1:29 PM
secure your world
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Posted in: NewsSunday, August 31, 2008
Saturday, August 30, 2008
Firefox Security Configuration 2008
This is a tutorial to configure Firefox defensively for the web and help protect against MITM attacks, IFRAME attacks, SSL attacks and other security threats not mentioned.
These configurations can be applied to Iceweasel and Linux as well.
Just replace Tools > Options with Edit > Preferences
Firefox Security Config 2008
Tools > Options > Content > Check Block pop-up windows
Tools > Options > Privacy > History > Uncheck:
Remember visited pages for the last 0 days
Remember what I enter in forms and the search bar
Remember what i've downloaded
Tools > Options > Privacy > Cookies
Check Accept cookies from sites
Keep until: I close Firefox
You can add another layer of security by using Spyware Blaster.
Tools > Options > Privacy > Private Data
Check Always clear my private data when I close Firefox
Settings button: Everything should be checked in this window.
Tools > Options > Security > Check
Warn me when site try to install add-ons
Tell me if the site I am visiting is a suspected forgery
Tools > Options > Security > Passwords > Uncheck
Remember passwords for sites
Use a master password
Tools > Options > Advanced > Network > Cache
Press Clear Now Button
Set to Use up to 0 MB of space for the cache
Type about:config in the url bar.
Edit these settings to display:
browser.cache.disk.capacity 0
browser.cache.disk.enable false
browser.cache.disk_cache_ssl false
browser.cache.memory.enable false
network.cookie.enableForCurrentSessionOnly true
network.cookie.lifetime.days 0
network.cookie.lifetimePolicy 0
Manage Search Engines
Access this window from the search engine window.
Uncheck Show search suggestions.
Firefox security Add-ons
NoScript
https://addons.mozilla.org/en-US/firefox/addon/722
Firekeeper
http://firekeeper.mozdev.org/
Perspectives
http://www.cs.cmu.edu/~perspectives/index.html
Cert Viewer Plus
https://addons.mozilla.org/en-US/firefox/addon/1964
ShowIP
https://addons.mozilla.org/en-US/firefox/addon/590
Netcraft Toolbar
https://addons.mozilla.org/en-US/firefox/addon/1326
Cookie Monster
https://addons.mozilla.org/en-US/firefox/addon/4703
Remove Cookie(s) for Site
https://addons.mozilla.org/en-US/firefox/addon/1595
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
These configurations can be applied to Iceweasel and Linux as well.
Just replace Tools > Options with Edit > Preferences
Firefox Security Config 2008
Tools > Options > Content > Check Block pop-up windows
Tools > Options > Privacy > History > Uncheck:
Remember visited pages for the last 0 days
Remember what I enter in forms and the search bar
Remember what i've downloaded
Tools > Options > Privacy > Cookies
Check Accept cookies from sites
Keep until: I close Firefox
You can add another layer of security by using Spyware Blaster.
Tools > Options > Privacy > Private Data
Check Always clear my private data when I close Firefox
Settings button: Everything should be checked in this window.
Tools > Options > Security > Check
Warn me when site try to install add-ons
Tell me if the site I am visiting is a suspected forgery
Tools > Options > Security > Passwords > Uncheck
Remember passwords for sites
Use a master password
Tools > Options > Advanced > Network > Cache
Press Clear Now Button
Set to Use up to 0 MB of space for the cache
Type about:config in the url bar.
Edit these settings to display:
browser.cache.disk.capacity 0
browser.cache.disk.enable false
browser.cache.disk_cache_ssl false
browser.cache.memory.enable false
network.cookie.enableForCurrentSessionOnly true
network.cookie.lifetime.days 0
network.cookie.lifetimePolicy 0
Manage Search Engines
Access this window from the search engine window.
Uncheck Show search suggestions.
Firefox security Add-ons
NoScript
https://addons.mozilla.org/en-US/firefox/addon/722
Firekeeper
http://firekeeper.mozdev.org/
Perspectives
http://www.cs.cmu.edu/~perspectives/index.html
Cert Viewer Plus
https://addons.mozilla.org/en-US/firefox/addon/1964
ShowIP
https://addons.mozilla.org/en-US/firefox/addon/590
Netcraft Toolbar
https://addons.mozilla.org/en-US/firefox/addon/1326
Cookie Monster
https://addons.mozilla.org/en-US/firefox/addon/4703
Remove Cookie(s) for Site
https://addons.mozilla.org/en-US/firefox/addon/1595
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Friday, August 29, 2008
2 Monitors on Your PC
2 Monitors on Your PC. How To. - The most amazing home videos are here
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
How to Connect Your Laptop/PC/Computer to Your TV
How to Connect Your Laptop/PC/Computer to Your TV - Funny blooper videos are here
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Windows XP Tips and Tricks [ Users Quick Reference ] Part TWO
Bringing Up the Shutdown Dialog Box
Create a new txt file somewhere on your system, open it and put in this one line:
(new ActiveXObject("Shell.Application")).ShutdownWindow s();
Save and Close the file. Change the extension to js and your got it.
You can make a shortcut to that file to make it easy to shut down your system.
Hiding the Last User Logged On
If you use the standard NT style of login and want to hide the last user:
Start the Group Policy Editor (gpedit.msc)
Go to Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
Scroll down to Interactive logon: Do not display last user name
Set it to Enable
Poweroff at Shutdown
If your computer does not turn off the power when doing a shutdown,
you may need to edit the registry. I have all the correct BIOS and Power settings and still needed to do this.
Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Desktop
Edit the key PowerOffActive and give it a value of 1
You can do the same in HKEY_USERS\.DEFAULT\Control Panel\Desktop
Remembering Folder Settings
If XP does not remember your folder settings, delete or rename the following registry keys
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\Bags]
Preventing Applications from Stealing the Focus
To prevent applications from stealing the focus from the window you are working
Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Desktop
Edit the key ForegroundLockTimeout
Give it a value of 00030d40
Disable Explorer Thumbnail View
If you want disable the Explorer's ability to show the Thumbnail View ,
Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \
Change ClassicViewState to 1
Disable Shared Documents
To disable the Shared Documents folder that shows up on the network
Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \
Create a new DWORD Value
Give it the name NoSharedDocuments
Give it a value of 1
Log off or reboot
Removing Thumbs.db Files
When viewing a folder with the Thumbnail view, WindowsXP creates a thumbs.db file.
This is a cache of the current pictures in that directory.
If you want to turn this feature off and save a little disk space
Start the Windows Explorer
Go to Tools / Folder Options / View
In the first section under Files and Folders, check Do not cache thumbnails
Now you can search for the thumbs.db file on your computer and remove them. No more should be created.
