Monday, November 28, 2005

Network Analyzer / Sniffer

Analyzer 3.0

My notes: Simple configuration and easy to comprehend. The filtering features via GUI is very helpful... we can even filter traffic by application. Ethereal is known as the mother of all sniffers .... i liked the GUI of Analyser 3.0 very simple and better than ethereal.

Analyzer 3.0 notes on its website
Analyzer is a packets capture tool; it captures packets from network and it displays them through a graphical interface. The user can choose the network adapter (used for the capturing and monitoring process), specify an appropriate filter, select, copy and paste packets. Advanced features concern both the possibility to make (and plot) some advanced statistics on the captures packets and to plot statistics in real time (number of packets flowing through the network and so on).

Monday, November 14, 2005

Nice Utility for PCs -- services, processes, tcp, arp,

My Notes
Great utility to do all tasks from one program...
it has features of sysinternals tools such as tcpview n filemon, plus a lot more

Direct Download Link

Notes from the Website
Ekinx is a tool making it possible to list the configuration and the use of Windows.A series of several mitres will give you a direct access: ¤ with the processes in progress ¤ with the services and drivers ¤ with connections networks ¤ with the Arp table ¤ with the principal short cuts of Windows¤ with the realization of Optimization ¤ with a graphic posting of the occupation of the various hard disks ¤ with various information on the system and its peripheralsIn addition to the informational aspect, the application will enable you to finish a process, to change its priority or to visualize its modules (DLL).In the same way, the list of the services makes it possible to start, stop or remove a service. All the other sections will also enable you to intéragir with the system

Friday, September 23, 2005

Transparent Console for Windows

My Notes: Very appealing for its transparency feature. It can also be added in your explorer right click through a simple inf install. It has three running mode ... each of which can be modified for its dimensions and colors. If you use the command prompt in windows a lot, then this will definitely enhance your experience.

Note my desktop background in the console


Console is a Win console window enhancement. It was inspired by eConsole ( Console features include configurable font, color, size, background image and transparency (on Win2000 and later)

Tuesday, September 20, 2005

Network, Security, Software, Hardware Monitoring - Everest

My notes: I was looking for detailed stats on the motherboard of all PCs in Domain. Everest answers the call. Neat product with lots of information on the network.

EVEREST Corporate Edition is an automated network audit, system change tracking and network monitoring solution for small and large corporate enterprises, based on the award-winning EVEREST Technology. EVEREST Corporate Edition is an indispensable application for all business network environments that uses the latest technologies including XML and MHTML reporting, full SQL database and Windows Server 2003 support. EVEREST Corporate Edition offers customers a flexible way to collect hardware and software assets information into CSV files or SQL database, and produce a complete network audit based on the collected information. By offering multiple instances of audit it enables customers to keep an archive of assets information, and also offers a unique way to accurately detect any software or hardware changes in the enterprise.

Source : Lavalys Product- Everest Corporate Ed.
Download Link: Trial Version of Everest Corporate Ed.

Hide webserver contents from search engines


My Notes: If you have a website and would like to keep some content private i.e. not to be used by search crawlers for indexing, then create a file called Robots.txt in your root directory, in which you can disallow indexing of certain files and folders.

check this example of robots.txt file

Writeup from the source:
Search engine robots will check a special file in the root of each server called robots.txt, which is, as you may guess, a plain text file (not HTML). Robots.txt implements the Robots Exclusion Protocol, which allows the web site administrator to define what parts of the site are off-limits to specific robot user agent names. Web administrators can disallow access to cgi, private and temporary directories, for example, because they do not want pages in those areas indexed.


Monday, September 12, 2005

Firewall Leak Tests

Personal Notes: You'd be surprised!

This website will, on one hand, allow you to test your firewall thanks to different test programs, and on the other hand will show you a global view of vulnerabilities of the most common personal firewall in a summary page.

Nowadays, threats from the Internet are growing, both from the inside and the outside. To answer to a security need from Internet users (us), security software firms have created "personal firewalls", software acting like firewalls on user's computers. These personal firewalls have network level filtering like dedicated firewalls (hardware, dedicated) that we will name "network filtering", and an outbound application filtering that we will name "software filtering".

Due to the fact that most of these personal firewalls offer reasonable protection against inbound attacks coming from the Internet, we will only study here their software filtering, outbound filtering that can be stressed by Trojans which try to initiate themselves by connecting you to the author so that he can hack you.

Tuesday, September 06, 2005

Unattended Windows CD - Powerpacker

My Notes:
It used to be much harder to create an unattended windows cd... The techs at MSFN have been working to make it easier and easier. Here is another great contribution from one of the members.

