10 TIPS NOT TO GET HACKED

User often finds himself/herself in a dilemma hoe to escape the hacking problem. The concern is online banking or any other online transaction that needs high securities. The below mentioned tips are helpful for those who are just a beginner or intermediate user in online computing.

1. Don’t assume only for risk based scenarios or what type of attack will manifest your security. A person should prepare for highest risk acceptance. Many people makes their decisions assuming for particular scenario, however this is wrong practice for not to get hacked. Rather, think about how regular and normal people can access your data easily, because a hacker goes with this path only.

2. Try to keep your password more complicated. This thing will not only keep you away from bruit force attack but also it takes much time for others to recognize your password. These days password hacking is most common problem among internet users. To avoid such things, an internet user, must adopt with strong hashed password.

3. Keep a practice of using browsers like Mozilla Firefox, Safari, Google Chrome etc instead of using Internet Explore. This is one of the best ways to stay away from hacking. There are lot many cases about internet explorer that it is vulnerable to virus, spy ware and ad ware attacks. Make sure you use internet explorer in case of legit websites only.

4. No matter what browser the user uses, but browsers are hostile for hacking. So, keep adding more security to your web browsers. Always try to use add-ons, because add-ons helps in identifying fishing websites, prevent passwords of getting into wrong hands and prevent your computer getting hacked

5. Don’t ever click on links provided in emails. Chunk emails from phishing websites are used for hacking. Phishing emails are difficult to trace, if you are unsure of email or website, try to type address manually into the address bar of a browser.

6. Always use a single credit card for online purchases. Using single credit card for online transactions is easy to remember your previous transactions and easier to monitor changes in strange way.

7. Shoulder attack, make sure there is no one behind you attempting to peak your password. Also do not make any sticky notes about your password. Your password is most vulnerable for hacking.

8. Do not use your computer overnight, because this is the only time when most of hackers are active.

9. After downloading any software or program from website, make sure you scan downloaded software 3 times by your antivirus software. You cannot predict a virus by its name and type.

10. Keep changing your password regularly and also does not share login information with anybody.
Above are some tips and things to be remember while surfing through internet and using important and confidential data over internet. These are some small things but make much difference when users avoid or don’t take it seriously. Try to be secure in each and every aspect because a small hole can ruin everything.

Read More

10 Must Have Free Android Apps

Lately i have been in love with my android phone, Once i was a guy who used to see phones as silky small dumb device, but soon things changed when i first purchased my Lg optimus me android phone , Following are some of the apps that i use and cant live without it  :D



I thought  i should share this article with my readers who use android phones and see how many of you use these apps . The best thing about this post is  i am  actually posting this from my phone (via blogger app)


10 Must Have Free Android Apps

1. SetCPU

Root Required 

SetCPU is a tool for changing the CPU settings capable of overclocking and under clocking  SetCPU allows the user to exert total control over how fast, or slow, the processor runs at any given point in time. As an example, SetCPU can force the processor to sit at its lowest setting whenever the screen is turned off, but to use a range between 240MHz and 806MHz as needed while the phone is awake. For phones that have the ability to drastically overclock, SetCPU can help ensure that they don't overheat by keeping watch on the temperature, and acting accordingly. Overclocking or not, battery savings and overall performance can be greatly enhanced using this app


2. Titanium Backup

Titanium Backup is the most powerful backup tool on Android, and then some.You can backup, restore, freeze (with Pro) your apps + data + Market links. This includes all protected apps & system apps, plus external data on your SD card. You can do 0-click batch & scheduled backups. Backups will operate without closing any apps (with Pro). You can move any app (or app data) to/from the SD card. You can browse any apps data and even query the Market to see detailed information about the app.


3. Lookout

Protect your phone with award-winning security & antivirus from Lookout Lookout is lightweight, free antivirus for Android. it also has other features like finding lost mobile using GPS, Backup  etc


4. SSHDroid

Connect through SSH to your device! SSHDroid is a SSH server implementation for Android.This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell") or edit files (through SFTP, WinSCP, Cyberduck, etc...).


5. Advanced Task Killer

Just because Android apps have no "close" button doesn't mean they shut down when you return to the home page or move on to another app. You calendar, note pad, and programs in which you turn on event notifications might periodically run in the background, depleting your battery. Download and run Advanced Task Killer Free. You'll be amazed at the apps that run on start-up without your knowledge. While you can kill the task killer along with other apps, we recommend letting it run so you can easily use it a couple times throughout the day. Being able to set conditions for killing running apps would be an interesting future touch.