Enable / Disable the Task Manager
Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
Create the Dword value DisableTaskMgr
Give it a value of 0 to enable it
Give it a vaule of 1 to disable it
Clearing the Page File on Shutdown
Another way to set the computer to clear the pagefile without directly editing the registry is:
Click on the Start button
Go to the Control Panel
Administrative Tools
Local Security Policy
Local Policies
Click on Security Options
Right hand menu - right click on "Shutdown: Clear Virtual Memory Pagefile"
Select "Enable"
Reboot
If you want to clear the page file on each shutdown:
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory Management\ClearPageFileAtShutdown
Set the value to 1
No GUI Boot
If you don't need to see the XP boot logo,
Run MSCONFIG
Click on the BOOT.INI tab
Check the box for /NOGUIBOOT
Using the Classic Search in Explorer
If you prefer to use the classic search style in Explorer,
Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\CabinetState
Add a String Key called Use Search Asst
Give it a value of no
Changing Drive Letters
If you want to change the letters assigned to your fixed or removable drives:
Right Click on My Computer
Select Manage
Select Disk Management
For a Fixed Disk:
Select it
Right click
Select Change Drive Letter and Path
Click on the Edit button
Enter in the letter you want to use
For a Removable Disk:
In the lower, right hand panel, right click on the Disk or CD ROM #
Select Change Drive Letter and Path
Click on the Edit button
Enter in the letter you want to use
Changing the Registered Owner
Start Regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
From there you can edit the name in the Registered Owner key
Decreasing Boot Time
Microsoft has made available a program to analyze and decrease the time it takes to boot to WindowsXP
The program is called BootVis
Uncompress the file.
Run BOOTVIS.EXE
For a starting point, run Trace / Next Boot + Driver Delays
This will reboot your computer and provide a benchmark
After the reboot, BootVis will take a minute or two to show graphs of your system startup.
Note how much time it takes for your system to load (click on the red vertical line)
Then run Trace / Optimize System
Re-Run the Next Boot + Drive Delays
Note how much the time has decreased
Mine went from approximately 39 to 30 seconds.
Hide/Unhide Logon Names
If you want to hide or unhide the names of users that are displayed on the initial logon screen:
Start Regedit
Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList
Add a DWORD with the name of the user account you want to hide
Make sure it has a value of 0
If there is an existing account, you can unhide it by giving it a value of 1
WindowsXP Command Line Utilities
While there are a lot of command line utilities in WindowsXP, here are some that I have been using lately.
bootcfg - Configures, queries, or changes Boot.ini file settings.
driverquery - Displays a list of all installed device drivers and their properties.
getmac - Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer
gpresult - Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer
netsh - You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol
schtasks - Schedules commands and programs to run periodically or at a specific time
systeminfo - Displays detailed configuration information about a computer and its operating system
Disabling Hibernation
If you don't want to use up the disk space taken by Hibernation, or don't need to use it at all,
you can easily disable it.
Open up the Control Panel / Power Options icon
Click on the Hibernation icon
Uncheck Enable Hibernation
Increasing System Performance
If you have 512 megs or more of memory, you can increase system performance
by having the core system kept in memory.
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory Management\DisablePagingExecutive
Set the value to be 1
Reboot the computer
Common Command Console Utilities
WindowsXP comes with quite a few console utilities you can easily run from the command line:
Computer Management - compmgmt.msc
Disk Managment - diskmgmt.msc
Device Manager - devmgmt.msc
Disk Defrag - dfrg.msc
Event Viewer - eventvwr.msc
Shared Folders - fsmgmt.msc
Group Policies - gpedit.msc
Local Users and Groups - lusrmgr.msc
Performance Monitor - perfmon.msc
Resultant Set of Policies - rsop.msc
Local Security Settings - secpol.msc
Services - services.msc
Component Services - comexp.msc
Automatically Ending Non-Responsive Tasks
Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Desktop\AutoEndTasks
Set the value to be 1
In the same section, change the WaitToKillAppTimeout to the number of milliseconds you want.
Changing Programs That Start Automatically
WindowsXP has a similar program, MSCONFIG, that was available in Windows98.
This allows you to view and change what programs are automatically started each time you log in.
The new version also allows you to view and edit the boot.ini file (as well as check for errors and use several advanced switches)
Creating an Automated Install of WindowsXP
On the WindowsXP CP, in the SUPPORT\TOOLS directory,
there is a file called DEPLOY.CAB.
Extract the programs DEPLOY.CHM (help file) and SETUPMGR.EXE (main program)
Run SETUPMGR and answer the prompts.
This will create both a unattend.bat and unattend.txt file you can use for automated installs.
Note: The batch file might need some minor modification for file locations but it is fairly basic.
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Create a new txt file somewhere on your system, open it and put in this one line:
(new ActiveXObject("Shell.Application")).ShutdownWindow s();
Save and Close the file. Change the extension to js and your got it.
You can make a shortcut to that file to make it easy to shut down your system.
Hiding the Last User Logged On
If you use the standard NT style of login and want to hide the last user:
Start the Group Policy Editor (gpedit.msc)
Go to Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
Scroll down to Interactive logon: Do not display last user name
Set it to Enable
Poweroff at Shutdown
If your computer does not turn off the power when doing a shutdown,
you may need to edit the registry. I have all the correct BIOS and Power settings and still needed to do this.
Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Desktop
Edit the key PowerOffActive and give it a value of 1
You can do the same in HKEY_USERS\.DEFAULT\Control Panel\Desktop
Remembering Folder Settings
If XP does not remember your folder settings, delete or rename the following registry keys
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\Bags]
Preventing Applications from Stealing the Focus
To prevent applications from stealing the focus from the window you are working
Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Desktop
Edit the key ForegroundLockTimeout
Give it a value of 00030d40
Disable Explorer Thumbnail View
If you want disable the Explorer's ability to show the Thumbnail View ,
Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \
Change ClassicViewState to 1
Disable Shared Documents
To disable the Shared Documents folder that shows up on the network
Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \
Create a new DWORD Value
Give it the name NoSharedDocuments
Give it a value of 1
Log off or reboot
Removing Thumbs.db Files
When viewing a folder with the Thumbnail view, WindowsXP creates a thumbs.db file.
This is a cache of the current pictures in that directory.
If you want to turn this feature off and save a little disk space
Start the Windows Explorer
Go to Tools / Folder Options / View
In the first section under Files and Folders, check Do not cache thumbnails
Now you can search for the thumbs.db file on your computer and remove them. No more should be created.