PowerPacker will help a user create a Multiboot Windows XP disk with or without DriverPacks. It will do almost everything for you, even hex edit the files needed to be hexed, create the boot directory, boot menu, etc. It makes creating multiboot XP disks a breeze.This program was made with the BTS DriverPacks in mind. Basically it does just about everything you need to do to add a windows XP load to your MultiBoot Disk.It will gather the needed files from your source XP CD and put them into a directory you specify. It will grab the DriverPack Files and install them. It will create a boot directory for your load and even hex edit the files that need to be HEXED to allow you to boot to it. It will put the needed info into the boot list so you can select your XP load. It makes testing the DriverPacks very easy!!!

Download Link
Forum Post Link

Net Limiter - Bandwidth Management

My Notes: Very nice tool. It can be used to study the malwares or any new program that you download to check the hogs in the network.

NetLimiter is an ultimate internet traffic control and monitoring tool designed for Win98/Win98 SE, WinME, Win2000, Win2003 and WinXP. You can use NetLimiter to set download/upload transfer rate limits for applications or even single connection and monitor their internet traffic.
Along with this unique feature, Netlimiter offers comprehensive set of internet statistical tools. It includes real-time traffic measurement and long-term per-application internet traffic statistics.
Screenshots Link
Developer Website

Thursday, September 01, 2005

Registry change for all users/computers in Domain

Cut to chase question: Do you want to edit the registry of all the computers or users in a domain with one click? If your answer is Yes, ya, sure, definitely, is that possible, rite on, that would be nice ... then read on.
This one is as simple as changing registry in one PC and then replicate to
other machines.

Now some notes from the developer's site ...

Most desktop administrators quickly become familiar with the need to make adjustments to the Registry on remote computers. The free PolicyMaker™ Registry Extension is a true client side extension (CSE) to Group Policy, providing full registry management capability. The interface is simple and configurations are communicated to client computers through Group Policy. When Group Policy refreshes on a client computer, the registry is updated.

My installation Notes

  1. Download and install the polreg.msi file
  2. Go to program files folder and copy the following file to the network share that all clients have access to. Here is the file to copy...
    C:\program files\DesktopStandard\PolicyMaker\Client\polregcl.msi
  3. Open your domain group policy editor and right click on Administrative Templates
  4. Now add the desktopstandard.adm file and set some policies...start with the software deployment policies.
  5. Now, in the group policy editor, go to User Configuration section and expand user settings... here you will find the registry.
  6. Simply right click on registry and select New--> Registry Item.

    You will figure out the rest!!!

Wednesday, August 31, 2005

IDS - App Radar

AppRadar™ is a real-time database intrusion detection and security auditing solution that provides purpose-built protection for enterprise databases - arguably the crown jewels at most any organization. Unlike generic network or operating system solutions, AppRadar delivers database-specific, active protection, monitoring, and auditing. By complementing existing perimeter-focused defenses, AppRadar enables a layered defense and augments corporate privacy and regulatory compliance initiatives.

AppRadar™ supports the following:

* Microsoft SQL Server
* Oracle


Great Data Center Security

Great Data Center Design - I liked the security, HVAC and Power features

Data Center Overview
The Planet currently owns and operates three state-of-the-art data centers in Dallas, Texas, offering complete redundancy in power, HVAC, fire suppression, network connectivity, and security. With over 83,000 sq ft of raised floor between the three facilities, The Planet has an offering to fit any need. Our product offerings include private caged suites, cabinets, half-cabinets, tri-cabinets, and rackspace by the Unit. The datacenter facility sits atop multiple power grids driven by TXU electric, with PowerWare UPS battery backup power and dual diesel generators onsite. Our HVAC systems are condenser units by Data Aire to provide redundancy in cooling coupled with ten managed backbone providers. Twelve more third party backbone providers are available in the building via cross connect. Fire suppression includes a pre-action dry pipe system including VESDA (Very Early Smoke Detection Apparatus) with over 700 smoke detectors between the two facilities.

Thursday, August 25, 2005

KFSensor -Windows IDS and HoneyPot



Notes: Easy to use Windows IDS...

Advanced Windows Honeypot Server

KFSensor is a Windows based honeypot Intrusion Detection System (IDS).

It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans.
By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone.

KFSensor is designed for use in a Windows based corporate environment and contains many innovative and unique features such as remote management, a Snort compatible signature engine and emulations of Windows networking protocols.

With its GUI based management console, extensive documentation and low maintenance, KFSensor provides a cost effective way of improving an organization's network security.

Network Monitoring + Logging


XNetStat Professional

X-NetStat Professional shows your current Internet and network connections in realtime. These connections are established each time you visit a web page, send an instant message, check your email, or anytime you do network activity that requires you to connect to another computer. They also appear when outside computers attempt to connect to your machine, authorized or not. Information shown includes local and remote addresses, local and remote ports, the status, the age of the connection, how much bandwidth/traffic the connection is using, and the program EXE behind it. Its kind of like Internet/network radar, and you can even kill unwanted connections. The Professional edition of X-NetStat offers a ton of additional features geared towards Network Administrators, like a Rules system to set up actions based on network conditions, a comprehensive Network Statistics window displaying information on network interfaces and protocols, a server that lets you access XNS information remotely, a collection of Lookup Tools (TraceRoute, WHOIS, Finger, DNS, Web Search, Server Version, NetBIOS Lookup, Online Tools, etc), a Port Database, Logging capabilities, transmission LED lights, a dockable ViewBar, and many more features.

