Wednesday, May 11, 2005

Resources: TCPDump Pocket Reference

I hate to copy other blogs but I found a great reference on the open source weblog for anyone who uses TCPDump. This great reference is put out by the SANs institute as a TCPDump pocket reference guide. The reference consists of a two page printout that contains valuable information on processing the output of any network dump.

Monday, May 09, 2005

Command Line: find

One of the most valuable commands at your fingertips when using Linux or Unix is the find command. This versatile command can be used for a variety of tasks, from listing the contents of a directory or filesystem to indexing your entire filesystem. Find can be difficult for the novice to master, especially when there is no instruction available. The man pages don't really show the friendly side of the system:



find - search for files in a directory hierarchy


find [path...] [expression]

Some basics to find are as follows:

A simple find command will list all files and folders recursively in your current working directory (CWD):

secondary ~ # find

The second argument to find is the path, which, if blank, is assumed to be your CWD, as shown previously. You can also explicitly give the path:

secondary ~ # find .

From the man page, we can see that after the path, we can give find an expression. This is where most people have trouble when starting out. The tendancy of most people is to limit themselves to a regular expression-type of expression when the bigger picture is that the expression possibilities are immense. Take the following, for example:

secondary ~ # find / -type d -name sbin

As you can see, this command listed all of the directories in the filesystem by the name of sbin. The -type command was used to specify the type of file to find, in this case it was a directory. The options available are:

-type c
File is of type c:

b block (buffered) special

c character (unbuffered) special

d directory

p named pipe (FIFO)

f regular file

l symbolic link (never true if the -L option or the -follow option is in effect, unless the
symbolic link is broken).

s socket

D door (Solaris)

The two most used are going to be the file and directory options. The next option used was the -name option, which can be used to specify the name or a part of a name to search for. You can use a wildcard to find variations, since the '-name bin' option will not find 'sbin' or 'bind', but '-name *bin*' will find all of them. Note that using the -regex option can be very complicated, so it is easier to use the '-name' option and possibly a wildcard or two.

While these few options are enough to get you started, they are nowhere near tapping the resources of this powerful command. I recommend exploring and using this command frequently, as it will make your CLI experience much more rewarding!

Thursday, May 05, 2005

Spam Increase due to

I have noticed a marked increase in the amount of spam that I get since my sister tried to sign me up for the experience. Since they now have control of her hotmail address book, it only makes sense that they would spam everyone in it, including me. The sad part is that most of the spam I am getting now is "adult" related. I have never received much spam and I am very careful with my email addresses. Now I am receiving 3-6 messages each day that I believe are a direct result of It just takes one person who doesn't have a clue to ruin it for you.

Please do not use

Reporting to Microsoft

After the episode a few days ago, I reported it to This morning I received an automated reply stating that I need to send a hotmail addressed email to them. They are evidently not the right people to be notifying about the scandal that is running. The email is as follows:


This is an auto-generated response designed to answer your question as quickly as possible. Please note that you will not receive a reply if you respond directly to this message.

Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to:

>>>>>> To forward mail with full headers

Using Hotmail:
1. Click "Options" to the right of the "Contacts" tab. The "Options" page appears.
2. Under "Additional Options", click "Mail Display Settings". The "Mail Display Settings" page appears.
3. Under "Message Headers", select "Full" and click "OK".
4. Forward the resulting mail to:

Using MSN Explorer:
1. Open the message, and then click "More" in the upper right corner.
2. Click "Message Source". The message opens in a new window with all the header information visible.
3. Copy all the text and paste it into a new message. Send this message to:

Using Outlook Express or Outlook:
1. On the unopened mail, place your cursor over the mail, right-click, and click "Options".
2. Under "Internet headers", copy the contents of the full header.
3. Open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to:

If you're not a Hotmail member, consult the Help associated with your e-mail program to determine how to view complete header information. Then forward the message to:

If the unsolicited junk e-mail or "spam" comes from a non-Hotmail account, you can send a complaint to the service provider that sent the mail. Make sure that you include full headers when you send your complaint.

In the full header, look at the last "Received" notation to locate what .com domain it came from. It looks something like:
[service provider domain name].com

Forward a complete copy of the message, including the full message header, to:
abuse@[service provider domain name].com

If the domain does not have an abuse service, forward your complaint to:
webmaster@[service provider domain name].com

All Hotmail customers have agreed to MSN Website Terms of Use and Notices(TOU) that forbid e-mail abuse. At the bottom of any page in Hotmail, click "Terms of Use" to view the Terms of Use document in its entirety.

