Earn Money

Sunday, November 30, 2014

How to send ANONYMOUS emails to someone without a prong ?

Welcome to Hacker-devil's guide on how to send ANONYMOUS e-mails to someone without a prong.

 I am Hacker-devil and i am going to explain ya a way to send home-made e-mails. I mean its a way to send Anonymous e-mails without a program, it doesn't take
to much time and its cool and you can have more knowledge than with a stupid program that does all by itself.

This way (to hackers) is old what as you are new by to this stuff, perhaps you may like to know how these anonymizes work, (home-made)

Well.....
Go to Start, then Run...
You have to Telnet (X server) on port 25

Well, (In this X server) you have to put the name of a server without the ( ) of course...
Put in iname.com in (X server) because it always work it is a server with many bugs in it.
(25) mail port.

So now we are like this.
How to send ANONYMOUS emails to someone without a prong ?

telnet iname.com 25

and then you hit enter
Then When you have telnet open put the following like it is written

hello

and the machine will reply with smith.

Notice for newbies: If you do not see what you are writing go to Terminal's menu (in telnet) then to Preferences and in the Terminal Options you tick all options available and in the emulation menu that's the following one you have to tick the second option.
Now you will see what you are writing.

then you put:

mail from:<whoeveryouwant@whetheveryouwant.whetever.whatever> and so on...
If you make an error start all over again

Example:
mail from:<askbill@microsoft.com.net>

You hit enter and then you put:

rcpt to:<lamer@lamer'sworld.com>
This one has to be an existence address as you are mailing anonymously to him.

Then you hit enter
And you type
Data
and hit enter once more

Then you write

Subject:wherever

And you hit enter

you write your mail

hit enter again (boring)

you put a simple:
.

Yes you don't see it its the little fucking point!
and hit enter
Finally you write
quit
hit enter one more time
and it's done

look:Try first do it with yourself I mean mail anonymously yourself so you can test it!
Don't be asshole and write fucking e-mails to big corps. bec' its symbol of stupidity and childhood and it has very very effect on Hackers they will treat you as a Lamer!

Really i don't know why i wrote this fucking disclaimer, but i don't want to feel guilty if you get into trouble....

Disc lamer:Hacker-devil is not responsible for whatever you do with this info. you can distribute this but you are totally forbidden to take out the "By Hacker-devil" line. You can't modify or customize this text and i am also not responsible if you send an e-mail to an important guy and insult him, and i rectally advise you that this is  for educational porpoises only my idea is for learning and having more knowledge, you can not get busted with this stuff but i don't take care if it anyway happen to you.  If this method is new for ya probably you aren't a hacker so think that if someone wrote you an e-mail "yourbestfirend@aol.com"  insulting you and it wasn't him it but was some guy using a program or this info you won't like it.so Use this method if you don't care a a damn hell or if you like that someone insult you.


By Hacker-devil

hackerdevil@iname.com
www.angelfire.com/ar/HDanzi/index.html


Anonymity Proxy servers and Anonymity Cookies Cruncher

I can see you hiding in the shadows over there and so can the logs of all the web sites, FTP servers and other nooks and crannies you visit on the web. The sort of information gathered by these logs and which is available to the webmasters of the sites you visit include the address of the previous site you visited, your IP address, your computer's ID name, your physical location and the name of your ISP along with less personal details such as the operating system you're using and your screen resolution. If someone was snooping through your dustbin to gather information on consumer trends or tracking your every move to see where it is you go everyday you wouldn't be too chuffed would you. Well the web is no different, it's still an invasion of privacy and a threat to security and you don't have to put up with it.
Anonymity Proxy servers and Anonymity Cookies Cruncher

Proxy servers:
Every time you visit a web site, detailed information about your system is automatically provided to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of consumer corporations who by tracking your activities on the internet are better equipped to direct more relevant spam at you. Your best defence against this is to use what is known as a proxy server, which will hide revealing information from the web sites you visit, allowing you to surf the web anonymously. These work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you 'ask' IE or Netscape to look at a web page, the request is first sent through an external server which is completely independent of your ISP's servers. This third party server then does the requesting on your behalf so that it appears that the request came from them rather than you and your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.

There are two different ways to use proxy servers and both have their advantages and disadvantages. The first method is to use a web based service. What this involves is visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you want to visit. Each time you enter the URL of the site you want to browse via the proxy into this box, your personal information, IP address and so on is first encrypted before being sent to the site allowing you to maintain your anonymity. Two of the best examples of this type of web based proxy service are Code:
hxxp://www.rewebber.com/
and hxxp://www.anonymizer.com/.

Obviously one disadvantage of using a web based service like Re-Weber or Anonymize, however, is that you have to visit the proxies home page each time you want to surf anonymously. You could choose to select this page as your default home page, but it's still quite awkward if you're forever site hopping at the speed of light. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted into the pages by the proxy - they have to pay for service somehow. More sophisticated and convenient solutions are also on offer yet they come with a price tag.

The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.

Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/

however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Re-Weber etc  free public proxies are nearly all over subscribed and so they can slow down web browsing considerably. Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.

One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'local-host' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'local-host' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealthier.

You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity


These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.

Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.


Anonymity - Cookies
One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser. If you then used Flash XP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!


Cookies:
You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customized settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts. This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.

The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called Kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like Kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' &gt; 'Internet Options' menu items.

If all this sounds like too much hassle, you can always find a lab our saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.

INTRODUCTION TO DENIAL OF SERVICE

A. INTRODUCTION~~~~~~~~~~~~~~~~
DENIAL OF SERVICE

A.1. WHAT IS A DENIAL OF SERVICE ATTACK ?


