of monitoring truth to pass in and out. It’s not glamorous, but it works — and that’s often the most important engineering KPI in a 24/7 healthcare environment.

And thus the elevator LAN is isolated from the hospital LAN and vice versa even though they are directly connected to each other

The engineers can see the status of elevator B11 and can receive emergency email notifications when it breaks down.

Bobbie, you must be so proud of yourself!!!!!

For what?

As my father always said, it’s not like I built this shit. So why the fuck am I taking credit for something that somebody else created and made possible?

I didn’t build the fucking Moxa NATs.

I didn’t create the idea of using NATs to hide one private network from another private network.

I didn’t write the software on the monitoring computer.

I didn’t write the software on the elevator controller.

I didn’t create the Transmission Control Protocol / Internet Protocol.

I’m not a genius.

I’m not a geek.

I’m just doing something that anyone can do.

Addictions or lack thereof.

Just let me put my asbestos underwear on and my NOMEX fire suit before I get started.

One of the things that I’ve had to learn about in life is how society judges those who suffer from sexual abuse or from mental illness.

For example, to have endured any type of sexual abuse as a child, a person is expected to have a drug addiction and mental health issues like Claudia from the film Magnolia.

Anything less, and you’ve obviously never have endured any type of serious trauma.

For me to have any serious type of mental illness such as major depression or severe anxiety I’d have to be a cutter with numerous trips to the psych ward.

The one thing that I’ve learnt about mental health is that health care professionals only listen to you if others will vouch for your issues.

Unfortunately in my case I had two people running obstruction. What captain Totzke’s reason was is anyone’s guess. The Canadian Armed Forces had a secret to hide in 1980, and I was one of those secrets.

Yes, the wall of secrecy also meant keeping the total number of children involved away from the prying eyes of the public. And yes, that included keeping abused children from receiving care in the civilian mental health system.

My father? Well, he was a piss tank alcoholic in the military. And he was only a master corporal. Master corporals obey the lawful commands of captains. Don’t forget, my father didn’t get involved with captain Totzke on his own. Captain Totzke was brought in to deal with my brother and I.

So, with no one advocating for me I just drifted along.

Walk-in clinics don’t deal with mental health issues.

And for the most part family doctors won’t take on cases of mental illness.

Over the years I’ve managed to stay clear of alcohol.

The last time I ever had a drink of alcohol was back in July of 2011.

And I had only started drinking around 2004 due to the guys at work going out for a drink or two at the end of the month. Gotta be a team player. But outside of going to the pub for a drink once a month I’ve never actually ever had a bottle of alcohol or a can of beer in any of the places that I’ve lived.

Just seeing what alcohol would do to my grandmother or my father was more then enough to keep me away from the stuff. I know that my brother was somewhat of a drinker, but I don’t think that he was anywhere near the levels of our father or our grandmother.

When my grandmother moved out of the PMQ on CFB Giesbach and got her own apartment down on 106th street and 107th ave her storage room in the apartment would fill up over the course of the week with cases of Pilsner. My brother and I would have to help her wheel the empties over to the brewery for the deposit.

One of the cab companies back then had a delivery service back then where for a flat fee they’d pick up your case of beer at the brewery and deliver it to you. She used this service alot. As I said, it wouldn’t take long to fill up her little storage room with empties.

Even when she lived with us on CFB Griesbach she’d take us over to the Rosslyn pub while she was drinking, this even though the door of the pub clearly said “No Minors”. We’d have to sit and wait in the lobby of the pub while grandma got her drink on.

I think it was more the hang-over phase that scared me away from alcohol. Grandma and Richard would both become very angry when they were sobering up after days of drinking.

As far as drugs go, I think one of the reasons that I never got into drugs is the fact that I’m a loner. Because of the way captain Totzke and my father practically isolated me from the other kids on CFB Griesbach, and because of the way the other kids reacted to me on CFB Griesbach.

The maxim “misery loves company” best explains drug use. I don’t care what anyone says, nobody just goes out and gets into drugs by themself. They’re almost always introduced to drugs by someone else.

When I first moved to Vancouver in the winter of ’92 I spent a lot of time in the DTES. The SROs were just as bad back then as they are now. And drug use was just as rampant back then as it is now. Just now instead of being hidden in the back allies, it’s out in the open. Even when I was staying at the Catholic Charities on Cambie St. there was drug use amongst the lodgers.

I was offered “samples” so many times, but becuase I prefered to be left alone and becuase I prefered to be by myself, I never partook.

So, on one hand I successfully avoided the temptation of drugs, but on the other hand I set myself up for a lifetime of everyone doubting my claims of child sexual abuse.

As I said, society is of the opinion that one can’t have suffered through two years of child sexual abuse, 3 years of subsequent psychiatric malpractice, and 16 years of parental neglect, parental abuse, and a dysfunctional household while being employed and addiction free.

Without an addiction, did I really suffer?

Was I really abused?

Was the abuse really as bad as I claim it was?

The Alberta Crown Prosecutor came to the conclusion that 1-1/2 years of an 8 year old being sexually abused by a 14 year old was nothing more than “childhood curiosity and experimentation”.

Were there other reasons as to why I didn’t become addicted?

From 1989 until 1994 I was homeless in three provinces and I collected welfare in three provinces. I lived in my car in Ontario, and I lived in my car in Vancouver. I even used to sleep in the work shop of one of the places I had a “job”.

I lived in homeless shelters in Vancouver and in Toronto in the period of 1989 to 1994.

So I was the ripe candidate for drug use or even alcoholism.

But, somehow I avoided drugs and alcohol. And unfortunately this ended up being very detrimental to myself.

Another issue that has really fucked me over when it’s come to my believability is my almost complete lack of involvement with the mental health system.

The general belief is that you can’t have been sexually abused if you’ve never been locked up on a 72 hour hold in a psych ward.

If I was truly suffering from major depression, severe anxiety, and haphephobia then surely I’d be on heavy medications and I’d be a frequent flyer in the quiet rooms and the stabilization units.

But, I’m just a moody fucking asshole who worries about things too much and who freaks out for no reason when people touch him.

So to recap:
(no addictions) + (no evidence of self harm) + (no known suicide attempts) = NO SEXUAL ABUSE.

(Untreated mental illness) + ( 136 1/6 IQ) + ( functional employment ) =
LYING ASSHOLE.

The formula that I like the most is (Midazolam) + (Propofol) + ( Rocuronium) = No more suffering.