6. Where's My droid

When you lose your phone while the ringer is turned off it can be impossible to find it. Where's My Droid fixes that problem. After texting your phone a custom attention word the app turns the ringer volume up and makes your phone ring. It's also possible to get the GPS location of your phone in latitude and longitude and a link to Google maps


7. Orbot

Enhance your privacy, break through firewalls and communicate more safely.Orbot is the official port of Tor to Android. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.


8. Busy Box

Busybox is often called "the Swiss Army Knife of Embedded Linux," because that's what it basically is. It's not an actual app that you run, but instead provides all the Linux/UNIX commands that we know and love. Without the commands installed, the barebones "Linux" that Android runs on top of can't really do too much, making apps like Terminal Emulator nearly worthless.


9. Wifi Anaylyzer

Turns your android phone into a Wi-Fi analyzer!!Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.


10. Es File Explorer

ES File Explorer for Android is a free, featured all-in-one file manager & application manager & task killer & drop box client & ftp client which explores your phone and your computer. It allows android users anywhere in the world to manage their resources for free, it makes easy to manage, stay connected using your 3G, EDGE or WiFi, and share with friends, upload photos, watch videos.

Hope the above info helped you ,If you like the above apps please let me know them via comments

Read More

How to use Telnet to send email over Port 25 using SMTP

How to send Email using Telnet command over port 25 using the SMTP protocol
Telnet: TELNET (TELetype NETwork) is a network protocol used on the Internet or local area network (LAN) connections. It was developed in 1969 and standardized as IETF STD 8, one of the first Internet standards. Read more about Telnet in the Wikepedia article here 
SMTP: Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. Read more about SMTP in this Wikipedia article here
Step # 1: First, open a command prompt. To open a command prompt window, click Start, Run and then type in cmd and press Enter. You can also press the +R to open the Run prompt and then type in cmd in the open text box.
Step # 2: You need to know a remote mail server. If you are still in school or working, there is the excellent opportunity to use your University mail server or your company’s mail server for this.
type in telnet RemoteMailServer 25 at the command prompt. The Remote mail server here in this command is the mail server of your school or company. It is usually mailhost..edu or compmail..com or something on those lines. When you press enter, you are shown a quick prompt that you are connecting to the remote mail server.
Step # 3: Introduce yourself to the mail server. Play around a bit.
type in helo mailhost at the command prompt. The mail server responds back with something like this
250 RemoteMailHost. Hello , pleased to meet you.
Step # 4: You can now enter your email address.
type in mail from: your email id @ blah.com
The mail server responds back with a 250 … sender ok
Step # 5: You can now enter your receipient’s email address
type in rcpt to: recipient email id @ blah.com
The mail server responds back with a “Recipient OK” message
Step # 6: Now, you are ready to type in the body of the email message.
type in data and press enter.
Now, type your message and then finally press Enter. To end your message type in a single period “.” . Your message is now in the queue
Step # 7: To complete and finish the process, type in quit and press enter. The mail server responds with a “Bye” after which you see a “Connection to host lost” message displayed.