Enable / Disable the Task Manager
Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
Create the Dword value DisableTaskMgr
Give it a value of 0 to enable it
Give it a vaule of 1 to disable it
Clearing the Page File on Shutdown
Another way to set the computer to clear the pagefile without directly editing the registry is:
Click on the Start button
Go to the Control Panel
Administrative Tools
Local Security Policy
Local Policies
Click on Security Options
Right hand menu - right click on "Shutdown: Clear Virtual Memory Pagefile"
Select "Enable"
Reboot
If you want to clear the page file on each shutdown:
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory Management\ClearPageFileAtShutdown
Set the value to 1
No GUI Boot
If you don't need to see the XP boot logo,
Run MSCONFIG
Click on the BOOT.INI tab
Check the box for /NOGUIBOOT
Using the Classic Search in Explorer
If you prefer to use the classic search style in Explorer,
Start Regedit
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\CabinetState
Add a String Key called Use Search Asst
Give it a value of no
Changing Drive Letters
If you want to change the letters assigned to your fixed or removable drives:
Right Click on My Computer
Select Manage
Select Disk Management
For a Fixed Disk:
Select it
Right click
Select Change Drive Letter and Path
Click on the Edit button
Enter in the letter you want to use
For a Removable Disk:
In the lower, right hand panel, right click on the Disk or CD ROM #
Select Change Drive Letter and Path
Click on the Edit button
Enter in the letter you want to use
Changing the Registered Owner
Start Regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
From there you can edit the name in the Registered Owner key
Decreasing Boot Time
Microsoft has made available a program to analyze and decrease the time it takes to boot to WindowsXP
The program is called BootVis
Uncompress the file.
Run BOOTVIS.EXE
For a starting point, run Trace / Next Boot + Driver Delays
This will reboot your computer and provide a benchmark
After the reboot, BootVis will take a minute or two to show graphs of your system startup.
Note how much time it takes for your system to load (click on the red vertical line)
Then run Trace / Optimize System
Re-Run the Next Boot + Drive Delays
Note how much the time has decreased
Mine went from approximately 39 to 30 seconds.
Hide/Unhide Logon Names
If you want to hide or unhide the names of users that are displayed on the initial logon screen:
Start Regedit
Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList
Add a DWORD with the name of the user account you want to hide
Make sure it has a value of 0
If there is an existing account, you can unhide it by giving it a value of 1
WindowsXP Command Line Utilities
While there are a lot of command line utilities in WindowsXP, here are some that I have been using lately.
bootcfg - Configures, queries, or changes Boot.ini file settings.
driverquery - Displays a list of all installed device drivers and their properties.
getmac - Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer
gpresult - Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer
netsh - You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol
schtasks - Schedules commands and programs to run periodically or at a specific time
systeminfo - Displays detailed configuration information about a computer and its operating system
Disabling Hibernation
If you don't want to use up the disk space taken by Hibernation, or don't need to use it at all,
you can easily disable it.
Open up the Control Panel / Power Options icon
Click on the Hibernation icon
Uncheck Enable Hibernation
Increasing System Performance
If you have 512 megs or more of memory, you can increase system performance
by having the core system kept in memory.
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\Memory Management\DisablePagingExecutive
Set the value to be 1
Reboot the computer
Common Command Console Utilities
WindowsXP comes with quite a few console utilities you can easily run from the command line:
Computer Management - compmgmt.msc
Disk Managment - diskmgmt.msc
Device Manager - devmgmt.msc
Disk Defrag - dfrg.msc
Event Viewer - eventvwr.msc
Shared Folders - fsmgmt.msc
Group Policies - gpedit.msc
Local Users and Groups - lusrmgr.msc
Performance Monitor - perfmon.msc
Resultant Set of Policies - rsop.msc
Local Security Settings - secpol.msc
Services - services.msc
Component Services - comexp.msc
Automatically Ending Non-Responsive Tasks
Start Regedit
Go to HKEY_CURRENT_USER\Control Panel\Desktop\AutoEndTasks
Set the value to be 1
In the same section, change the WaitToKillAppTimeout to the number of milliseconds you want.
Changing Programs That Start Automatically
WindowsXP has a similar program, MSCONFIG, that was available in Windows98.
This allows you to view and change what programs are automatically started each time you log in.
The new version also allows you to view and edit the boot.ini file (as well as check for errors and use several advanced switches)
Creating an Automated Install of WindowsXP
On the WindowsXP CP, in the SUPPORT\TOOLS directory,
there is a file called DEPLOY.CAB.
Extract the programs DEPLOY.CHM (help file) and SETUPMGR.EXE (main program)
Run SETUPMGR and answer the prompts.
This will create both a unattend.bat and unattend.txt file you can use for automated installs.
Note: The batch file might need some minor modification for file locations but it is fairly basic.
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Wednesday, August 27, 2008
Ultimate Hacking Experience 2008
Trojan Horses
- Yuri RAT v1.2
- MofoTro v1.7 BETA
- Charon
- Beast v2.0.7
- Omerta v1.3
- Theef v2.10
- Combined Forces R.A.T
- MoSucker v3.0
- ProRat v1.9 Fix2
Keyloggers
- Elite Keylogger v1.0
- SKL v0.1
- KeySpy v2.0
- A++++- Curiosity
- Keylogger
- KeyCopy
Binders
- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner
Brute Forcers
- Munga Bunga 's Official
- Brutus
- Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz
- Unix- Wbrute.tar.gz
- Unix- Shadow Scanner
-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz
- Unix
CGI-Bug Scanners
- NStealth HTTP Security Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner
Virus!
Viruses
- Hippi virus
- Sasser- W32. Blaster .Worm
- Midnight Massacre
- 00001
- Nimda
- Loveletter virus
- Happy '99
- MXZ
Virus Builders
- DR VBS
- VBSwg 2 beta
- Virus builder
- p0ke's WormGen 2.0
- RESIDUO
- DoS Virus
MSN Hacks & Bots
- HoaX Toolbox 1.1
- MSN Extreme 3.0
- MessenPass v1.06
- Advanced Blood Scroller
- Nudge Madness
- Advanced Instant Messengers Password Recovery
- Contact Spy
- Msn Explosion
- Encrypted Messenger
Port & IP Scanners
- Blues Port Scanner
- ProPort v2.2
- SuperScan v3.0
- Net Scan Tools v4.2
- LanSpy v2.0
- ~censored~ Threads v3.1
- Trojan Hunter v1.5
- SuperScan v4.0
- Neotrace PRO v3.25 trial&crack
Nukers And Flooders
- Rocket v1.0
- RPCNuke v1.0
- Panther Mode1
- 56k
- Panther Mode2
- ISDN +
- Final Fortune v2.4
- Battle Pong
- Technophoria
- Assault v1.0
- ICMP Nuker
- CLICK v2.2
EXTRA!
- Telnet Tutorial.