Denial of service is about without permission knocking off
services, for example through crashing the whole system. This
kind of attacks are easy to launch and it is hard to protect
a system against them. The basic problem is that Unix
assumes that users on the system or on other systems will be
well behaved.

A.2. WHY WOULD SOMEONE CRASH A SYSTEM ?

A.2.1. INTRODUCTION

Why would someone crash a system? I can think of several reasons
that I have presentated more precisely in a section for each reason,
but for short:

    .1. Sub-cultural status.
    .2. To gain access.
    .3. Revenge.
    .4. Political reasons.
    .5. Economical reasons.
    .6. Nastiness.

I think that number one and six are the more common today, but that
number four and five will be the more common ones in the future.

A.2.2. SUB-CULTURAL STATUS

After all information about syn flooding a bunch of such attacks
were launched around Sweden. The very most of these attacks were
not a part of a IP spoof attack, it was "only" a denial of service
attack. Why?

I think that hackers attack systems as a sub-cultural pseudo career
and I think that many denial of service attacks, and here in the
example syn flooding, were performed for these reasons. I also think
that many hackers begin their career with denial of service attacks.

.A.2.3. TO GAIN ACCESS

Sometimes could a denial of service attack be a part of an attack to
gain access at a system. At the moment I can think of these reasons
and specific holes:

    .1. Some older X-lock versions could be crashed with a
    method from the denial of service family leaving the system
    open. Physical access was needed to use the work space after.

    .2. Syn flooding could be a part of a IP-spoof attack method.

    .3. Some program systems could have holes under the start up,
    that could be used to gain root, for example SSH (secure shell).

    .4. Under an attack it could be usable to crash other machines
    in the network or to deny certain persons the ability to access
    the system.     

    .5. Also could a system being booted sometimes be subverted,
    especially rap-boots. If we know which port the machine listen
    to (69 could be a good guess) under the boot we can send false
    packets to it and almost totally control the boot.

.A.2.4. REVENGE

A denial of service attack could be a part of a revenge against a user
or an administrator.

.A.2.5. POLITICAL REASONS

Sooner or later will new or old organizations understand the potential
of destroying computer systems and find tools to do it.

For example imagination the Bank A loaning company B money to build a
factory treating the environment. The organization C therefor crash A:s
computer system, maybe with help from an employee. The attack could cost
A a great deal of money if the timing is right.

.A.2.6. ECONOMICAL REASONS

Imaginative the small company A moving into a business totally dominated by
company B. A and B customers make the orders by computers and depends
heavily on that the order is done in a specific time (A and B could be
stock trading companies). If A and B can't perform the order the customers
lose money and change company.

As a part of a business strategy A pays a computer expert a sum of money to
get him to crash B:s computer systems a number of times. A year later A
is the dominating company.

.A.2.7. NASTINESS

I know a person that found a workstation where the user had forgotten to
log out. He sat down and wrote a program that made a kill -9 -1 at a
random time at least 30 minutes after the log in time and placed a call to
the program from the profile file. That is nastiness.

.A.3. ARE SOME OPERATING SYSTEMS MORE SECURE ?

This is a hard question to answer and I don't think that it will
give anything to compare different Unix platforms. You can't say that
one Unix is more secure against denial of service, it is all up to the
administrator.

A comparison between Windows 95 and NT on one side and Unix on the
other could however be interesting.

Unix systems are much more complex and have hundreds of built in programs,
services... This always open up many ways to crash the system from
the inside.

In the normal Windows NT and 95 network were is few ways to crash
the system. Although were is methods that always will work.

That gives us that no big different between Microsoft and Unix can
be seen regardning the inside attacks. But there is a couple of
points left:

    - Unix have much more tools and programs to discover an
    attack and monitoring the users. To watch what another user
    is up to under windows is very hard.

    - The average Unix administrator probably also have much more
    experience than the average Microsoft administrator.

The two last points gives that Unix is more secure against inside
denial of service attacks.

A comparison between Microsoft and Unix regarding outside attacks
are much more difficult. However I would like to say that the average
Microsoft system on the Internet are more secure against outside
attacks, because they normally have much less services.

.B. SOME BASIC TARGETS FOR AN ATTACK

.B.1. SWAP SPACE


Most systems have several hundred Mb of swap space to
service client requests. The swap space is typical used
for forked child processes which have a short life time.
The swap space will therefore almost never in a normal
cause be used heavily. A denial of service could be based
on a method that tries to fill up the swap space.

.B.2. BANDWIDTH


If the bandwidth is to high the network will be useless. Most
denial of service attack influence the bandwidth in some way.

.B.3. KERNEL TABLES


It is trivial to overflow the kernel tables which will cause
serious problems on the system. Systems with write through
caches and small write buffers is especially sensitive.

Kernel memory allocation is also a target that is sensitive.
The kernel have a kernel-map limit, if the system reach this
limit it can not allocate more kernel memory and must be rebooted.
The kernel memory is not only used for RAM, CPU:s, screens and so
on, it it also used for ordinaries processes. Meaning that any system
can be crashed and with a mean (or in some sense good) algorithm pretty
fast.

For Solaris 2.X it is measured and reported with the start command
how much kernel memory the system is using, but for Sun-OS 4.X there
is no such command. Meaning that under Sun-OS 4.X you don't even can
get a warning. If you do use Solaris you should write sar -k 1 to
get the information. net stat -k can also be used and shows how much
memory the kernel have allocated in the sub-paging.