Read More

Windows Formatting Guide

What exactly is formatting and why is it necessary?
Formatting is the method of whipping your hard drive clean of previously installed / stored data. Do not think that the data is completely removed when formatting, because in fact its not. But, we do not need to cover this. When you format, you do lose everything that was previously installed, so if you have important documents, back them up!.
There are various reasons that formatting is necessary.  Some may be because your computer is lagging horribly and sound and such just start failing, you have to run all sorts of tools to tweak it and ran diagnostics, but it’s just not cutting it. You want it back to stock performance and everything to work correctly, so you just say screw it and reformat it. Various viruses and worms can wreak havoc and are not able to be rid of unless you format your pc. Sometimes it’s necessary to completely delete the partition and re-create it, then format. As stated previously, there are methods that the more advanced users may do to dig up past data, usually just file names, but that is more then enough to tell what was previously on your hard drive disk.
What is required for formatting?
I will show you some of the tools that you should have when reformatting. This may vary, depending on what file system you have and what operating systems been previously installed.
- Win9X Boot Disk
This is used to boot up your PC into DOS for various formatting operations. The situations call for different measures. Sometimes a boot disk is a must.
- Restore CD
A restore cd comes with your new computers. They have the factory settings, drivers, OS and everything you need for your PC to be put to its factory settings. Some users may have lost this or never got one, so I will cover some optional solutions.
- Windows Operating System ( OS )
You may have bought or even burnt a copy of a windows operating system. This does not mean that your computer will install 100% complete without any problems, this is simply the basic foundation for a newly installed OS. You may be required to supply drivers and such. Read later on about this.
What if I do not have a restore or windows operating system cd?
If you are lacking everything that you need, please do not try to reformat. With that being said, let me tell you what should be done if you are supplied with efficient tools necessary for a reinstall. If you do not have a restore cd, but you have a copy of the Windows OS, then there are various steps you should take for a successful install. First, determine your PC brand, which could be Hewlett Packard, Gateway, E-Machine etc. Once you have figured this out, simply determine the model. I know that Compaq and HP have an auto-detection system to determine the settings for you, if you have this type of machine, others might too just make sure to check there official web site and look for Downloads or Support. With a manufactured pc you should be able to give them a call and request a new restore cd, depending on how old the computer is.
If you can not figure out your model and make try using the msinfo32 (start—> run—> msinfo32) or a utility called Sisoft Sandra Pro to detect your model and make for you. This is also handy if you have a custom built pc which has no restore cds created for it. Use Sisoft to determine all of your hardware settings and the type that’s installed, and then use it on http://www.google.com to search for the drivers you need. You must search for drivers that are designed for the exact operating system you are installing or they will be incompatible! Mainly, with an older computer, if you are installing Windows 95/98/ME then you SHOULD download all drivers ahead of time. If you have Windows XP and are installing it on an older system then the Plug and Play should pickup most of the settings for you, so needing drivers downloaded ahead of time would not be needed. If the drivers are something like video driver then you should download updated ones from the default manufacturer because MS only supplies you with the lowest quality drivers possible.
I have everything I need, what next?
Now, you must determine the operating system that is currently installed. If it is Windows XP then there are more steps that must be taken in order to format successfully from DOS. If you are on Windows 95/98/ME then the steps are a lot less struggling. If you wish to remove the partition completely and reformat it and previously had Win9X then do so, just follow the steps that are required for reformatting an XP system from DOS.
FIRST STEP FOR BOTH XP & 9X:
Determine if your copy of the restore/windows cd is bootable, or your computer is setup to boot from CD at startup. Simply place the CD in the CD-Rom, reboot your computer and see if it tries to read the cd before starting windows. If, instead it reads something like the A: drive first, then you must change the boot-up sequence to CD-Rom first. This method varies by the type of motherboard you have. To enter your BIOS to change the settings use either F1 or Del. These are the two mostly used ways of entering, if that’s not doing it, it should say what key to press to enter bios setup. Look for the option Boot, they should be presented like Floppy Disk; Removable Devices, CD-Rom, Hard Drive etc. If its an older motherboard, they are identified totally different, you will have to look up the sequences online. Once you have changed these and place CD-Rom at the top by usually using the + and - keys on the number pad to your right, save the settings and reboot. If it does not pickup the CD-Rom and ask you for various operations, then the CD is not bootable, which is where a boot disk comes in. If the CD is not bootable, make sure to set the boot first priority to Removable Devices or Floppy Disk.