Clik Here to Download
VIVA INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Tuesday, August 26, 2008
Monday, August 25, 2008
Speed UP Browser
With any registry changes and or tweaks u must be careful so again please don't attempt this if your not a knowledgable user.
now this former dell tech knows many ways of speeding up your pc but today we shall cover a simple one 1st internet explorer (please follow the directions)
(vista users> cntrl alt R key ) XP start run > regedit > now open keys and sub keys as follows hkey current user>software>microsoft>windows>current version>internet settings< NOW INSIDE THE INTERNET SETTINGS FOLDER to the right look to find 2 sub keys > MaxConnectionsPerServer and MaxConnectionsPer1_0Server if you have them great. simply modify the the hexadecimal to 1e and the decimal to 30 < creating more connections , improving browser speed ( as who wants to wait for their favorite page to load) now if you dont have the keys we simply add em we want to create a NEW DWORD value name it just as i spelled it > MaxConnectionsPerServer and the 2nd key MaxConnectionsPer1_0Server and modify both to read 1e as the hex and 30 for the decimal, please do not try to be a cowboy and set it higher then 30 as you will overclock anyone with more then 254mbs of ram can achieve this. when finished adding the new keys please make sure to click view on the top and refresh
now for u firefox users
open a browser(firefox) type this in the addy bar
about:config click enter (this will bring up the brain of the firefox browser)
scroll down until u see netwrok.http.pipelining
find network.http.pipelining.maxrequest < right click it and modify the data to 30 allowing 30 connections please again dont try to go any higher then 30
now find network.http.proxy.pipelining < again double click it changing the data to true
find nglayout.initialpaint.delay (some may not have this, its ok we shall add it) if you do have this key right click it and set it to 0 ( 0 seconds of delay)
for those whom didnt have the key > right click any white spot > create a NEW INTEGER name it nglayout.initialpaint.delay after completed,, modify it and set the delay to 0
thats it for now. if i dont get they "ole bann" for this i will continue to post many ways for you people to increase speed memory and much much more
Viva INDONESIA CODER TEAM
Get The Code and Fell The SOUL
now this former dell tech knows many ways of speeding up your pc but today we shall cover a simple one 1st internet explorer (please follow the directions)
(vista users> cntrl alt R key ) XP start run > regedit > now open keys and sub keys as follows hkey current user>software>microsoft>windows>current version>internet settings< NOW INSIDE THE INTERNET SETTINGS FOLDER to the right look to find 2 sub keys > MaxConnectionsPerServer and MaxConnectionsPer1_0Server if you have them great. simply modify the the hexadecimal to 1e and the decimal to 30 < creating more connections , improving browser speed ( as who wants to wait for their favorite page to load) now if you dont have the keys we simply add em we want to create a NEW DWORD value name it just as i spelled it > MaxConnectionsPerServer and the 2nd key MaxConnectionsPer1_0Server and modify both to read 1e as the hex and 30 for the decimal, please do not try to be a cowboy and set it higher then 30 as you will overclock anyone with more then 254mbs of ram can achieve this. when finished adding the new keys please make sure to click view on the top and refresh
now for u firefox users
open a browser(firefox) type this in the addy bar
about:config click enter (this will bring up the brain of the firefox browser)
scroll down until u see netwrok.http.pipelining
find network.http.pipelining.maxrequest < right click it and modify the data to 30 allowing 30 connections please again dont try to go any higher then 30
now find network.http.proxy.pipelining < again double click it changing the data to true
find nglayout.initialpaint.delay (some may not have this, its ok we shall add it) if you do have this key right click it and set it to 0 ( 0 seconds of delay)
for those whom didnt have the key > right click any white spot > create a NEW INTEGER name it nglayout.initialpaint.delay after completed,, modify it and set the delay to 0
thats it for now. if i dont get they "ole bann" for this i will continue to post many ways for you people to increase speed memory and much much more
Viva INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Posted in: Tips and TrickSpeed Up Start Up And Shut Down Times
!!!!!!! HATE WAITNG FOR WINDOWS TO SHUT DOWN? USUALLY TAKES 30 SECONDS !!!!!!!
go to START> RUN> REGEDIT follow steps
OPEN
1) HEKEY_CURRENT_USER
2) Control Panel
3) dESKTOP
4) HKEY_USERS
5) .DEFAULT
6) CONTROL PANEL
7) DESKTOP
8) HEKEY_LOCAL_MACHINE
9) SYSTEM
10) CurrentControlSet
11) control
12) HEKEY_CURRENT_USER
13) Control Panel
14) Desktop
ON the right side inside the desktop folder, u will see a bunch of applications,see
AutoEndTalks , right click AutoEndTalks >modify> set is at 0 set it to 1 click ok and ur done,
exit out,that finishes this tip
Viva INDONESIA CODER TEAM
Get The Code and Fell The SOUL
go to START> RUN> REGEDIT follow steps
OPEN
1) HEKEY_CURRENT_USER
2) Control Panel
3) dESKTOP
INSIDE the desktop folder> on the ride side (this is were we speed up ur start button
(menushowdelay) were doing another today, u will see this> WaitToKillAppTim..
u right click it > modify > its set at 20000 > set it to 10000 ! click ok this ones done
on the same page u see HungAppTime > right click it> modify >change the setting of 5000
to 1000 > click ok... close out HKEY CRRENT USER ....continue to the next step
OPEN
4) HKEY_USERS
5) .DEFAULT
6) CONTROL PANEL
7) DESKTOP
INSIDE the desktop folder, on the right side u will see the same apllications right click
on HungAppTimeout> modify > setting is at 5000 ,set it to 1000 , click ok ! then on that
same page u look further down and see WaitToKillAppTimeout which will be set at 20000,
change it to 1000(one thousand) click ok, and close all those windows to get back to ur 5
HEKEY folders. . . . continue to the next step
OPEN
8) HEKEY_LOCAL_MACHINE
9) SYSTEM
10) CurrentControlSet
11) control
Inside that set u will see 5 tabs(right side, red ab's) , the bottom one WaitToKillService
Right click it >modify > change the setting of 20000 to 1000 (one thousand) , click ok
WHEN U SHUTDOWN, WINDOWS SOMETIMES ASKS U TO TERMINATE A PROGRAM.NOW IT WILL DO IT AUTOMATICALLY
close em out and get back to the 5 HEKEYS ,, almost done more set .. keep going ...
OPEN
12) HEKEY_CURRENT_USER
13) Control Panel
14) Desktop
ON the right side inside the desktop folder, u will see a bunch of applications,see
AutoEndTalks , right click AutoEndTalks >modify> set is at 0 set it to 1 click ok and ur done,
exit out,that finishes this tip
Viva INDONESIA CODER TEAM
Get The Code and Fell The SOUL
Posted in: Tips and TrickLearn about NETSTAT
HOW TO DETERMINE A HACKER IN YOUR PC USING NESTAT CMD
Sometimes, it's just not enough to simply know that there's a Trojan or Virus
onboard. Sometimes you need to know exactly why that file is onboard, how it
got there - but most importantly, who put it there.
By enumerating the attacker in the same way that they have enumerated the victim,
you will be able to see the bigger picture and establish what you're up against.
But how can you do this? Read on...
## Connections make the world go round ##
The computer world, at any rate. Every single time you open up a website, send an
email or upload your webpages into cyberspace, you are connecting to another
machine in order to get the job done. This, of course, presents a major problem,
because this simple act is what allows malicious users to target a machine in
the first place.
# How do these people find their victim?
Well, first of all, they need to get hold of the victim's IP Address. Your IP
(Internet Protocol) address reveals your point of entry to the Internet and can
be used in many ways to cause your online activities many, many problems. It may
not reveal you by name, but it may be uniquely identifiable and it represents your
digital ID while you are online (especially so if you're on a fixed IP / DSL etc).