.B.4. RAM

A denial of service attack that allocates a large amount of RAM
can make a great deal of problems. NFS and mail servers are
actually extremely sensitive because they do not need much
RAM and therefore often don't have much RAM. An attack at
a NFS server is trivial. The normal NFS client will do a
great deal of caching, but a NFS client can be anything
including the program you wrote yourself...

.B.5. DISKS


A classic attack is to fill up the hard disk, but an attack at
the disks can be so much more. For example can an overloaded disk
be misused in many ways.

.B.6. CACHES

A denial of service attack involving caches can be based on a method
to block the cache or to avoid the cache.

These caches are found on Solaris 2.X:

Directory name look-up cache: Associates the name of a file with a v code.

I node cache: Cache information read from disk in case it is needed
again.

R code cache: Holds information about the IFS file system.

Buffer cache: Cache in code indirect blocks and cylinders to disk
I/O.

.B.7. INETD


Well once inetd crashed all other services running through inetd no
longer will work.


.C. ATTACKING FROM THE OUTSIDE



.C.1. TAKING ADVANTAGE OF FINGER


Most fingered installations support re-directions to an other host.

Ex:

    $finger @system.two.com
@system.one.com

finger will in the example go through system.one.com and on to
system.two.com. As far as system.two.com knows it is system.one.com
who is fingering. So this method can be used for hiding, but also
for a very dirty denial of service attack. Lock at this:

    $ finger @host.we.attack

All those @ signs will get finger to finger host.we.attack again and
again and again... The effect on host.we.attack is powerful and
the result is high bandwidth, short free memory and a hard disk with
less free space, due to all child processes (compare with .D.5.).

The solution is to install a fingerd which don't support redirections,
for example GNU finger. You could also turn the finger service off,
but I think that is just a bit to much.

.C.2. UDP AND SUN-OS 4.1.3.


Sun-OS 4.1.3. is known to boot if a packet with incorrect information
in the header is sent to it. This is the cause if the ip_options
indicate a wrong size of the packet.

The solution is to install the proper patch.

.C.3. FREEZING UP X-WINDOWS


If a host accepts a telnet session to the X-Windows port (generally
somewhere between 6000 and 6025. In most cases 6000) could that
be used to freeze up the X-Windows system. This can be made with
multiple telnet connections to the port or with a program which
sends multiple X Open Display () to the port.

The same thing can happen to Motif or Open Windows.

The solution is to deny connections to the X-Windows port.

.C.4. MALICIOUS USE OF UDP SERVICES


It is simple to get UDP services (echo, time, daytime, charged) to
loop, due to trivial IP spoofing. The effect can be high bandwidth
that causes the network to become useless. In the example the header
claim that the packet came from 127.0.0.1 (loop-back) and the target
is the echo port at system.we.attack. As far as system.we.attack knows
is 127.0.0.1 system.we.attack and the loop has been establish.

Ex:

    from-IP=127.0.0.1
    to-IP=system.we.attack
    Packet type:UDP
    from UDP port 7
    to UDP port 7

Note that the name system.we.attack looks like a DNS name, but the
target should always be represented by the IP-number.

Quoted from proberts@clark.net (Paul D. Robertson) comment on
comp.security.firewalls on matter of "Introduction to denial of service"

    " A great deal of systems don't put loop-back on the wire, and simply
    emulate it.  Therefore, this attack will only effect that machine
    in some cases.  It's much better to use the address of a different
    machine on the same network.  Again, the default services should
    be disabled in inetd.conf.  Other than some hacks for mainframe IP
    stacks that don't support ICMP, the echo service isn't used by many
    legitimate programs, and TCP echo should be used instead of UDP
    where it is necessary. "

.C.5. ATTACKING WITH LYNX CLIENTS


A World Wide Web server will fork an http process as a respond
to a request from a client, typical Netscape or Mosaic. The process
lasts for less than one second and the load will therefore never
show up if someone uses pc. In most causes it is therefore very
safe to launch a denial of service attack that makes use of
multiple W3 clients, typical lynx clients. But note that the net-stat
command could be used to detect the attack (thanks to Paul D. Robertson).

Some http:s (for example HTTP-gw) will have problems besides the normal
high bandwidth, low memory... And the attack can in those causes get
the server to loop (compare with .C.6.)

.C.6. MALICIOUS USE OF telnet

Study this little script:

Ex:

    while : ; do
    telnet system.we.attack &
    done

An attack using this script might eat some bandwidth, but it is
nothing compared to the finger method or most other methods. Well
the point is that some pretty common firewalls and http:s thinks
that the attack is a loop and turn them self down, until the
administrator sends kill -HUP.

This is a simple high risk vulnerability that should be checked
and if present fixed.

.C.7. MALICIOUS USE OF telnet UNDER SOLARIS 2.4


If the attacker makes a telnet connections to the Solaris 2.4 host and
quits using:

Ex:

    Control-}
    quit

then will inetd keep going "forever". Well a couple of hundred...

The solution is to install the proper patch.

.C.8. HOW TO DISABLE ACCOUNTS


Some systems disable an account after N number of bad log in , or waits
N seconds. You can use this feature to lock out specific users from
the system.

.C.9. LINUX AND TCP TIME, DAYTIME


Inetd under Linux is known to crash if to many SYN packets sends to
daytime (port 13) and/or time (port 37).

The solution is to install the proper patch.

.C.10. HOW TO DISABLE SERVICES


Most Unix systems disable a service after N sessions have been
open in a given time. Well most systems have a reasonable default
(lets say 800 - 1000), but not some Sun-OS systems that have the
default set to 48...

The solutions is to set the number to something reasonable.