Any asterisk that is provided means the steps are used in conjunction with each other.
Restore CD’s
1) Place the Restore CD into the CD-Rom once you have determined that its bootable
2) You will be given a list of various options for restoring. Make sure you choose something like Clean Restore, they should provide descriptions of each.
3) Just follow the required steps for installation, its all self-explanatory with a restore CD.
4) If the Restore CD does not provide any means of a clean install, just a over ride of the current windows install, follow the below methods up to format it.
Booting From a Floppy **
1) Grab yourself a bootable floppy disk at http://www.bootdisk.com designed for Win9X. Any will work just as long as it provides access to DOS and CD-Rom activity.
2) Provide a 1.44MB floppy disk that is not needed and install the boot disk files to it.
3) Place the floppy disk in the floppy drive and restart.
4) Once its reading the floppy a menu will come up and ask if you wish to boot with CD-Rom support, choose the option to boot into this mode.
Windows 9X Non-Bootable CD(**)
1) You will be given a command line interface, depending on what your default drive letter is, it would look something like C:>, if its A:> simply type in C: and hit enter.
2) Simply issue the command format C: where C: would be the default letter of the drive. It will ask you for confirmation, just type Y.
3) The formatting phase will start, it could take a while depending on the size of the hard drive.
4) Once finished, it will prompt you for a volume name, which simply is what the hard drives label will be, its not necessary but you may enter something if you wish.
5) Now, you will be dropped back into a C:> prompt. Enter in the Win9X CD to the CD-Rom.
6) You must now drop into the CD-Rom drive to issue commands from it. To do this simply type in D: or whatever drive letter has been assigned to the CD-Rom
7) Once it shows up as D:> type in Setup and the setup phase will initialize, just follow the simple steps and you will make it.
Windows 9X Bootable CD
If the CD is bootable, then you will be given similar options that a floppy boot disk would provide. Make sure to startup into DOS with CD-Rom support. Do not startup from hard drive or this will just load your current OS. Just use the above methods once you have chose to startup into DOS. Then follow the required steps provided when you are in the command prompt.
NOTE: Be sure that you have the correct drivers for your machines specifications or you will come across a lot of driver problems.
Windows 2K/XP Non-Bootable CD w/ Win9X Boot Disk (**)
1) Once you have got the DOS prompt in front of you issue the fdisk command
2) You will be asked “Do you wish to enable large disk support?” type in Y. This simply allocated all the possible space for large sized hard drives.
3) We must determine the type of file system you have. Choose the option “Display partition information”
4) Look under the tab labeled “Type” if it is FAT32 then it will be a DOS partition, if its NTFS then its a Non-DOS partition.
5) Hit Esc to go back to the first options
- If it was NTFS choose the option “Delete Non- DOS Partition” which is option 3.
- If it was FAT32 choose “Delete Primary DOS Partition” which is option 1
5) Next you will be asked to enter the number of the partition, which is will probably be 1, unless you have two hdd installed. If you are not sure which one is which, the default selected partition will be the one your windows is installed on, so choose that one.
6) It will ask you for the volume label, if there is even one entered, them type it in as it should be typed.
7) Now, it will ask you if you are sure you want to delete this partition, type Yes.
8) It will now tell you that the partition has been deleted, hit Esc to continue.
9) You have the list of options at your view again. Choose “Create DOS Partition or Logical Drive”.
10) Now choose “Create Primary Dos Partition”
11) It will now ask you if you wish to enable the full size of the HDD for that partition and make it active, choose Yes.
12) It will create the partition, it might take a little while, but not long. Once this is done, it will ask you to restart your computer.
13) Restart with the boot disk inserted, get back into DOS Prompt and now type in format C:
14) Once its done formatting and you have optionally entered a volume name, enter the Win2k/XP CD into the CD-Rom.
15) Browse to the assigned CD-Rom drive letter by simply typing D: where D would be the drive letter
16) Now type in the following: “cd i386” and it should drop you into something like D:/I386
17) Now type in “winnt” and the setup phase should startup, just follow the required steps.
Windows 2K/XP Bootable CD
1) When you startup with the CD entered, it should say “Press any key to boot from cd” or similar.
2) It will load all the necessary files to give you a graphical users interface for the setup, instead of a DOS based environment.
3) It will ask you if you wish to install Windows XP to press Enter, so do so.
4) Now comes the license agreement, simply press F8 to move on.
5) You will see your partitions, choose the one you wish to install 2K/XP to then press Enter
NOTE: If you wish to delete the current partition and recreate it, then simply press D, Enter, then L to the next given screens then choose this as the partition you wish to format and install.
6) Now you will get a list of options to to format the file system. Choose “Format the partition using the NTFS file system”
7) Now it will format and copy the required files to startup the setup once you reboot. A warning will popup telling you its about to reboot.
8) Let it reboot and do not press any keys and wait for it to reboot, the Windows XP logo will show up and then initiate the rest of the setup

