Alternate Data Streams… WARNING

I came across this issue today… thankfully my network environement security uses both eTrust and Tripwire, so this should not be a big problem here, but I think it’s should be watched for. Basically, this is a way to hide spyware or incriminating (hacker) tools by casting or forking the file into another file. The original size will show the same and even the actual running process is hidden from process explorers, the only thing that changes is the modification date. Also, this only runs on NTFS and moving the file to another file system will corrupt the hidden file. Read more »

Text Formatting Perl Script

Here is a pretty basic Perl script that will take a tab seperated file and format it accoring to the arguments you pass with the command. This script will only work if the file has three fields, but can be edited for more. I am working on a way to unlimit this using arrays, but have not found a working solution yet. Also, this script is protable to windows. Just edit the environment path to reflect where your perl executable is located. Code below: Read more »

Multiple host ping sweep Perl script

Here is one of the first Perl scripts I wrote at work.  I was tasked with verify host connectivity after some desktop patches were pushed out.  So instead of manually pinging each one, and I already had a text file with all the affected hostnames, I decided to put together a little script that would read from the text file and print out whether the host was up or down. 

So, for this to work you will need a file called hosts.txt with a list of hostnames or IP address.  Also, very simple shell script to read txt file into perl script.  I could have excluded the shell script and just used Perl to open the file and add each line to an array, which would loop thru and do the same thing… it is on my TODO, but as it is, this works fine, and there’s always another script that needs to be written.  Check it out. Read more »

Featured Site is Back UP

The featured site Networksecuritytech.com is back online… check it out… and hit it hard.  There is a lot of good content on there… same theme as my blog, but censored….

Certification study material

Here’s a nice site that I came across that provides study material.  I was able to request some free downloads… so check it out and learn something….

http://www.examforce.com/customer/home.php

Using Ettercap and Ethereal to Create MITM Attack on Switched Network

This is for educational purposes only!  Do not attempt this in any malicous way… or else.  I set this lab in a controlled environment using a Windows file server, Windows XP desktop, and my laptop runing Knoppix live CD.  In this lab I use Ettercap only for arp poison and spoofing, and I use Ethereal for the sniffing.  First of all, Read more »

Install MySQL Community 5.0 for use with Groundworks Foundation

Download MySQL server and client 5.0 from http://dev.mysql.com/downloads/mysql/5.0.html  I already had 4.0 MySQL installed, but did not have any database, so I removed  the 4.0 versions of server and client with rpm tool to install latest version. 

First check to see what is installed
#rpm -qa | grep -i mysql
qt3-mysql-3.3.1-35.11
perl-DBD-mysql-2.9003-22.1
mysql-shared-4.0.18-32.1
python-mysql-0.9.3b2-90.1 Read more »

Script and Procedure to Upgrade NIC Speed on Suse 9

After a few trial and error attempts to upgrade the NIC and port speed on several Linux servers running Suse Linux Enterprise Server 9 I have documented the procedure I follow to complete this successfully.  First of all, the port on the switch needs to be set at the speed that you want to configure the NIC at.  In this case, I’m am setting all of my servers to 1000/Full duplex. Read more »

TCPDUMP to Troubleshoot Oracle Cluster Issue

I have two Oracle servers that were clustered, however we broke the cluster in order to move one node at a time to a new comm room.  Now that we have have both nodes racked together again, we are having problems starting CRS to get the cluster to work again.  Node A is the main production machine and it appears to be able to see node B, however node B is not “seeing” node A.  This doc will focus on the sniffing areas.

Document when ethernet cards are the interconnect and ethernet cables on both machines.  On mine both nodes have the interconnect on eth1 and the network is on eth4. 

On node B run #tcpdump -i eth1 -p -vvv -XXX -w bnodeICsniff.pcap

On node B run #tcpdump -i eth4 -p -vvv -XXX host node A -w bnodeIPsniff.pcap

On node A run #tcpdump -i eth1 -p -vvv -XXX -w anodeICsniff.pcap

Once you or the Oracle DBA if finished attempting to build the cluster connection, you will have three files that can be pulled into Ethereal or Wireshark to dig thru and hopefully find an answer.  

Latest Virus Threats

31 Jan	W32/Sdbot-DJX
31 Jan	Mal/Renos-B
31 Jan	Mal/Padodor-B
31 Jan	JS/Dload-AZ
31 Jan	Troj/Dropper-TL
31 Jan	Troj/BatVfun-A