.C.11. PARAGON OS BETA R1.4


If someone redirects an ICMP (Internet Control Message Protocol) packet
to a paragon OS beta R1.4 will the machine freeze up and must be
rebooted. An ICMP redirect tells the system to override routing
tables. Routers use this to tell the host that it is sending
to the wrong router.

The solution is to install the proper patch.

.C.12. NOVELLS NET-WARE FTP

Novells Net-ware FTP server is known to get short of memory if multiple
ftp sessions connects to it.

.C.13. ICMP REDIRECT ATTACKS

Gateways uses ICMP redirect to tell the system to override routing
tables, that is telling the system to take a better way. To be able
to misuse ICMP redirection we must know an existing connection
(well we could make one for our-self, but there is not much use for that).
If we have found a connection we can send a route that
loses it connectivity or we could send false messages to the host
if the connection we have found don't use cryptation. 

Ex: (false messages to send)

    DESTINATION UNREACHABLE
    TIME TO LIVE EXCEEDED
    PARAMETER PROBLEM
    PACKET TOO BIG

The effect of such messages is a reset of the connection.

The solution could be to turn ICMP redirects off, not much proper use
of the service.

.C.14. BROADCAST STORMS


This is a very popular method in networks there all of the hosts are
acting as gateways.

There are many versions of the attack, but the basic method is to
send a lot of packets to all hosts in the network with a destination
that don't exist. Each host will try to forward each packet so
the packets will bounce around for a long time. And if new packets
keep coming the network will soon be in trouble.

Services that can be misused as tools in this kind of attack is for
example ping, finger and sendmail. But most services can be misused
in some way or another.

.C.15. EMAIL BOMBING AND SPAMMING


In a email bombing attack the attacker will repeatedly send identical
email messages to an address. The effect on the target is high bandwidth,
a hard disk with less space and so on... Email spamming is about sending
mail to all (or rather many) of the users of a system. The point of
using spamming instead of bombing is that some users will try to
send a replay and if the address is false will the mail bounce back. In
that cause have one mail transformed to three mails. The effect on the
bandwidth is obvious.

There is no way to prevent email bombing or spamming. However have
a look at CERT:s paper "Email bombing and spamming".

.C.16. TIME AND KERBEROS


If not the the source and target machine is closely aligned will the
ticket be rejected, that means that if not the protocol that set the
time is protected it will be possible to set a kerberos server of
function.

.C.17. THE DOT DOT BUG

Windows NT file sharing system is vulnerable to the under Windows 95
famous dot dot bug (dot dot like ..). Meaning that anyone can crash
the system. If someone sends a "DIR ..\" to the workstation will a
STOP messages appear on the screen on the Windows NT computer. Note that
it applies to version 3.50 and 3.51 for both workstation and server
version.

The solution is to install the proper patch.

.C.18. SUN-OS KERNEL PANIC


Some Sun-OS systems (running ITS ?) will get a kernel panic if a
getsockopt() is done after that a connection has been reset.

The solution could be to install Sun patch 100804.

.C.19. HOSTILE APPLETS


A hostile applet is any applet that attempts to use your system
in an inappropriate manner. The problems in the java language
could be sorted in two main groups:

    1) Problems due to bugs.
    2) Problems due to features in the language.

In group one we have for example the java byte code verifier bug, which
makes is possible for an applet to execute any command that the user
can execute. Meaning that all the attack methods described in .D.X.
could be executed through an applet. The java byte code verifier bug
was discovered in late March 1996 and no patch have yet been available
(correct me if I am wrong!!!).

Note that two other bugs could be found in group one, but they
are both fixed in Netscape 2.01 and JD 1.0.1.

Group two are more interesting and one large problem found is the
fact that java can connect to the ports. Meaning that all the methods
described in .C.X. can be performed by an applet. More information
and examples could be found at address:
   
    http://www.math.gatech.edu/~mladue/HostileArticle.html

If you need a high level of security you should use some sort of
firewall for protection against java. As a user you could have
java disable.

.C.20. VIRUS


Computer virus is written for the purpose of spreading and
destroying systems. Virus is still the most common and famous
denial of service attack method.

It is a misunderstanding that virus writing is hard. If you know
assembly language and have source code for a couple of virus it
is easy. Several automatic toolkits for virus construction could
also be found, for example:
   
    * Genvir.
    * VCS (Virus Construction Set).
    * VCL (Virus Construction Laboratory).
    * PS-MPC (Phalcon/Skism - Mass Produced Code Generator).
    * IVP (Instant Virus Production Kit).
    * G2 (G Squared).

PS-MPC and VCL is known to be the best and can help the novice programmer
to learn how to write virus.

An automatic tool called MtE could also be found. MtE will transform
virus to a polymorphic virus. The polymorphic engine of MtE is well
known and should easily be catch by any scanner.

.C.21. ANONYMOUS FTP ABUSE


If an anonymous FTP archive have a writable area it could be misused
for a denial of service attack similar with with .D.3. That is we can
fill up the hard disk.

Also can a host get temporarily unusable by massive numbers of
FTP requests.

For more information on how to protect an anonymous FTP site could
CERT:s "Anonymous FTP Abuses" be a good start.

.C.22. SYN FLOODING


Both 2600 and Phrack have posted information about the syn flooding attack.
2600 have also posted exploit code for the attack.

As we know the syn packet is used in the 3-way handshake. The syn flooding
attack is based on an incomplete handshake. That is the attacker host
will send a flood of syn packet but will not respond with an ACK packet.
The TCP/IP stack will wait a certain amount of time before dropping
the connection, a syn flooding attack will therefore keep the syn_received
connection queue of the target machine filled.