You should print this out so you may refer to it when needed.

Read More

Apache DoS Explantion

Introduction
If you are experiencing threats to knock out your web servers, which run Apache as the server, are most likely to be hit with the program that I originally wrote, and exploit I discovered. I’m sure that many others have found this exploit, as no one truly is the only discoverer of an exploit. Some just do not open up the facts to other people. I have keep this a secret for quite some time, as many others would. That is why you never find programs like this to do such powerful things. The people on yahoo who say they made it, are full of it. I know of one person who made it, which released the source and now everyone’s saying they made it. These idiots on yahoo say “Well, it connects and disconnects a bunch and causes a page fault in apache”, which was what some idiot said who claims he made it—To bad you’re completely wrong, read and learns something.
Recently, many people have been remaking my original version of the Apache DoS. It was not intended to be released to as many people who have to this day. I sent it to only a couple people, in which I thought I could trust. Of course, they sent it out to others, which in the end was distributed beyond belief. Now that others have been remaking the program, they will be released it to all of their friends, and the chain will continue to be extended. I really noticed the problem when someone (I will not mention his name) started threatening for a certain host for money, if they did not pay up, he attacked the servers. You know what happens when you start doing that? The issues start to get more serious, people start getting in trouble, and companies start to keep a stronger eye on the servers. You will get caught and once you do, who are you going to blame? Can’t blame me, I did not do it, you will have to blame yourself.

The Problem with Apache
Though Apache is said to be the best around. It seems to have a hard time with DoS attacks of all sorts. You can set up Apache to detect the incoming attacks by logging SYN requests, not just your average HTTP requests, but actually preventing them through Apache is useless. There are no modules inside of Apache (that I know of) that will allow anyone who has established more then one connection to be automatically banned or disconnected. With that being said, the space for a DoS is very wide.
You can simply max out the connections allowed by Apache. Once you have maxed out these connections, the server will be rendered useless, generating an error such as (taken directly from a default installation of Apache 2.0 for Win32) :
[Fri Apr 09 19:59:06 2004] [error] [client 192.168.0.100] client sent HTTP/1.1 request without hostname: /
[Fri Apr 09 19:59:14 2004] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
If you were to check your access logs, you would see one attempt from the 192.168.0.100 is get / http/1.1” 400 312.  This is suspicious activity, definitely not from a web browser. A web browser would send something like “GET / HTTP/1.1” 200 1672. As you can see the responses are not only different (400 312) but the request GET is not capitalized. I know this may not be a lot to work from, but this is a way to suspect suspicious activity against your web server, such as someone just telneting to it and manually sending the commands, up to a DoS.
The logs may vary. It depends on how you have Apache setup. But, this is the default for Apache 2.0 for Win32.
Solutions
Now that you have a general idea of what is happening, you probably would like to know “How the hell do I stop this?”. Well, there are many solutions for the problem. Though, not many of them will do everything for you, as you would probably want. It will still take some monitoring, which all sys admins should take the time to do. No one just puts a server up, lets it sit there and do its thing with out being monitored.
1. You may setup the Apache logs to pick up SYN connections (Help Documents). Do this! It will show each attempted connection, which will obviously show you an attack of any type through DoS.
2. Use a basic Intrusion Detection System (IDS) like Snort. Set it up correctly and you can monitor everything coming in and out of your servers. Its a lot more advanced then simple SYN logs. You can setup various rules to detect all sorts of possible attacks. This is the best IDS known.
3. You may even use a netstat type of program, which will show you your current connection activity. It will show the attackers IP address just flying across the netstat logs. This is obviously an attempt to DoS attack either your web server, or your machine in general. Simply block that IP address, even its IP range to stop further attacks.
4. Setup a firewall. Whether its an Linux hardware firewall (Tutorial by Optikwon), generic software firewall for windows like Sygate or Kerio, IPTables is all you need for Linux/Unix, if setup correctly, or even a router. Just get something that will block attacks like we have discussed.
5. Now, if you are not wanting to do either of the above and want Apache to detect the attacks, and automatically block the IP, check out DosEvasive. This add-on for Apache 1.3 and 2.0 which will create types of protection against users connecting more then 50 times, and even different kinds of brute force attacks! I have not personally tested it, but it looks very promising.
6. You can grab a few tools that will restart your server if something critical has happened, such as this DoS. It will simply ban them, (using DosEvasive) restart the service and no more threats from that originating IP.
7. If none of these solutions work for you, then wait for the latest version of Apache to be released. They are aware of this vulnerability and it will be patched with the next release of Apache.
That concludes the article on Apache DoS. Hopefully now people can protect themselves more, rather then being wide open to attacks. For a killer combination, use all of these methods together and you should be pretty safe. Keep in mind, that no one is safe from a DDoS, which can render anything useless with enough random attacks.

Read More

Are You Secure?