With an IP address, a Hacker can find out all sorts of weird and wonderful things
about their victim (as well as causing all kinds of other trouble, the biggest two
being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some
Hackers like to collect IP Addresses like badges, and like to go back to old
targets, messing them around every so often. An IP address is incredibly easy to
obtain - until recently, many realtime chat applications (such as MSN) were
goldmines of information. Your IP Address is contained as part of the Header Code
on all emails that you send and webpages that you visit can store all kinds of
information about you. A common trick is for the Hacker to go into a Chatroom,
paste his supposed website address all over the place, and when the unsuspecting
victim visits, everything about your computer from the operating system to the
screen resolution can be logged...and, of course, the all important IP address.
In addition, a simple network-wide port scan will reveal vulnerable target
machines, and a war-dialler will scan thousands of lines for exposed modems that
the hacker can exploit.
So now that you know some of the basic dangers, you're probably wondering how these
people connect to a victim's machine?
## Virtual and Physical Ports ##
Everything that you recieve over the Internet comes as a result of other machines
connecting to your computer's ports. You have two types; Physical are the holes
in the back of your machine, but the important ones are Virtual. These allow
transfer of data between your computer and the outside world, some with allocated
functions, some without, but knowing how these work is the first step to
discovering who is attacking you; you simply MUST have a basic knowledge of this,
or you won't get much further.
# What the phrases TCP/UDP actually mean
TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP
packet is a block of data which is compressed, then a header is put on it and it
is sent to another computer (UDP stands for User Datagram Protocol). This is how
ALL internet transfers occur, by sending packets. The header in a packet contains
the IP address of the one who originally sent you it. Now, your computer comes
with an excellent (and free) tool that allows you to see anything that is
connected (or is attempting to connect) to you, although bear in mind that it
offers no blocking protection; it simply tells you what is going on, and that tool
is NETSTAT.
## Netstat: Your first line of defence ##
Netstat is a very fast and reliable method of seeing exactly who or what is
connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS
Prompt on most systems), and in the MSDOS Prompt, type:
netstat -a
(make sure you include the space inbetween the "t" and the "a").
If you're connected to the Internet when you do this, you should see something like:
Active Connections
Proto Local Address Foreign Address StateTCP
macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHEDTCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAITTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENING
Now, "Proto(col)" simply means what kind of data transmission is taking place
(TCP or UDP), "Local address" is your computer (and the number next to it tells
you what port you're connected on), "Foreign Address" is the machine that is
connected to you (and what port they're using), and finally "State" is simply
whether or not a connection is actually established, or whether the machine in
question is waiting for a transmission, or timing out etc.
Now, you need to know all of Netstat's various commands, so type:
netstat ?
You will get something like this:
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP
or UDP. If used with the -s option to display per-protocol statistics, proto may
be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP,
UDP and IP; the -p option may be used to specify a subset of the default.
Have a play around with the various options, but the most important use of these
methods is when you combine them. The best command to use is
netstat -an
because this will list all connections in Numerical Form, which makes it a lot
easier to trace malicious users....Hostnames can be a little confusing if you
don't know what you're doing (although they're easily understandable, as we shall
see later). Also, by doing this, you can also find out what your own IP address
is, which is always useful.
Also,
netstat -b
will tell you what ports are open and what programs are connecting to the internet.
## Types of Port ##
It would be impossible to find out who was attacking you if computers could just
access any old port to perform an important function; how could you tell a mail
transfer from a Trojan Attack? Well, good news, because your regular, normal
connections are assigned to low, commonly used ports, and in general, the higher
the number used, the more you should be suspicious. Here are the three main types
of port:
# Well Known Ports These run from 0 to 1023, and are bound to the common services
that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp
(Simple Mail Transfer Protocol) so if you find one of these ports open
(and you usually will), it's usually because of an essential function.
# Registered Ports These run on 1024 to 49151. Although not bound to a particular
service, these are normally used by networking utilities like FTP software, Email
client and so on, and they do this by opening on a random port within this range
before communicating with the remote server, so don't panic (just be wary,
perhaps) if you see any of these open, because they usually close automatically
when the system that's running on them terminates (for example, type in a common
website name in your browser with netstat open, and watch as it opens up a port
at random to act as a buffer for the remote servers). Services like MSN Messenger
and ICQ usually run on these Ports.
# Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used
except with certain programs, and even then not very often. This is indeed the
usual range of the Trojan, so if you find any of these open, be very suspicious.
So, just to recap:
Well Known Ports 0 to 1023 Commonly used, little danger.
Registered Ports 1024 to 49151 Not as common, just be careful.
Dynamic/Private Ports 49152 to 65535 Be extremely suspicious.
## The hunt is on ##
Now, it is essential that you know what you're looking for, and the most common way
someone will attack your machine is with a Trojan. This is a program that is sent
to you in an email, or attempts to bind itself to one of your ports, and when
activated, it can give the user your passwords, access to your hard drive...they
can even make your CD Tray pop open and shut. At the end of this Document, you
will find a list of the most commonly used Trojans and the ports they operate on.
For now, let's take another look at that first example of Netstat....
Active Connections
Proto Local Address Foreign Address StateTCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHEDTCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAITTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENING
Now, straight away, this should make more sense to you. Your computer is connected
on two ports, 80 and 27374. Port 80 is used for http/www transmissions
(ie for all intents and purposes, its how you connect to the net, although of
course it's a lot more complicated than that). Port 27374, however, is distinctly
suspicious; first of all, it is in the registered port range, and although other
services (like MSN) use these, let's assume that you have nothing at all running
like instant messengers, webpages etc....you're simply connected to the net
through proxy. So, now this connection is looking even more troublesome, and when
you realise that 27374 is a common port for Netbus (a potentially destructive
Trojan), you can see that something is untoward here. So, what you would do is:
1) run Netstat , and use:
Netstat -a
then
Netstat -an
So you have both Hostnames AND IP addresses.
## Tracerouting ##
Having the attacker's IP is all well and good, but what can you do with it? The
answer is, a lot more! It's not enough to have the address, you also need to know
where the attacker's connections are coming from. You may have used automated
tracerouting tools before, but do you jknow how they work?
Go back to MSDOS and type
tracert *type IP address/Hostname here* without *
Now, what happens is, the Traceroute will show you all the computers inbetween you
and the target machine, including blockages, firewalls etc. More often than not,
the hostname address listed before the final one will belong to the Hacker's ISP
Company. It'll either say who the ISP is somewhere in there, or else you run a
second trace on the new IP/hostname address to see who the ISP Company in question
is. If the Hostname that you get back doesn't actually seem to mention an actual
geographical location within its text, you may think all is lost. But fear not!
Suppose you get a hostname such as
http://www.haha.com <= (example)
Well, that tells us nothing, right? Wrong....simply enter the hostname in your
browser, and though many times you will get nothing back, sometimes it will
resolve to an ISP, and from there you can easily find out its location and in what
areas they operate. This at least gives you a firm geographical location to carry
out your investigations in.