The syn flooding attack is very hot and it is easy to find more information
about it, for example:

    [.1.] http://www.eecs.nwu.edu/~jmyers/bugtraq/1354.html
    Article by Christopher Klaus, including a "solution".
   
    [.2.] http://jya.com/floodd.txt
    2600, Summer, 1996, pp. 6-11. FLOOD WARNING by Jason Fairlane

    [.3.] http://www.fc.net/phrack/files/p48/p48-14.html
    IP-spoofing Demystified by daemon9 / route / infinity
         for Phrack Magazine

.C.23. PING FLOODING


I haven't tested how big the impact of a ping flooding attack is, but
it might be quite big.

Under Unix we could try something like: ping -s host
to send 64 bytes packets.

If you have Windows 95, click the start button, select RUN, then type
in: PING -T -L 256 xxx.xxx.xxx.xx. Start about 15 sessions.

.C.24. CRASHING SYSTEMS WITH PING FROM WINDOWS 95 MACHINES


If someone can ping your machine from a Windows 95 machine he or she might
reboot or freeze your machine. The attacker simply writes:

ping -l 65510 address.to.the.machine

And the machine will freeze or reboot.

Works for kernel 2.0.7 up to version 2.0.20. and 2.1.1. for Linux (crash).
AIX4, OSF, HPUX 10.1, DUnix 4.0 (crash).
OSF/1, 3.2C, Solaris 2.4 x86 (reboot).

.C.25. MALICIOUS USE OF SUB-NET MASK REPLY MESSAGE


The subnet mask reply message is used under the reboot, but some
hosts are known to accept the message any time without any check.
If so all communication to or from the host us turned off, it's dead.

The host should not accept the message any time but under the reboot.

.C.26. FLEXlm


Any host running FLEXlm can get the FLEXlm license manager daemon
on any network to shutdown using the FLEXlm down command.

# lmdown -c /etc/licence.dat
lmdown - Copyright (C) 1989, 1991 Highland Software, Inc.

Shutting down FLEXlm on nodes: xxx
Are you sure? [y/n]: y
Shut down node xxx
#

.C.27. BOOTING WITH TRIVIAL FTP

To boot diskless workstations one often use trivial ftp with rarp or
bootp. If not protected an attacker can use tftp to boot the host.


.D. ATTACKING FROM THE INSIDE


.D.1. KERNEL PANIC UNDER SOLARIS 2.3


Solaris 2.3 will get a kernel panic if this
is executed:

EX:
   
    $ndd /dev/udp udp_status

The solution is to install the proper patch.

.D.2. CRASHING THE X-SERVER


If sticky bit is not set in /tmp then can the file /tmp/.x11-unix/x0
be removed and the x-server will crash.

Ex:

    $ rm /tmp/.x11-unix/x0

.D.3. FILLING UP THE HARD DISK


If your hard disk space is not limited by a quota or if you can use
/tmp then it`s possible for you to fill up the file system.

Ex:

    while : ;
    mkdir .xxx
    cd .xxx
    done

.D.4. MALICIOUS USE OF eval


Some older systems will crash if eval '\!\!' is executed in the
C-shell.

Ex:

    % eval '\!\!'
   
.D.5. MALICIOUS USE OF fork()


If someone executes this C++ program the result will result in a crash
on most systems.

Ex:
   
    #include <sys/types.h>
    #include <unistd.h>
    #include <iostream.h>
   
    main()
    {
        int x;
        while(x=0;x<1000000;x++)
            {
                system("uptime");
                fork();
            }
    }

You can use any command you want, but uptime is nice
because it shows the workload.

To get a bigger and very ugly attack you should however replace uptime
(or fork them both) with sync. This is very bad.

If you are real mean you could also fork a child process for
every child process and we will get an exponential increase of
workload.

There is no good way to stop this attack and
similar attacks. A solution could be to place a limit
on time of execution and size of processes.

.D.6. CREATING FILES THAT IS HARD TO REMOVE

Well all files can be removed, but here is some ideas:

Ex.I.

    $ cat > -xxx
    ^C
    $ ls
    -xxx
    $ rm -xxx
    rm: illegal option -- x
    rm: illegal option -- x
    rm: illegal option -- x
    usage: rm [-fiRr] file ...
    $

Ex.II.

    $ touch xxx!
    $ rm xxx!
    rm: remove xxx! (yes/no)? y
    $ touch xxxxxxxxx!
    $ rm xxxxxxxxx!
    bash: !": event not found
    $

    (You see the size do count!)

Other well know methods is files with odd characters or spaces
in the name.

These methods could be used in combination with ".D.3 FILLING UP THE
HARDDISK". If you do want to remove these files you must use some sort
of script or a graphical interface like OpenWindow:s File
Manager. You can also try to use: rm ./<filename>. It should work for
the first example if you have a shell.

.D.7. DIRECTORY NAME LOOK UP CACHE


Directory name look up cache (DNLC) is used whenever a file is opened.
DNLC associates the name of the file to a vnode. But DNLC can only
operate on files with names that has less than N characters (for SunOS 4.x
up to 14 character, for Solaris 2.x up 30 characters). This means
that it's dead easy to launch a pretty discreet denial of service attack.

Create lets say 20 directories (for a start) and put 10 empty files in
every directory. Let every name have over 30 characters and execute a
script that makes a lot of ls -al on the directories.

If the impact is not big enough you should create more files or launch
more processes.

.D.8. CSH ATTACK

Just start this under /bin/csh (after proper modification)
and the load level will get very high (that is 100% of the cpu time)
in a very short time.