So, the question I’m asking you is Are You Hackable? If you read the following, you should get a good idea whether your computer is secure or not. People say that any person is hackable, which I do not agree with. There are certain standards you must meet to be hacked. I am not talking about remote crashing and such, I am talking about getting rooted. That is much more worse then just a simple error saying you must restart etc. Which can just be patched. Keep in mind, this is not talking about Web Server side hacking.
Windows 95/98/ME
Well, as we all know it, these are by far the worst Windows off of the 9x system ever made. The problem with Windows 9X is the way the kernel processes data with the CPU. Instead of just ending a task, closing it out, terminating it, freeing any possibility of lockup from that program, it will instead continue processing the data, eventually killing your RAM and the whole PC will either blue error screen about “Your computer is busy, press any button to continue.” or just straight up lockup. Another bad thing about Win9x is the authentication is uses to protect the PC from anyone logging on. There really is no protection at all. Simple cancel from the login box, delete the users .pwl file and re-make it if you really must. Another, is the fact it is based off of FAT32. I will cover this is a new article some time.
Where 9x lacks stability, it increase in security. Why do I say this? Because Win9X does not come with any remote services installed by default. Services can allow an attacker methods of getting inside of the PC, hence open port. If you do not have File Sharing Enabled through NetBIOS, then you should not worry about being rooted by a direct attack. You can be tricked into accepting a Trojan, which a program like The Cleaner can scan for this ( http://www.moosoft.com ). I am not saying that you are 100% protected with just an installation of Win9X. I still recommend a firewall or router to protect yourself from the internet in general, not just malicious attackers. With all this viruses and worms going around, it would be wise to have something to stop there attempts to upload through shares etc.
If your PC is running slow or sluggish, this is the sign of a possible Trojan, virus, or just a lot of unneeded programs running in the background. You may check your processes by pressing Control+Alt+Del one time. If you are running well over 10 processes, I believe this is way to many. With Windows 9x, you should only have explorer and systray loaded, unless you have a program that loads for your video card or sound other then a SysTray. You should be very cautious of what these processes do. You may get a program called Ace Utilities ( http://www.acelogix.com ). It has a built in Startup Manager which allows you to see what starts up and also can attempt to indemnify unwanted processes. Simply uncheck the ones you are not sure what they do, or do a Google search on each standalone process. You will find all of the information you need.
If you are curious as to what ports are open, run my port scanner on your PC and use the Description Ports so that it may tell you what the possible open port is. Get it http://www.moorer-software.com/PortScanner.exe. If you have 139 open, then you should turn this off. In order to do this do the following:
1) Right click on My Network Places
2) File and Print Sharing
3) Uncheck mark anything selected, to make sure this is not enabled.
4) Remove the File sharing protocol from the list.
I can not stress more that if you have NetBIOS enabled, and shared files out, a user may simple issue \\YOURIP and see the shared files, if prompted for a password there are many tools out there to brute force the SMB Logins. A lot of Win9x users do not supply strong passwords. So, always keep a good password if you have NetBIOS enabled. With Windows 9X, you ONLY must supply a password, there are no need for any usernames. This is another reason the authentication is horrible. There has been known exploits, such as the short password vulnerability where the user only needed to supply like the first 3 digits of the password and they have access.

