I hate to copy other blogs but I found a great reference on the open source weblog for anyone who uses TCPDump. This great reference is put out by the SANs institute as a TCPDump pocket reference guide. The reference consists of a two page printout that contains valuable information on processing the output of any network dump.
Wednesday, May 11, 2005
Monday, May 09, 2005
Command Line: find
One of the most valuable commands at your fingertips when using Linux or Unix is the find command. This versatile command can be used for a variety of tasks, from listing the contents of a directory or filesystem to indexing your entire filesystem. Find can be difficult for the novice to master, especially when there is no instruction available. The man pages don't really show the friendly side of the system:
Some basics to find are as follows:
A simple find command will list all files and folders recursively in your current working directory (CWD):
The second argument to find is the path, which, if blank, is assumed to be your CWD, as shown previously. You can also explicitly give the path:
From the man page, we can see that after the path, we can give find an expression. This is where most people have trouble when starting out. The tendancy of most people is to limit themselves to a regular expression-type of expression when the bigger picture is that the expression possibilities are immense. Take the following, for example:
As you can see, this command listed all of the directories in the filesystem by the name of sbin. The -type command was used to specify the type of file to find, in this case it was a directory. The options available are:
The two most used are going to be the file and directory options. The next option used was the -name option, which can be used to specify the name or a part of a name to search for. You can use a wildcard to find variations, since the '-name bin' option will not find 'sbin' or 'bind', but '-name *bin*' will find all of them. Note that using the -regex option can be very complicated, so it is easier to use the '-name' option and possibly a wildcard or two.
While these few options are enough to get you started, they are nowhere near tapping the resources of this powerful command. I recommend exploring and using this command frequently, as it will make your CLI experience much more rewarding!
FIND(1L) FIND(1L)
NAME
find - search for files in a directory hierarchy
SYNOPSIS
find [path...] [expression]
Some basics to find are as follows:
A simple find command will list all files and folders recursively in your current working directory (CWD):
secondary ~ # find
.
./bin
./bin/update-today
./bin/httpd-block
./.rnd
./.ssh
./.ssh/known_hosts
./.keep
./index.html
./.viminfo
./.bash_history
./.maildir
The second argument to find is the path, which, if blank, is assumed to be your CWD, as shown previously. You can also explicitly give the path:
secondary ~ # find .
.
./bin
./bin/update-today
./bin/httpd-block
./.rnd
./.ssh
./.ssh/known_hosts
./.keep
./index.html
./.viminfo
./.bash_history
./.maildir
From the man page, we can see that after the path, we can give find an expression. This is where most people have trouble when starting out. The tendancy of most people is to limit themselves to a regular expression-type of expression when the bigger picture is that the expression possibilities are immense. Take the following, for example:
secondary ~ # find / -type d -name sbin
/usr/sbin
/usr/local/sbin
/sbin
As you can see, this command listed all of the directories in the filesystem by the name of sbin. The -type command was used to specify the type of file to find, in this case it was a directory. The options available are:
-type c
File is of type c:
b block (buffered) special
c character (unbuffered) special
d directory
p named pipe (FIFO)
f regular file
l symbolic link (never true if the -L option or the -follow option is in effect, unless the
symbolic link is broken).
s socket
D door (Solaris)
The two most used are going to be the file and directory options. The next option used was the -name option, which can be used to specify the name or a part of a name to search for. You can use a wildcard to find variations, since the '-name bin' option will not find 'sbin' or 'bind', but '-name *bin*' will find all of them. Note that using the -regex option can be very complicated, so it is easier to use the '-name' option and possibly a wildcard or two.
While these few options are enough to get you started, they are nowhere near tapping the resources of this powerful command. I recommend exploring and using this command frequently, as it will make your CLI experience much more rewarding!
Thursday, May 05, 2005
Spam Increase due to Bebo.com
I have noticed a marked increase in the amount of spam that I get since my sister tried to sign me up for the Bebo.com experience. Since they now have control of her hotmail address book, it only makes sense that they would spam everyone in it, including me. The sad part is that most of the spam I am getting now is "adult" related. I have never received much spam and I am very careful with my email addresses. Now I am receiving 3-6 messages each day that I believe are a direct result of Bebo.com. It just takes one person who doesn't have a clue to ruin it for you.
Please do not use Bebo.com.
Please do not use Bebo.com.
Reporting Bebo.com to Microsoft
After the Bebo.com episode a few days ago, I reported it to abuse@hotmail.com. This morning I received an automated reply stating that I need to send a hotmail addressed email to them. They are evidently not the right people to be notifying about the scandal that Bebo.com is running. The email is as follows:
--------------------------
This is an auto-generated response designed to answer your question as quickly as possible. Please note that you will not receive a reply if you respond directly to this message.
Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to:
abuse@hotmail.com
>>>>>> To forward mail with full headers
Using Hotmail:
1. Click "Options" to the right of the "Contacts" tab. The "Options" page appears.
2. Under "Additional Options", click "Mail Display Settings". The "Mail Display Settings" page appears.
3. Under "Message Headers", select "Full" and click "OK".
4. Forward the resulting mail to:
abuse@hotmail.com
Using MSN Explorer:
1. Open the message, and then click "More" in the upper right corner.
2. Click "Message Source". The message opens in a new window with all the header information visible.
3. Copy all the text and paste it into a new message. Send this message to:
abuse@msn.com
Using Outlook Express or Outlook:
1. On the unopened mail, place your cursor over the mail, right-click, and click "Options".
2. Under "Internet headers", copy the contents of the full header.
3. Open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to:
abuse@hotmail.com
If you're not a Hotmail member, consult the Help associated with your e-mail program to determine how to view complete header information. Then forward the message to:
abuse@hotmail.com
If the unsolicited junk e-mail or "spam" comes from a non-Hotmail account, you can send a complaint to the service provider that sent the mail. Make sure that you include full headers when you send your complaint.
In the full header, look at the last "Received" notation to locate what .com domain it came from. It looks something like:
[service provider domain name].com
Forward a complete copy of the message, including the full message header, to:
abuse@[service provider domain name].com
If the domain does not have an abuse service, forward your complaint to:
webmaster@[service provider domain name].com
All Hotmail customers have agreed to MSN Website Terms of Use and Notices(TOU) that forbid e-mail abuse. At the bottom of any page in Hotmail, click "Terms of Use" to view the Terms of Use document in its entirety.
Thank you for helping us enforce our TOU.
--------------------------
This is an auto-generated response designed to answer your question as quickly as possible. Please note that you will not receive a reply if you respond directly to this message.
Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to:
abuse@hotmail.com
>>>>>> To forward mail with full headers
Using Hotmail:
1. Click "Options" to the right of the "Contacts" tab. The "Options" page appears.
2. Under "Additional Options", click "Mail Display Settings". The "Mail Display Settings" page appears.
3. Under "Message Headers", select "Full" and click "OK".
4. Forward the resulting mail to:
abuse@hotmail.com
Using MSN Explorer:
1. Open the message, and then click "More" in the upper right corner.
2. Click "Message Source". The message opens in a new window with all the header information visible.
3. Copy all the text and paste it into a new message. Send this message to:
abuse@msn.com
Using Outlook Express or Outlook:
1. On the unopened mail, place your cursor over the mail, right-click, and click "Options".
2. Under "Internet headers", copy the contents of the full header.
3. Open the e-mail in question and forward a complete copy of the message, including the full message header you copied at the beginning of your message, to:
abuse@hotmail.com
If you're not a Hotmail member, consult the Help associated with your e-mail program to determine how to view complete header information. Then forward the message to:
abuse@hotmail.com
If the unsolicited junk e-mail or "spam" comes from a non-Hotmail account, you can send a complaint to the service provider that sent the mail. Make sure that you include full headers when you send your complaint.
In the full header, look at the last "Received" notation to locate what .com domain it came from. It looks something like:
[service provider domain name].com
Forward a complete copy of the message, including the full message header, to:
abuse@[service provider domain name].com
If the domain does not have an abuse service, forward your complaint to:
webmaster@[service provider domain name].com
All Hotmail customers have agreed to MSN Website Terms of Use and Notices(TOU) that forbid e-mail abuse. At the bottom of any page in Hotmail, click "Terms of Use" to view the Terms of Use document in its entirety.
Thank you for helping us enforce our TOU.
Tuesday, May 03, 2005
Identity Integrity: Bebo.com
This morning I received a very strange email from my sister asking me to update my personal contact information on Bebo.com. I was very skeptical that this email actually came from my sister, so I immediately emailed her to ask her if she had sent me the message. She replied saying that everyone she knows uses this thing and she lost her address book, so she would too. The message was as follows:
I did a little research on the Bebo.com website and was not able to find anything that would link them to Microsoft. I did some more googling and found that many people were receiving spam and were unhappy with how Bebo.com hijacked their hotmail password/account so I thought I would investigate this. The first step would be to create a throw-away email address with hotmail.
I created an account with hotmail called 'isthisbebo@hotmail.com'. This took a very short time, filling out each form with bogus information.
First name: bebo1
Last name: bebo2
...
etc...
...
The next step is to sign up with Bebo.com and try to find out where they link with hotmail. I then signed up with the username, 'isthisbebo'. The following information is requested about the person signing up:
The very next page shows a couple of text boxes which allow you to enter your hotmail email account and password so that Bebo.com can show you who IN YOUR ADDRESS BOOK is already in Bebo.com. Is that scary or what? This service is using people's email accounts to access address books. Why write a virus to do this, just create a website and ask people, they will give you their passwords!! I wonder if Microsoft condones this practice? The next step was to enter my hotmail email address and password and watch it go over the wire in the clear...which it did:
Email form:
Ethereal Capture:
In conclusion, Bebo.com is NOT integrated with hotmail.com. The practice that Bebo.com has started of trying to fool people into giving them their hotmail username/password is very disconcerting. I am going to warn my family and friends to be very careful when using this service and not give out other email addresses or passwords. If a hacker were to compromise this system, there is no requirement for them to disclose it to the users, as far as I know -- and they would have a valid email address with password for some users. Bebo.com also reserves the right to send spam to those on their lists.