Ex:

    |I /bin/csh
    nodename : **************b

.D.9. CREATING FILES IN /tmp


Many programs creates files in /tmp, but are unable to deal with the problem
if the file already exist. In some cases this could be used for a
denial of service attack.

.D.10. USING RESOLV_HOST_CONF


Some systems have a little security hole in the way they use the
RESOLV_HOST_CONF variable. That is we can put things in it and
through ping access confidential data like /etc/shadow or
crash the system. Most systems will crash if /proc/kcore is
read in the variable and access through ping.

Ex:
   
    $ export RESOLV_HOST_CONF="/proc/kcore" ; ping asdf

.D.11. SUN 4.X AND BACKGROUND JOBS   


Thanks to Mr David Honig <honig@amada.net> for the following:

" Put the string "a&" in a file called "a" and perform "chmod +x a".
Running "a" will quickly disable a Sun 4.x machine, even disallowing
(counter to specs) root log in as the kernel process table fills."

" The cute thing is the size of the
script, and how few keystrokes it takes to bring down a Sun
as a regular user."

.D.12. CRASHING DG/UX WITH ULIMIT


ulimit is used to set a limit on the system resources available to the
shell. If ulimit 0 is called before /etc/passwd, under DG/UX, will the
passwd file be set to zero.

.D.13. NET-TUNE AND HP-UX


/usr/contrib/bin/nettune is SETUID root on HP-UX meaning
that any user can reset all ICMP, IP and TCP kernel
parameters, for example the following parameters:

    - arp_killcomplete
    - arp_killincomplete
    - arp_unicast
    - arp_rebroadcast
    - icmp_mask_agent
    - ip_defaultttl
    - ip_forwarding
    - ip_intrqmax
    - pmtu_defaulttime
    - tcp_localsubnets
    - tcp_receive
    - tcp_send
    - tcp_defaultttl
    - tcp_keepstart
    - tcp_keepfreq
    - tcp_keepstop
    - tcp_maxretrans
    - tcp_urgent_data_ptr
    - udp_cksum
    - udp_defaultttl
    - udp_newbcastenable
    - udp_pmtu
    - tcp_pmtu
    - tcp_random_seq

The solution could be to set the proper permission on
/sbin/mount_union:

#chmod u-s /sbin/mount_union

.D.14. SOLARIS 2.X AND NFS

If a process is writing over NFS and the user goes over the disk
quota will the process go into an infinite loop.

.D.15. SYSTEM STABILITY COMPROMISE VIA MOUNT_UNION


By executing a sequence of mount_union commands any user
can cause a system reload on all FreeBSD version 2.X before
1996-05-18.

$ mkdir a
$ mkdir b
$ mount_union ~/a ~/b
$ mount_union -b ~/a ~/b

The solution could be to set the proper permission on
/sbin/mount_union:

#chmod u-s /sbin/mount_union

.D.16. trap_mon CAUSES KERNEL PANIC UNDER SUN-OS 4.1.X


Executing the trap_mon instruction from user mode can cause
a kernel panic or a window underflow watchdog reset under
SunOS 4.1.x, sun4c architecture.


.E. DUMPING CORE


.E.1. SHORT COMMENT


The core dumps things don't really belongs in this paper but I have
put them here anyway.

.E.2. MALICIOUS USE OF NETSCAPE


Under Netscape 1.1N this link will result in a segmentation fault and a
core dump.

Ex:

    <a name="http://xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx...>

.E.3. CORE DUMPED UNDER WUFTPD


A core dumped could be created under wuftp with two different
methods:

    (1) Then pasv is given (user not logged in (ftp -n)). Almost all
    versions of BSD:s ftpd.
    (2) More than 100 arguments is given with any executable
    command. Presents in all versions of BSD:sd ftpd.

.E.4. ld UNDER SOLARIS/X86


Under Solaris 2.4/X86 ld dumps core if given with the -s option.


.F. HOW DO I PROTECT A SYSTEM AGAINST DENIAL OF SERVICE ATTACKS?


.F.1. BASIC SECURITY PROTECTION


.F.1.1. INTRODUCTION


You can not make your system totally secured against denial of service
attacks but for attacks from the outside you can do a lot. I put this
work list together and hope that it can be of some use.

.F.1.2. SECURITY PATCHES


Always install the proper security patches. As for patch numbers
I don't want to put them out, but that doesn't matter because you
anyway want to check that you have all security patches installed,
so get a list and check! Also note that patches change over time and
that a solution suggested in security bulletins (i.e. CERT) often
is somewhat temporary.

.F.1.3. PORT SCANNING


Check which services you have. Don't check with the manual
or some configuration file, instead scan the ports with strobe
or some other port scanner. Actual you should do this regularly to see
that anyone don't have installed a service that you don't want on
the system (could for example be service used for a pirate site).

Disable every service that you don't need, could for example be rexd,
fingerd, systat, netstat, rusersd, sprayd, pop3, uucpd, echo, chargen,
tftp, exec, ufs, daytime, time... Any combination of echo, time, daytime
and charged is possible to get to loop. There is however no need
to turn discard off. The discard service will just read a packet
and discard it, so if you turn off it you will get more sensitive to
denial of service and not the opposite.

Actual can services be found on many systems that can be used for
denial of service and brute force hacking without any logging. For
example Stock rexec never logs anything. Most popd:s also don't log
anything

.F.1.4. CHECK THE OUTSIDE ATTACKS DESCRIBED IN THIS PAPER


Check that attacks described in this paper and look at the
solution. Some attacks you should perform yourself to see if they
apply to your system, for example:

    - Freezing up X-Windows.
    - Malicious use of telnet.
    - How to disable services.
    - Sun-OS kernel panic.
    - Attacking with lynx clients.
    - Crashing systems with ping from Windows 95 machines.
   