Windows 2000/XP
The most stable and reliable Windows OS would have to be anything based off of the NT kernel. Being Windows 2000/XP/2003, if you startup you will notice “Built off NT technology.” Which is a good thing. When I mentioned how 9X does not kill the process directly from the memory, making it unstable, win2k/XP allow this process to be killed, once killed it is directly taken out of the memory and RAM is freed up. Also, the priority of the CPU Usage is not randomly thrown around to each process, like in Win9X. You may actually set the priority for how much CPU Usage you want the application to consume.
Now, this is the most vulnerable OS for windows, default out of the package. You must do a lot of modifying to the OS before you achieve decent security. Why is this so? Well, because of the all the remote services running on the machine, for administration and networking reasons. Since this OS is designed for the work environment there will be a lot of features like this enabled. If you want a full list of services and descriptions go to http://www.blackviper.com/WinXP/service411.htm. This guy did an awesome job of describing whether or not the service may be shut down and such. The ones that I recommend to be set to manual, for security reasons, are the following:
Help and Support
Indexing Service
Messenger
NetMeeting Remote Desktop Sharing
Remote Access Connection Manager
Remote Access Auto Connection Manager
Remote Registry
Telnet
Terminal Services
Universal Plug and Play Device Host
Each one of these can allow access if not root access into your PC. Most of these services are enabled by default. So, in order to disable them, do the following:
1) Start—> Run—> compmgmt.msc /s
2) Services and Applications
3) Services
4) Right click on each service
5) Go to properties
6) Set the Startup Method to manual for each service you wish to stop at re-boot.
7) Hit apply then stop.
Once these have been disabled, your PC should be a lot more secure over the internet. Now, if you are wanting to stop even more services that are not needed, read that link that I provided above..
There are so many vulnerabilities inside of NetBIOS enabled 2k/XP machines. Things such as the null ipc exploit, which can trick the remote machine into thinking its an authenticated session. Once the user establishes a remote connection to the IPC$ share, they can retrieve things like usernames, groups, shares, services, registry information and so forth. Some people ask why this is such a problem, well let me tell you exact what the person could do. If they successfully retrieve the users, groups, shares and so forth, they are just in the process of what they are about to do. They are doing simple vuln. testing steps. Look at the screenshot below of what it can look like for a vulnerable user:
http://www.moorer-software.com/screenshots/nipc.jpg
With this information, an attacker can possibly grab more information to help then get into your PC. You can see all the information that is given about the users. Sometimes a user places there password inside of the Full Name, whether its backwards, plain text, or a phrase. It is possible and I have seen them do such things before. So, how do I stop people from establishing a null session to me?
We will need to set the permission to who can access the IPC$ share. I created a simple registry file, so if you have no knowledge in this area, just simple execute it.
Windows 2000:
http://www.moorer-software.com/regs/null%20win2k.reg
Windows XP:
http://www.moorer-software.com/regs/null%20xp.reg
Another really nasty exploit, that has been released recently is the RPC exploit. A user can completely root your PC, having administrator access inside of a shell. The way to disable this, without the need of any patches, is to completely disable the DCOM, which it uses to access the PC.
http://www.moorer-software.com/regs/dcom.reg
Disabling NetBIOS is a must also, if you have no need for it. The method is a little different this time.
1) Start—> Control Panel—> Network Connections—> Local Area Network 1 ( depending on how many NICs you have and which one uses the net )
2) Right click on it and go to Properties
3) Double click on TCP/IP
4) Go to Advanced
5) Click on the WINS tab
6) Disable NetBIOS Over TCP/IP then just hit ok as needed.
If you decide to enable NetBIOS, make sure to turn off the automatic creation of the Administrators shares ( C$, D$ etc. ). This is the number one checked share on a remote PC for an attack, since he can have root access to your files. Also, rename your Administrator account to something different then “Administrator” or “Admin”. An attacker who use going to run brute force attacks through NetBIOS will target Administrator, since this is the power users account. Keep a good strong password, do not use simple letters or words. The fact that without a firewall, or anything to monitor you, when a NetBIOS attack is launched, the Event Viewer can view the incorrect logins, but not the origin of the attacks, just the username/pass attempted. This makes it very hard to track the person. So, a firewall to monitor the 139 TPC/UDP ports. Something to look into is called IPSec which can block/limit access through ports, very good for protecting open ports, or limit them.
These are just basic exploits that people could run against you, definitely, MOST definitely not the FULL list. I do not want to cover it ALL. I think you have the basic idea of why you should protect the idea.
Firewalls and Tools
To check what ports are opened, you can either get my MooreR NetStat, which will show you which processes are assigned to each port. If you do not like that want, get the Foundstone software called FPort. It is very awesome. If you want a good firewall, get Sygate. This program is awesome, has the built in options to see the running ports and processes. It is a very good and stable firewall, no exploit have been known to get around it. Linux has been known to be the best firewall if you install it on a machine that you do not use. I’ve herd that its so powerful it can do features such as disable host resolving. If you’re not able to do this, and you do NOT have dial up, get a router with a good built in firewall. It is by far the best option for a firewall.
You might ask yourself why a router is better then a software firewall? If you use a software firewall, everything is going through your connection, directly to the firewall log, you just can not see it. So, if you are to flood the software firewall so much that the log can not keep updating itself fast enough, it could lock up or freeze, possibly crash the kernel. With a router, this is not the situation. You hook your broadband connection into a router, the router filters all the traffic out before it hits your computer. The logging inside the router is all hardware based, in order to crash a router with packets, it will more then likely have to be a DDoS, but even those are highly unlikely to crash the built in firewall.