Thank you for helping us enforce our TOU.

Tuesday, May 03, 2005

Identity Integrity:

This morning I received a very strange email from my sister asking me to update my personal contact information on I was very skeptical that this email actually came from my sister, so I immediately emailed her to ask her if she had sent me the message. She replied saying that everyone she knows uses this thing and she lost her address book, so she would too. The message was as follows:


I am updating my address book and it would be very helpful if you could click on the link below and enter your contact details for me:

I am using a new service that helps people stay in touch. It is only for direct friends and allows
you to privately exchange contact details and view one another's photos. You choose what to share.

Thank you for helping.

At this point I'm very worried that my sister may have fallen for a scam of some sort, so I tell her that I am concerned that she may be using for my personal data...and she replied that she would not. She also was under the impression that is part of hotmail. Now I was getting worried that Microsoft was pulling a fast one on people and trying to take over the world by combining with their webmail service -- but I hadn't seen it on the all knowing Slashdot yet.

I did a little research on the website and was not able to find anything that would link them to Microsoft. I did some more googling and found that many people were receiving spam and were unhappy with how hijacked their hotmail password/account so I thought I would investigate this. The first step would be to create a throw-away email address with hotmail.

I created an account with hotmail called ''. This took a very short time, filling out each form with bogus information.

First name: bebo1
Last name: bebo2

The next step is to sign up with and try to find out where they link with hotmail. I then signed up with the username, 'isthisbebo'. The following information is requested about the person signing up:

My Contact Details
First Name
Last Name
Date Of Birth
Email AddressesHome
Phone NumbersHome
Postal AddressesHome

The very next page shows a couple of text boxes which allow you to enter your hotmail email account and password so that can show you who IN YOUR ADDRESS BOOK is already in Is that scary or what? This service is using people's email accounts to access address books. Why write a virus to do this, just create a website and ask people, they will give you their passwords!! I wonder if Microsoft condones this practice? The next step was to enter my hotmail email address and password and watch it go over the wire in the clear...which it did:

Email form:

Add Friends

Request contact details from your own friends and populate your free address book.

Hotmail Users
Enter your Hotmail details below and we'll show you who's already using Bebo from your Hotmail Address Book.

Hotmail Email Address

Hotmail Password

~ OR ~

Copy and Paste the wording below into an email.
Send the email to friends to request their contact details. You can send from either your Hotmail account and/or ANY other email account you may have.
Need instructions on how to Copy and Paste? Click here

Ethereal Capture:

POST /WhosHere.jsp?Ran=289260571 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: bdaysession=251377972379689953;; Username=isthisbebo; A=-1; G=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 73

ScraperTypeCd=H& 200 OK
Server: Resin/2.1.16
Content-Type: text/html; charset=utf-8
Content-Length: 8888
Connection: close
Date: Wed, 04 May 2005 02:04:24 GMT

In conclusion, is NOT integrated with The practice that has started of trying to fool people into giving them their hotmail username/password is very disconcerting. I am going to warn my family and friends to be very careful when using this service and not give out other email addresses or passwords. If a hacker were to compromise this system, there is no requirement for them to disclose it to the users, as far as I know -- and they would have a valid email address with password for some users. also reserves the right to send spam to those on their lists.

Monday, May 02, 2005

ISP Security

While researching ISPs lately, I came across an interesting concept on the website of Speakeasy where they will allow individual customers to be a mini-ISP with their netshare program. With this program, any customer who considers themselves competent can share their connection with others for profit and the customer is responsible for the actions of the users who they are sharing their connection with. If someone you happen to be sharing your connection with is downloading child porn or other illicit activity, you will be held responsible if you do not take care of it. Also, the system is designed for wireless connections, and the customer is responsible for the security of the configuration. It seems pretty un-safe to me to allow consumers who "think" that they are competent be responsible for the security of the information that their neighbors pass over the network! I think that there needs to be a qualification check in place to make sure that this doesn't get out of hand. Another caveat, the customer who administers the netshare program must provide tech-support for their users, which could be a big hassle if not properly managed.