Publisher: Fresh Software
Version Date: 2005-08-10
Size: 1633 Kb.
OS: Win95,Win98,WinME,WinXP,WinNT 4.x,Windows2000,Windows2003
License: Shareware, US$ 29.95

Tuesday, August 23, 2005

tools for "you name it"

very comprehensive

Good Site for Apps

Remote Commander


Personal Notes: I love this of the most comprehensive System Admin Tools ever.
Uploading and downloading files, Mapping of ports with applications, live view of desktop with a fast refresh rate (uhmm almost fast)

AWRC is a must-have for System Administrators and Helpdesk personnel. Recommended for a range of special remote access requirements, from Intelligence to Parental supervision. Runs across firewalls.Performs deep audits and all kinds of maintenance operations.Does not leave traces on remote.It is absolutely safe.

You may be familiar with utilities that allow remote management of computers.All those utilities require that you install software on the remote computer in order to process your requests and send the information back to you.The first thing that makes AWRC different is that it does not require that you install any kind of software on the remote machine. Sure, it seems impossible. We thought that also!

The second thing is that AWRC allows you to gather more information from the remote system than remote privileged users can dream about. By far and large, AWRC is the more powerful remote audit tool you can find.

The third thing is that AWRC provides a great set of tools for remote computer management. You can do virtually anything on the remote computer you do on the local system.

These are the main features and capabilities of Atelier Web Remote Commander, no other software provides this amount of functionality:

· Access to the remote computer desktop enabling the launch of software with the mouse or keyboard.
· Simulates all keystrokes on the remote keyboard computer.
· Wakes-up from screen-savers with a mouse-click or keystroke. Deals with password protected screen-savers.
· Simulates the security attention sequence (Ctrl+Alt+Del) on the remote to enable logon and on the default desktop. The default hotkey is Ctr+Alt+D.
· Provides access to disks, partitions, folders and files. The partitions or folders are not required to be open shares.
· Remote files can be downloaded or launched in the remote system. Files can be launched as another user (equivalent to RunAs).
· Local files can be uploaded to the remote system.
· Files can be remotely zipped or unzipped.
· New directories can be made and files and directories can be renamed.
· Remote files and directories can be deleted, copied or moved.
· Allows sending or receiving the Clipboard contents: text, pictures and other standard Windows Clipboard formats.
· Provides partition information, namely File System, Type, Serial Number, Volume Label, Capacity and Free space.
· Allows visualization of shares.
· Allows visualization of users list and account details as well as Local and Global groups.
· Allows instant retrieval of password hashes, for audit of strong password policy enforcement across the organization.
· Allows visualization and management of services. Services can be started, stopped, paused, resumed and even unloaded.
· Allows visualization of processes. Processes can be killed.
· Allows remote Shutdown, Power-Off and Reboot.
· System Information (Operating System, Processor, BIOS, Memory, Display Adapter and Logical printers).
· Complete and detailed Hardware Devices list.
· Physical memory viewer.
· Port Finder, which maps applications to open ports.
· Connections and Listening Ports, TCP statistics, UDP statistics, ICMP statistics, Routing Table, DNS Servers, Persistent Routes, IP Statistics/Settings, Installed Protocols/Protocol Details, Addressing Information Table, Net to Media Table, Interface Statistics/Settings.
· Chat facility for conversation with a remote interactive user.
· Provides antialiased scaling of remote desktop for comfortable viewing on the local computer.
· Uses Windows authentication, which guarantees that only individuals with Administrator privileges on the remote system are able to connect (strong passwords are obviously recommended).
· Can use strong encryption to keep the information out of reach from prying eyes.
· Request authorization feature for obtaining approval from remote before initiating operations.
· Transparent to Firewalls.
· Works within the company's Microsoft Networks LANs and across the Internet.
· Does not open any ports - it is absolutely transparent to any firewall, providing the Microsoft Networks operation is not blocked by the firewall.

Friday, August 19, 2005

Ultra Network Analyzer

Ultra Network Analyzer from GJPSoft is a powerfully network sniffer ,packet sniffer, sockets sniffer and protocol sniffer tools. It consists of a well-integrated set of functions that you can use to resolve network problem. Ultra Network Analyzer sniffs all of network packets in real-time from multi network card (Include Modem,ISDN,ADSL) and also support capturing packet base on the application(SOCKET,TDI etc). The user can observe all of traffic of the application that you are interesting. The user can easy to learn and simple to use. Ultra network analyzer have plug-ins for different protocols such as ETHERNET, IP, TCP, UDP,PPPOE,HTTP,FTP, WINS,PPP,SMTP,POP3 and so on.

Download Link