There are many more problems out there that I might of not addressed to you. This should give you a basic understanding..
I may add onto this later.`

Read More

Advanced NetStat Usage

What is NetStat?
Netstat is a tool that has been included with windows ever since at least 95/NT 3.5 (UNIX/Linux has it also). It was designed to do a lot more then just monitor your connections, but that is what most people use it for, or to at least watch who has been established to your computer. That is why I am writing this article is for people who are curious on how to take that one step further and make the most out of it.
Why would I use NetStat?
Well, suppose you do not have a firewall, but you need something that can monitor your connectivity while you are away. Believe it or not, NetStat is the perfect command for you. Once you read up this article you will see just how powerful NetStat is. So, lets get started. I will include generic scenario for each use of NetStat.
Global Step (Applies always before each next step to each scenario)
First thing you will do is open up my command prompt, if you are on an NT based machine, open up “cmd” not “command”.
Scenario 1
Someone has been flooding my network, taking out my web servers and just reeking havoc in general. I want to be able to monitor this person and what they are doing. But, I am not going to be around my machine while they are attacking me. So, the answer is simple.
1. We must tell NetStat to keep a log file for us, so we can check it when we get home, but we want it to be continuous so its constantly monitoring it, much like a simple IDS. So, type in the following
“netstat 10 > conlog.txt”
First we type in the basic command NetStat, then we want to have it refresh itself every 10 seconds so we have a pretty accurate log when we come home. Next we use the command to dump your commands to a text file after its been successfully executed. That is what the “> conlog.txt” is doing. Now you can specify that to any directory, such as “c:\log.txt” or whatever base folder your command prompt is set to, such as “C:>”.
Now, if you are wanting to just view the IP address of the user and not the actual host names, simply do a little addition to the command. Use the command netstat -n. This tells NetStat to use the numerical values of the hostname aka IP address. It is a lot cleaner this way, since some host names are enormous once converted, it makes the logs sort of hard to read. If you wish to filter the attacks out by what protocl they are using (TCP/UDP/ICMP) simply issue the command “netstat -p tcp”. You can replace tcp with udp or icmp.
Scenario 2
My network has been acting up lately. I believe that maybe we have a worm or some type of machine that has been trojaned as a DDoS bot. I have to monitor these statistics for the machines. Preferably each machine.
The first step to doing this is the be able to see how much data is going on and coming in. Which would be considering Interface Monitoring because its monitor your Network Interface Card (NIC). You will want to keep a log of this also, so you can see how much information is being sent through and into your NIC. The first thing we would want to do is tell netstat to monitor these statistics as followed:
“netstat -e 10 > activity.txt”
This will update the Interface statistics every 10 seconds to the file activity.txt so we can check it when we get home. You will notice a dramatic increase in times, or a constant flow of data while there should be none. Always check the “Received” and “Sent”. If the Sent is much larger than received then we know that something is going on our network. Now, if you are wanting to see more advanced statistics, you can use the command “netstat -s” and this will display a lot more information on your connection which will be able to determine if something’s going on.

Scenario 3
You’re not to worried about DoS and DDoS attacks being sent from your machine without you knowing it (aka Zombie). But, you are really worried about a Trojan being remotely uploaded to your machine, or even worse, a program you use all the time is establishing odd connections but you are not sure if these connections are assigned to that port. Netstat will be able to tell you what process is assigned to what port.
Before we get started, you will need a tool called TaskList, which can be downloaded Here, it comes with XP Professional. It should work for any NT machine once downloaded. Make sure to place it in your system32 folder, so you can call it globally from any folder you are browsing in command prompt.
First we will type in “tasklist” in the command prompt. You will see a bunch of process names, and next to that you will see numbers. These numbers are uniquely given ID’s for that process, called a PID (Process Identification). Now, I would recommend dumping it to a text file on your desktop or somewhere you have quick access to, so it would look like
“tasklist > pids.txt”.
Now, we have the process and PID’s next to it, so we know what each PID is assigned to. Now, its time to load up that trusty netstat! In the command prompt, I want you to type out
“netstat -no > cpids.txt”
This will dump the statistics for each established connection using numerical form, but this time it will display the PID next to it. Now, simply open up each text file and compare them. See which process is using that connection by determining the PID is for that process. Once you have determined that something is suspicious or just normal, you can choose what to do. If you have XP Pro, you can use the command “tskill” which will allow you to kill a process by its PID. You may or may not want to do this if you find something suspicious.
This concludes the NetStat article. I hope you learned something and can now use NetStat to your benefit.

Read More