So I'm surfing through some rather interesting web pages, following up on some leisure research (i.e. freesearch - meaning you don't get paid to do it), when suddenly my screen is overwhelmed by a large window imploring me to protect myself from viruses and spyware RIGHT NOW! Great. Just what I need, driveby malware.
I carefully contain my gratitude at having an unknown entity offer to trample and romp all over my hard drive in search of itself. Instead, I play the game of carefully killing the suspect running processes and checking my workstation for any more sludge and damage.
Note: Don't actually try and close these things down using the window controls. That usually leads to a trap where no matter what you click on, you 'authorize' the super duper anti-whatever scanner to take over your system and perform its virtually useless, in some cases outright damaging, but always annoying 'cleaning' function.
I finish this pleasant little diversion in about five minutes and go back to my freesearch activities. A couple hours later I shut down the computer for the night and all is well. Or so I foolishly think.
The next evening, I fire up my trusty desktop and notice almost right away that something is wrong. It's taking nearly three minutes for the Windows desktop to appear and I'm getting strange 'no network connection' messages. I groan, thinking perhaps my cable connection is down again (I love my monopoly cable provider, honest), but no, my wife is happily surfing away via the wireless connection and a quick perusal of the modem and router reveals lots of happily blinking lights in all the right places.
After poking through the network connections and various other fun places in the control panel (note: Microsoft has posted some very helpful instructions on this process), I discover that winsock is misbehaving. Using msinfo32, I can see all sorts of oddball protocols with long, friendly numeric names like -001e495-tlm-58ghj. Um, not exactly what I was hoping to see. Seems that this is a common side effect of this type of malware attack - it just sort of muscles in and takes over the street corner. The result is ugly.
So I try Microsoft's recommendation of using the 'netsh winsock reset' command, perform the obligatory reboot, and still no joy. Take 2. I next fire up the registry editor and begin poking around, locate the obviously sick Winsock entries (there are two), delete them, reboot and the computer now boots up to the desktop quickly (or at least a lot less slowly). Still no network connection, but all I have left to do is reinstall tcp/ip, which takes all of a minute. One reboot later and all is well and working again. Not exactly how I intended to spend an hour, but all's well that ends well. Now back to those interesting web sites...
Friday, July 17, 2009
Thursday, July 16, 2009
Tooling Around with NMap v5
Okay, I'll admit - I'm easily amused by the shiny and the new. Especially if it allows me to better poke and prod around in the musty, dusty corridors of networks. Better still if I can have some fun while doing it. NMap v5 appears to be all of those things for me. Released just today, I'm already enjoying the new features.
For those who don't know, NMap is a network scanning tool. It is used for (among other things) finding computers (or hosts), seeing what services they might be offering up to the rest of the world and generally finding out all sorts of potentially useful and interesting tidbits.
Among the many new features are two really nice utilities. The first is Ncat, a rewrite of the very useful Netcat tool. Netcat is known as the network Swiss Army Knife because of its versatility. Ncat seems to meet this standard and even improve upon it. It can act as a proxy, redirecting network traffic; be used to interact with or pretend to be services like web servers or telnet; can connect multiple computers together, using encrypted channels; and much, much more of interest to any network spelunker.
The second addition is the Ndiff utility. Ndiff makes it easy to compare multiple scan results and report any differences. Imagine running several scans of a network and trying to compare results to see what's changed. With just a few hosts, this isn't too difficult. Now try this for hundreds or even thousands of results. Ndiff simplifies the task by performing the grunt work for you and generates a list of changes in hosts, services, etc. Previously Ndiff existed as a separate Python program; now it is included as part of the NMap suite. Very nice.
I've also been tinkering with the latest version of ZenMap, a bundled Windows GUI for NMap. There are some nice eye candy features included, with the most interesting so far being the impoved network diagramming function. This offers a view of scan results by hostname, IP address, even service. Again, really interesting stuff if you're plumbing out a network.
This is just scratching the surface of what Nmap v5 offers. If you've used any previous version of NMap, don't hesitate - go get v5! If you've never used NMap before, but are wondering what all this network scanning fuss is, v5 makes it easy to get your feet wet. Highly recommended.
For those who don't know, NMap is a network scanning tool. It is used for (among other things) finding computers (or hosts), seeing what services they might be offering up to the rest of the world and generally finding out all sorts of potentially useful and interesting tidbits.
Among the many new features are two really nice utilities. The first is Ncat, a rewrite of the very useful Netcat tool. Netcat is known as the network Swiss Army Knife because of its versatility. Ncat seems to meet this standard and even improve upon it. It can act as a proxy, redirecting network traffic; be used to interact with or pretend to be services like web servers or telnet; can connect multiple computers together, using encrypted channels; and much, much more of interest to any network spelunker.
The second addition is the Ndiff utility. Ndiff makes it easy to compare multiple scan results and report any differences. Imagine running several scans of a network and trying to compare results to see what's changed. With just a few hosts, this isn't too difficult. Now try this for hundreds or even thousands of results. Ndiff simplifies the task by performing the grunt work for you and generates a list of changes in hosts, services, etc. Previously Ndiff existed as a separate Python program; now it is included as part of the NMap suite. Very nice.
I've also been tinkering with the latest version of ZenMap, a bundled Windows GUI for NMap. There are some nice eye candy features included, with the most interesting so far being the impoved network diagramming function. This offers a view of scan results by hostname, IP address, even service. Again, really interesting stuff if you're plumbing out a network.
This is just scratching the surface of what Nmap v5 offers. If you've used any previous version of NMap, don't hesitate - go get v5! If you've never used NMap before, but are wondering what all this network scanning fuss is, v5 makes it easy to get your feet wet. Highly recommended.
Subscribe to:
Comments (Atom)