That is stress test your system with several services and look at
the effect.

Note that Solaris 2.4 and later have a limit on the number of ICMP
error messages (1 per 500 ms I think) that can cause problems then
you test your system for some of the holes described in this paper.
But you can easy solve this problem by executing this line:

$ /usr/sbin/ndd -set /dev/ip ip_icmp_err_interval 0
                                                           
.F.1.5. CHECK THE INSIDE ATTACKS DESCRIBED IN THIS PAPER


Check the inside attacks, although it is always possibly to crash
the system from the inside you don't want it to be to easy. Also
have several of the attacks applications besides denial of service,
for example:

    - Crashing the X-Server:     If stickybit is not set in /tmp
                    a number of attacks to gain
                    access can be performed.

    - Using resolv_host_conf:    Could be used to expose
                    confidential data like
                    /etc/shadow.

    - Core dumped under wuftpd:    Could be used to extract
                    password-strings.

If I don't have put out a solution I might have recommended son other paper.
If not I don't know of a paper with a solution I feel that I can recommend.
You should in these causes check with your company.

.F.1.6. EXTRA SECURITY SYSTEMS


Also think about if you should install some extra security systems.
The basic that you always should install is a log daemon  and a wrapper.
A firewall could also be very good, but expensive. Free tools that can
be found on the Internet is for example:

TYPE:     
 NAME:      
URL:

LOG DAEMON    NET LOG        ftp://net.tamu.edu/pub/security/TAMU
WRAPPER        TCP WRAPPERS    ftp://cert.org/pub/tools/tcp_wrappers
FIREWALL    TIS         ftp://ftp.tis.com/pub/firewalls/toolkit

Note that you should be very careful if building your own firewall with
TIS or you might open up new and very bad security holes, but it is a very
good security packer if you have some basic knowledge.

It is also very good to replace services that you need, for example telnet,
rlogin, rsh or whatever, with a tool like ssh. Ssh is free and can be
found at URL:

    ftp://ftp.cs.hut.fi/pub/ssh

The addresses I have put out are the central sites for distributing
and I don't think that you should use any other except for CERT.

For a long list on free general security tools I recommend:
"FAQ: Computer Security Frequently Asked Questions".

.F.1.7. MONITORING SECURITY


Also monitor security regular, for example through examining system log
files, history files... Even in a system without any extra security systems
could several tools be found for monitoring, for example:

    - up time
    - show mount
    - ps
    - net stat
    - finger

(see the man text for more information).

.F.1.8. KEEPING UP TO DATE


It is very important to keep up to date with security problems. Also
understand that then, for example CERT, warns for something it has often
been dark-side public for sometime, so don't wait. The following resources
that helps you keeping up to date can for example be found on the Internet:

    - CERT mailing list. Send an e-mail to cert@cert.org to be placed
    on the list.
   
    - Bugtraq mailing list. Send an e-mail to bugtraq-request@fc.net.

    - WWW-security mailing list. Send an e-mail to
    www-security@ns2.rutgers.edu.

.F.1.9. READ SOMETHING BIGGER AND BETTER


Let's start with papers on the Internet. I am sorry to say that it is not
very many good free papers that can be found, but here is a small collection
and I am sorry if have have over looked a paper.

(1) The Rainbow books is a long series of free books on computer security.
US citizens can get the books from:

    INFOSEC AWARENESS OFFICE
    National Computer Security Center
    9800 Savage Road
    Fort George G. Meader, MD 20755-600

We other just have to read the papers on the World Wide Web. Every
paper can not however be found on the Internet.

(2) "Improving the security of your Unix system" by Curry  is also very
nice if you need the very basic things. If you don't now anything about
computer security you can't find a better start.

(3) "The WWW security FAQ" by Stein is although it deal with W3-security
the very best better on the Internet about computer security.

(4) CERT have aklso published several good papers, for example:

    - Anonymous FTP Abuses.
    - Email Bombing and Spamming.
    - Spoofed/Forged Email.
    - Protecting yourself from password file attacks.

I think however that the last paper have overlooked several things.

(5) For a long list on papers I can recommend:
"FAQ: Computer Security Frequently Asked Questions".

(6) Also see section ".G. SUGGESTED READING"

You should also get some big good commercial book, but I don't want
to recommend any.

.F.2. MONITORING PERFORMANCE


.F.2.1. INTRODUCTION


There is several commands and services that can be used for
monitoring performance. And at least two good free programs can
be found on Internet.

.F.2.2. COMMANDS AND SERVICES


For more information read the man text.

netstat        Show network status.
nfsstat        Show NFS statistics.
sar        System activity reporter.
vmstat        Report virtual memory statistics.
timex        Time a command, report process data and system
        activity.
time         Time a simple command.
truss        Trace system calls and signals.
uptime        Show how long the system has been up.

Note that if a public netstat server can be found you might be able
to use netstat from the outside. netstat can also give information
like tcp sequence numbers and much more.

.F.2.3. PROGRAMS


Proctool: Proctool is a freely available tool for Solaris that monitors
and controls processes.
    ftp://opcom.sun.ca/pub/binaries/
   
Top: Top might be a more simple program than Proctool, but is
good enough.

.F.2.4. ACCOUNTING


To monitor performance you have to collect information over a long
period of time. All Unix systems have some sort of accounting logs
to identify how much CPU time, memory each program uses. You should
check your manual to see how to set this up.