If you STILL have nothing, as a last resort you COULD try connecting to your target
's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this
ISP is of GMT, thus giving you a geographical trace based on the time mentioned
(although bear in mind, the ISP may be doing something stupid like not having
their clocks set correctly, giving you a misleading trace. Similarly, a common
tactic of Hackers is to deliberately have their computer's clock set to a totally
wrong time, so as to throw you off the scent). Also, unless you know what you're
doing, I wouldn't advise using Telnet (which is outside the parameters of this
tutorial).
## Reverse DNS Query ##
This is probably the most effective way of running a trace on somebody. If ever you
're in a chatroom and you see someone saying that they've "hacked into a satellite
orbiting the Earth, and are taking pictures of your house right now", ignore them
because that's just bad movie nonsense. THIS method is the way to go, with regard
to finding out what country (even maybe what State/City etc) someone resides,
although it's actually almost impossible to find an EXACT geographical location
without actually breaking into your ISP's Head Office and running off with the
safe.
To run an rDNS query, simply go back to MS-DOS and type
netstat
and hit return. Any active connections will resolve to hostnames rather than a
numerical format
# DNS
DNS stands for Domain Name Server. These are machines connected to the Internet
whose job it is to keep track of the IP Addresses and Domain Names of other
machines. When called upon, they take the ASCII Domain Name and convert it to the
relevant numeric IP Address. A DNS search translates a hostname into an IP
address....which is why we can enter "www.Hotmail.com" and get the website to come
up, instead of having to actually remember Hotmail's IP address and enter that
instead. Well, Reverse DNS, of course, translates the IP Address into a
Hostname (ie - in letters and words instead of numbers, because sometimes the
Hacker will employ various methods to stop Netstat from picking up a correct
Hostname).
So, for example,
298.12.87.32 is NOT a Hostname.
mail6.bol.net.au IS a Hostname.
Anyway, see the section at the end? (au) means the target lives in Australia.
Most (if not all) hostnames end in a specific Country Code, thus narrowing down
your search even further. If you know your target's Email Address
(ie they foolishly sent you a hate mail, but were silly enough to use a valid
email address) but nothing else, then you can use the Country codes to deduce
where they're from as well. You can also deduce the IP address of the sender by
looking at the emails header (a "hidden" line of code which contains information
on the sender)...on Hotmail for example, go to Preferences, and select the
"Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the
email address, at:
www.samspade.org
Plus, some ISP's include their name in your Email Address with them too
(ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's
been provided by a Website hosting company, meaning this would probably have the
website host's name in the email address (ie Webspawners). So, you could use the
information gleaned to maybe even hunt down their website
(then you could run a website check as mentioned previously) or report abuse of
that Website Provider's Email account (and thus, the Website that it goes with)
to
abuse@companynamegoeshere.com
If your Hacker happens to reside in the USA, go to:
www.usps.gov/ncsc/lookups/abbr_state.txt
for a complete list of US State abbreviatons.
## List of Ports commonly used by Trojans ##
Please note that this isn't a complete list by any means, but it will give you an
idea of what to look out for in Netstat. Be aware that some of the lower Ports
may well be running valid services.
UDP: 1349 Back Ofrice DLL
31337 BackOfrice 1.20
31338 DeepBO
54321 BackOfrice 2000
TCP: 21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
23 Tiny Telnet Server
25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator,
WinPC, WinSpy, Kuang2 0.17A-0.30
31 Hackers Paradise
80 Executor
456 Hackers Paradise
555 Ini-Killer, Phase Zero, Stealth Spy
666 Satanz Backdoor
1001 Silencer, WebEx
1011 Doly Trojan
1170 Psyber Stream Server, Voice1234 Ultors Trojan
1243 SubSeven 1.0 - 1.8
1245 VooDoo Doll
1492 FTP99CMP
1600 Shivka-Burka
1807 SpySender
1981 Shockrave
1999 BackDoor 1.00-1.03
2001 Trojan Cow
2023 Ripper
2115 Bugs
2140 Deep Throat, The Invasor
2801 Phineas Phucker
3024 WinCrash
3129 Masters Paradise
3150 Deep Throat, The Invasor
3700 Portal of Doom
4092 WinCrash
4567 File Nail 1
4590 ICQTrojan
5000 Bubbel
5000 Sockets de Troie
5001 Sockets de Troie
5321 Firehotcker
5400 Blade Runner 0.80 Alpha
5401 Blade Runner 0.80 Alpha
5402 Blade Runner 0.80 Alpha
5400 Blade Runner
5401 Blade Runner
5402 Blade Runner
5569 Robo-Hack
5742 WinCrash
6670 DeepThroat
6771 DeepThroat
6969 GateCrasher, Priority
7000 Remote Grab
7300 NetMonitor
7301 NetMonitor
7306 NetMonitor
7307 NetMonitor
7308 NetMonitor
7789 ICKiller
8787 BackOfrice 2000
9872 Portal of Doom
9873 Portal of Doom
9874 Portal of Doom
9875 Portal of Doom
9989 iNi-Killer
10067 Portal of Doom
10167 Portal of Doom
10607 Coma 1.0.9
11000 Senna Spy
11223 Progenic trojan
12223 Hack´99 KeyLogger
12345 GabanBus, NetBus
12346 GabanBus, NetBus
12361 Whack-a-mole
12362 Whack-a-mole
16969 Priority
20001 Millennium
20034 NetBus 2.0, Beta-NetBus 2.01
21544 GirlFriend 1.0, Beta-1.35
22222 Prosiak
23456 Evil FTP, Ugly FTP
26274 Delta
30100 NetSphere 1.27a
30101 NetSphere 1.27a
30102 NetSphere 1.27a
31337 Back Orifice
31338 Back Orifice, DeepBO
31339 NetSpy DK
31666 BOWhack
33333 Prosiak
34324 BigGluck, TN40412 The Spy
40421 Masters Paradise
40422 Masters Paradise
40423 Masters Paradise
40426 Masters Paradise
47262 Delta
50505 Sockets de Troie
50766 Fore
53001 Remote Windows Shutdown
54321 SchoolBus .69-1.11
61466 Telecommando
65000 Devil
## Summary ##
I hope this tutorial is useful in showing you both how to secure yourself
against unwanted connections, and also how to determine an attacker's identity.
The Internet is by no means as anonymous as some people think it is, and
although this is to the detriment of people's security online, this also works
both ways....it IS possible to find and stop even the most determined of
attackers, you just have to be patient and keep hunting for clues which will
help you put an end to their exploits
THIS HAS BEEN AROUND A WHILE AND WORKS
We Are INDONESIA CODER TEAM
Get The Code and Fell The Soul
Sometimes, it's just not enough to simply know that there's a Trojan or Virus
onboard. Sometimes you need to know exactly why that file is onboard, how it
got there - but most importantly, who put it there.