HiAt this point I'm very worried that my sister may have fallen for a scam of some sort, so I tell her that I am concerned that she may be using Bebo.com for my personal data...and she replied that she would not. She also was under the impression that Bebo.com is part of hotmail. Now I was getting worried that Microsoft was pulling a fast one on people and trying to take over the world by combining Bebo.com with their webmail service -- but I hadn't seen it on the all knowing Slashdot yet.
I am updating my address book and it would be very helpful if you could click on the link below and enter your contact details for me:
http://www.Bebo.com/fr2/4247668a3779803b227582652c605356
I am using a new service that helps people stay in touch. It is only for direct friends and allows
you to privately exchange contact details and view one another's photos. You choose what to share.
Thank you for helping.
I did a little research on the Bebo.com website and was not able to find anything that would link them to Microsoft. I did some more googling and found that many people were receiving spam and were unhappy with how Bebo.com hijacked their hotmail password/account so I thought I would investigate this. The first step would be to create a throw-away email address with hotmail.
I created an account with hotmail called 'isthisbebo@hotmail.com'. This took a very short time, filling out each form with bogus information.
First name: bebo1
Last name: bebo2
...
etc...
...
The next step is to sign up with Bebo.com and try to find out where they link with hotmail. I then signed up with the username, 'isthisbebo'. The following information is requested about the person signing up:
| My Contact Details | ||
|---|---|---|
| First Name | ||
| Last Name | ||
| Date Of Birth | ||
| Gender | ||
| Country | ||
| Email Addresses | Home | |
| Work | ||
| Other | ||
| Phone Numbers | Home | |
| Work | ||
| Mobile | ||
| Postal Addresses | Home | |
| Work | ||
The very next page shows a couple of text boxes which allow you to enter your hotmail email account and password so that Bebo.com can show you who IN YOUR ADDRESS BOOK is already in Bebo.com. Is that scary or what? This service is using people's email accounts to access address books. Why write a virus to do this, just create a website and ask people, they will give you their passwords!! I wonder if Microsoft condones this practice? The next step was to enter my hotmail email address and password and watch it go over the wire in the clear...which it did:
Email form:
Add Friends
Request contact details from your own friends and populate your free address book.
| ||||||
| ||||||
Hotmail Users 
~ OR ~
| Copy and Paste the wording below into an email. Send the email to friends to request their contact details. You can send from either your Hotmail account and/or ANY other email account you may have. | ||
|---|---|---|
|
Ethereal Capture:
POST /WhosHere.jsp?Ran=289260571 HTTP/1.1
Host: bebo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://bebo.com/RequestDetails.jsp?NewMember=Y&Ran=507541617
Cookie: bdaysession=251377972379689953; Email=isthisbebo@hotmail.com; Username=isthisbebo; A=-1; G=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
ScraperTypeCd=H&Email=isthisbebo%40hotmail.com&Password=testing&OK=++OK++HTTP/1.1 200 OK
Server: Resin/2.1.16
Content-Type: text/html; charset=utf-8
Content-Length: 8888
Connection: close
Date: Wed, 04 May 2005 02:04:24 GMT
In conclusion, Bebo.com is NOT integrated with hotmail.com. The practice that Bebo.com has started of trying to fool people into giving them their hotmail username/password is very disconcerting. I am going to warn my family and friends to be very careful when using this service and not give out other email addresses or passwords. If a hacker were to compromise this system, there is no requirement for them to disclose it to the users, as far as I know -- and they would have a valid email address with password for some users. Bebo.com also reserves the right to send spam to those on their lists.
Monday, May 02, 2005
ISP Security
While researching ISPs lately, I came across an interesting concept on the website of Speakeasy where they will allow individual customers to be a mini-ISP with their netshare program. With this program, any customer who considers themselves competent can share their connection with others for profit and the customer is responsible for the actions of the users who they are sharing their connection with. If someone you happen to be sharing your connection with is downloading child porn or other illicit activity, you will be held responsible if you do not take care of it. Also, the system is designed for wireless connections, and the customer is responsible for the security of the configuration. It seems pretty un-safe to me to allow consumers who "think" that they are competent be responsible for the security of the information that their neighbors pass over the network! I think that there needs to be a qualification check in place to make sure that this doesn't get out of hand. Another caveat, the customer who administers the netshare program must provide tech-support for their users, which could be a big hassle if not properly managed.
Subscribe to:
Posts (Atom)