You could also invent your own account system by using crontab and
a script with the commands you want to run. Let crontab run the script
every day and compare the information once a week. You could for
example let the script run the following commands:

    - netstat
    - iostat -D
    - vmstat


.G. SUGGESTED READING


.F.1. INFORMATION FOR DEEPER KNOWLEDGE


(1) Hedrick, C. Routing Information Protocol. RFC 1058, 1988.
(2) Mills, D.L. Exterior Gateway Protocol Formal Specification. RFC 904, 1984.
(3) Postel, J. Internet Control Message Protocol. RFC 792, 1981.
(4) Harrenstien, K. NAME/FINGER Protocol, RFC 742, 1977.
(5) Sollins, K.R. The TFTP Protocol, RFC 783, 1981.
(6) Croft, W.J. Bootstrap Protocol, RFC 951, 1985.

Many of the papers in this category was RFC-papers. A RFC-paper
is a paper that describes a protocol. The letters RCS stands for
Request For Comment. Hosts on the Internet are expected to understand
at least the common ones. If you want to learn more about a protocol
it is always good to read the proper RFC. You can find a nice sRFC
index search form at URL:

    http://pubweb.nexor.co.uk/public/rfc/index/rfc.html

.F.2. KEEPING UP TO DATE INFORMATION


(1) CERT mailing list. Send an e-mail to cert@cert.org to be placed
on the list.
(2) Bugtraq mailinglist. Send an e-mail to bugtraq-request@fc.net.
(3) WWW-security mailinglist. Send an e-mail to www-security@ns2.rutgers.edu.
(4) Sun Microsystems Security Bulletins.
(5) Various articles from:         - comp.security.announce
                    - comp.security.unix
                    - comp.security.firewalls
(6) Varius 40Hex Issues.

.F.3. BASIC INFORMATION


(1) Husman, H. INTRODUCTION TILL DATA SKETCHER UNDER X-WINDOWS, 1995.
(2) Husman, H. INTRODUCTION TILL IP-SPOOFING, 1995.
(3) The following rainbow books:    - Teal Green Book (Glossary of
                    Computer Security Terms).
                    - Bright Orange Book( A Guide
                    to Understanding Security Testing
                    and Test Documentation in Trusted
                    Systems).
                    - C1 Technical Report-001
                    (Computer Viruses: Prevention,
                    Detection, and Treatment).
(4) Ranum, Marcus. Firewalls, 1993.
(5) Sun Microsystems, OpenWindows V3.0.1. User Commands, 1992.
(6) Husman, H. ATT SPÅRA ODOKUMENTERADE SÄKERHETSLUCKOR, 1996.
(7) Dark OverLord, Unix Cracking Tips, 1989.
(8) Shooting Shark, Unix Nasties, 1988.
(9) LaDue, Mark.D. Hostile Applets on the Horizone, 1996.
(10) Curry, D.A. Improving the security of your unix system, 1990.
(11) Stein, L.D. The World Wide Web security FAQ, 1995.
(12) Bellovin, S.M. Security Problems in the TCP/IP Protocol, 1989.

.H. COPYRIGHT


This paper is Copyright (c) 1996 by Hans Husman.

Permission is hereby granted to give away free copies electronically. You
may distribute, transfer, or spread this paper electronically. You may not
pretend that you wrote it. This copyright notice must be maintained in any
copy made. If you wish to reprint the whole or any part of this paper in any
other medium excluding electronic medium, please ask the author for
permission.

.I. DISCLAIMER


The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.







   




ALL About Spyware

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialer" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: Ad-muncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.
Try: Lava-soft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, Trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, track-ware and big brother-ware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, Trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: Hijack This 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: Hijack This is a tool, that lists all installed browser add-on, buttons, start-up items and allows you to inspect them, and optionally remove selected items.


If you would like to prevent "spyware" being install.
Try: Spyware Blaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: Spyware Blaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: Spyware Guard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: Spyware Guard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html

Useful tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
Spyware

----------------------------------------------------------------------------
All these software will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended

Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and Trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k


Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k


Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k

All about ftp setting

Setting Up A Ftp:

Setting Up A Ftp

Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.
That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes every time you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.

You'll then need to get your IP. This can be done by doing this:
Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'

After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm

First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice verse).

The below options are then choose-able:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on start-up
-Allow multiple instances
-Show "Loading..." status at start-up
-Scan drive(s) at start-up
-Confirm exit

You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.

To protect your server, you should check 'log in check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.

Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.

Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.

But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful log in's, and all of the options in the client directly, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.

You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.

After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.

From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder separately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).

Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.
**Requested**


From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.

Post your ftp info, like this:

213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')

User: *** (The username of the client)

Pass: *** (The password)

Port: *** (The port number you chose)

So make a FTP and join the FTP section


Listing The Contents Of A Ftp:

Listing the content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip

1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.
2. Put in the port. If the port is the default number, 21, you do not have to enter it.
3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.
5. Click "Take the List!"
6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.


If FTP Content Maker is not working, it is probably because the server does not utilize Serb-U Software.

If you get this error message:
Status Code = 550
Last Response was : 'Unable to open local file test-ftp'
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, then try again.




error messages:

110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or data-set).
553 Requested action not taken. File name not allowed.


 Active FTP vs. Passive FTP, a Definitive Explanation

Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a fire-walled environment.

This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...



The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.



Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)


In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.



Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with net-stat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.


Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)



In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.

While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.

With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.



Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.


Summary
The following chart should help admins remember how each FTP mode works:

Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20

Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024

A quick summary of the pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.