By enumerating the attacker in the same way that they have enumerated the victim,
you will be able to see the bigger picture and establish what you're up against.
But how can you do this? Read on...
## Connections make the world go round ##
The computer world, at any rate. Every single time you open up a website, send an
email or upload your webpages into cyberspace, you are connecting to another
machine in order to get the job done. This, of course, presents a major problem,
because this simple act is what allows malicious users to target a machine in
the first place.
# How do these people find their victim?
Well, first of all, they need to get hold of the victim's IP Address. Your IP
(Internet Protocol) address reveals your point of entry to the Internet and can
be used in many ways to cause your online activities many, many problems. It may
not reveal you by name, but it may be uniquely identifiable and it represents your
digital ID while you are online (especially so if you're on a fixed IP / DSL etc).
With an IP address, a Hacker can find out all sorts of weird and wonderful things
about their victim (as well as causing all kinds of other trouble, the biggest two
being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some
Hackers like to collect IP Addresses like badges, and like to go back to old
targets, messing them around every so often. An IP address is incredibly easy to
obtain - until recently, many realtime chat applications (such as MSN) were
goldmines of information. Your IP Address is contained as part of the Header Code
on all emails that you send and webpages that you visit can store all kinds of
information about you. A common trick is for the Hacker to go into a Chatroom,
paste his supposed website address all over the place, and when the unsuspecting
victim visits, everything about your computer from the operating system to the
screen resolution can be logged...and, of course, the all important IP address.
In addition, a simple network-wide port scan will reveal vulnerable target
machines, and a war-dialler will scan thousands of lines for exposed modems that
the hacker can exploit.
So now that you know some of the basic dangers, you're probably wondering how these
people connect to a victim's machine?
## Virtual and Physical Ports ##
Everything that you recieve over the Internet comes as a result of other machines
connecting to your computer's ports. You have two types; Physical are the holes
in the back of your machine, but the important ones are Virtual. These allow
transfer of data between your computer and the outside world, some with allocated
functions, some without, but knowing how these work is the first step to
discovering who is attacking you; you simply MUST have a basic knowledge of this,
or you won't get much further.
# What the phrases TCP/UDP actually mean
TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP
packet is a block of data which is compressed, then a header is put on it and it
is sent to another computer (UDP stands for User Datagram Protocol). This is how
ALL internet transfers occur, by sending packets. The header in a packet contains
the IP address of the one who originally sent you it. Now, your computer comes
with an excellent (and free) tool that allows you to see anything that is
connected (or is attempting to connect) to you, although bear in mind that it
offers no blocking protection; it simply tells you what is going on, and that tool
is NETSTAT.
## Netstat: Your first line of defence ##
Netstat is a very fast and reliable method of seeing exactly who or what is
connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS
Prompt on most systems), and in the MSDOS Prompt, type:
netstat -a
(make sure you include the space inbetween the "t" and the "a").
If you're connected to the Internet when you do this, you should see something like:
Active Connections
Proto Local Address Foreign Address StateTCP
macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHEDTCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAITTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENING
Now, "Proto(col)" simply means what kind of data transmission is taking place
(TCP or UDP), "Local address" is your computer (and the number next to it tells
you what port you're connected on), "Foreign Address" is the machine that is
connected to you (and what port they're using), and finally "State" is simply
whether or not a connection is actually established, or whether the machine in
question is waiting for a transmission, or timing out etc.
Now, you need to know all of Netstat's various commands, so type:
netstat ?
You will get something like this:
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP
or UDP. If used with the -s option to display per-protocol statistics, proto may
be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP,
UDP and IP; the -p option may be used to specify a subset of the default.
Have a play around with the various options, but the most important use of these
methods is when you combine them. The best command to use is
netstat -an
because this will list all connections in Numerical Form, which makes it a lot
easier to trace malicious users....Hostnames can be a little confusing if you
don't know what you're doing (although they're easily understandable, as we shall
see later). Also, by doing this, you can also find out what your own IP address
is, which is always useful.
Also,
netstat -b
will tell you what ports are open and what programs are connecting to the internet.
## Types of Port ##
It would be impossible to find out who was attacking you if computers could just
access any old port to perform an important function; how could you tell a mail
transfer from a Trojan Attack? Well, good news, because your regular, normal
connections are assigned to low, commonly used ports, and in general, the higher
the number used, the more you should be suspicious. Here are the three main types
of port:
# Well Known Ports These run from 0 to 1023, and are bound to the common services
that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp
(Simple Mail Transfer Protocol) so if you find one of these ports open
(and you usually will), it's usually because of an essential function.
# Registered Ports These run on 1024 to 49151. Although not bound to a particular
service, these are normally used by networking utilities like FTP software, Email
client and so on, and they do this by opening on a random port within this range
before communicating with the remote server, so don't panic (just be wary,
perhaps) if you see any of these open, because they usually close automatically
when the system that's running on them terminates (for example, type in a common
website name in your browser with netstat open, and watch as it opens up a port
at random to act as a buffer for the remote servers). Services like MSN Messenger
and ICQ usually run on these Ports.
# Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used
except with certain programs, and even then not very often. This is indeed the
usual range of the Trojan, so if you find any of these open, be very suspicious.
So, just to recap:
Well Known Ports 0 to 1023 Commonly used, little danger.
Registered Ports 1024 to 49151 Not as common, just be careful.
Dynamic/Private Ports 49152 to 65535 Be extremely suspicious.
## The hunt is on ##
Now, it is essential that you know what you're looking for, and the most common way
someone will attack your machine is with a Trojan. This is a program that is sent
to you in an email, or attempts to bind itself to one of your ports, and when
activated, it can give the user your passwords, access to your hard drive...they
can even make your CD Tray pop open and shut. At the end of this Document, you
will find a list of the most commonly used Trojans and the ports they operate on.
For now, let's take another look at that first example of Netstat....
Active Connections
Proto Local Address Foreign Address StateTCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHEDTCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAITTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENINGTCP macintosh MACINTOSH: 0 LISTENING
Now, straight away, this should make more sense to you. Your computer is connected
on two ports, 80 and 27374. Port 80 is used for http/www transmissions
(ie for all intents and purposes, its how you connect to the net, although of
course it's a lot more complicated than that). Port 27374, however, is distinctly
suspicious; first of all, it is in the registered port range, and although other
services (like MSN) use these, let's assume that you have nothing at all running
like instant messengers, webpages etc....you're simply connected to the net
through proxy. So, now this connection is looking even more troublesome, and when
you realise that 27374 is a common port for Netbus (a potentially destructive
Trojan), you can see that something is untoward here. So, what you would do is:
1) run Netstat , and use:
Netstat -a
then
Netstat -an
So you have both Hostnames AND IP addresses.
## Tracerouting ##
Having the attacker's IP is all well and good, but what can you do with it? The
answer is, a lot more! It's not enough to have the address, you also need to know
where the attacker's connections are coming from. You may have used automated
tracerouting tools before, but do you jknow how they work?
Go back to MSDOS and type
tracert *type IP address/Hostname here* without *
Now, what happens is, the Traceroute will show you all the computers inbetween you
and the target machine, including blockages, firewalls etc. More often than not,
the hostname address listed before the final one will belong to the Hacker's ISP
Company. It'll either say who the ISP is somewhere in there, or else you run a
second trace on the new IP/hostname address to see who the ISP Company in question
is. If the Hostname that you get back doesn't actually seem to mention an actual
geographical location within its text, you may think all is lost. But fear not!
Suppose you get a hostname such as
http://www.haha.com <= (example)
Well, that tells us nothing, right? Wrong....simply enter the hostname in your
browser, and though many times you will get nothing back, sometimes it will
resolve to an ISP, and from there you can easily find out its location and in what
areas they operate. This at least gives you a firm geographical location to carry
out your investigations in.
If you STILL have nothing, as a last resort you COULD try connecting to your target
's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this
ISP is of GMT, thus giving you a geographical trace based on the time mentioned
(although bear in mind, the ISP may be doing something stupid like not having
their clocks set correctly, giving you a misleading trace. Similarly, a common
tactic of Hackers is to deliberately have their computer's clock set to a totally
wrong time, so as to throw you off the scent). Also, unless you know what you're
doing, I wouldn't advise using Telnet (which is outside the parameters of this
tutorial).
## Reverse DNS Query ##
This is probably the most effective way of running a trace on somebody. If ever you
're in a chatroom and you see someone saying that they've "hacked into a satellite
orbiting the Earth, and are taking pictures of your house right now", ignore them
because that's just bad movie nonsense. THIS method is the way to go, with regard
to finding out what country (even maybe what State/City etc) someone resides,
although it's actually almost impossible to find an EXACT geographical location
without actually breaking into your ISP's Head Office and running off with the
safe.
To run an rDNS query, simply go back to MS-DOS and type
netstat
and hit return. Any active connections will resolve to hostnames rather than a
numerical format
# DNS
DNS stands for Domain Name Server. These are machines connected to the Internet
whose job it is to keep track of the IP Addresses and Domain Names of other
machines. When called upon, they take the ASCII Domain Name and convert it to the
relevant numeric IP Address. A DNS search translates a hostname into an IP
address....which is why we can enter "www.Hotmail.com" and get the website to come
up, instead of having to actually remember Hotmail's IP address and enter that
instead. Well, Reverse DNS, of course, translates the IP Address into a
Hostname (ie - in letters and words instead of numbers, because sometimes the
Hacker will employ various methods to stop Netstat from picking up a correct
Hostname).
So, for example,
298.12.87.32 is NOT a Hostname.
mail6.bol.net.au IS a Hostname.
Anyway, see the section at the end? (au) means the target lives in Australia.
Most (if not all) hostnames end in a specific Country Code, thus narrowing down
your search even further. If you know your target's Email Address
(ie they foolishly sent you a hate mail, but were silly enough to use a valid
email address) but nothing else, then you can use the Country codes to deduce
where they're from as well. You can also deduce the IP address of the sender by
looking at the emails header (a "hidden" line of code which contains information
on the sender)...on Hotmail for example, go to Preferences, and select the
"Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the
email address, at:
www.samspade.org
Plus, some ISP's include their name in your Email Address with them too
(ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's
been provided by a Website hosting company, meaning this would probably have the
website host's name in the email address (ie Webspawners). So, you could use the
information gleaned to maybe even hunt down their website
(then you could run a website check as mentioned previously) or report abuse of
that Website Provider's Email account (and thus, the Website that it goes with)
to
abuse@companynamegoeshere.com
If your Hacker happens to reside in the USA, go to:
www.usps.gov/ncsc/lookups/abbr_state.txt
for a complete list of US State abbreviatons.
## List of Ports commonly used by Trojans ##
Please note that this isn't a complete list by any means, but it will give you an
idea of what to look out for in Netstat. Be aware that some of the lower Ports
may well be running valid services.
UDP: 1349 Back Ofrice DLL
31337 BackOfrice 1.20
31338 DeepBO
54321 BackOfrice 2000
TCP: 21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
23 Tiny Telnet Server
25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator,
WinPC, WinSpy, Kuang2 0.17A-0.30
31 Hackers Paradise
80 Executor
456 Hackers Paradise
555 Ini-Killer, Phase Zero, Stealth Spy
666 Satanz Backdoor
1001 Silencer, WebEx
1011 Doly Trojan
1170 Psyber Stream Server, Voice1234 Ultors Trojan
1243 SubSeven 1.0 - 1.8
1245 VooDoo Doll
1492 FTP99CMP
1600 Shivka-Burka
1807 SpySender
1981 Shockrave
1999 BackDoor 1.00-1.03
2001 Trojan Cow
2023 Ripper
2115 Bugs
2140 Deep Throat, The Invasor
2801 Phineas Phucker
3024 WinCrash
3129 Masters Paradise
3150 Deep Throat, The Invasor
3700 Portal of Doom
4092 WinCrash
4567 File Nail 1
4590 ICQTrojan
5000 Bubbel
5000 Sockets de Troie
5001 Sockets de Troie
5321 Firehotcker
5400 Blade Runner 0.80 Alpha
5401 Blade Runner 0.80 Alpha
5402 Blade Runner 0.80 Alpha
5400 Blade Runner
5401 Blade Runner
5402 Blade Runner
5569 Robo-Hack
5742 WinCrash
6670 DeepThroat
6771 DeepThroat
6969 GateCrasher, Priority
7000 Remote Grab
7300 NetMonitor
7301 NetMonitor
7306 NetMonitor
7307 NetMonitor
7308 NetMonitor
7789 ICKiller
8787 BackOfrice 2000
9872 Portal of Doom
9873 Portal of Doom
9874 Portal of Doom
9875 Portal of Doom
9989 iNi-Killer
10067 Portal of Doom
10167 Portal of Doom
10607 Coma 1.0.9
11000 Senna Spy
11223 Progenic trojan
12223 Hack´99 KeyLogger
12345 GabanBus, NetBus
12346 GabanBus, NetBus
12361 Whack-a-mole
12362 Whack-a-mole
16969 Priority
20001 Millennium
20034 NetBus 2.0, Beta-NetBus 2.01
21544 GirlFriend 1.0, Beta-1.35
22222 Prosiak
23456 Evil FTP, Ugly FTP
26274 Delta
30100 NetSphere 1.27a
30101 NetSphere 1.27a
30102 NetSphere 1.27a
31337 Back Orifice
31338 Back Orifice, DeepBO
31339 NetSpy DK
31666 BOWhack
33333 Prosiak
34324 BigGluck, TN40412 The Spy
40421 Masters Paradise
40422 Masters Paradise
40423 Masters Paradise
40426 Masters Paradise
47262 Delta
50505 Sockets de Troie
50766 Fore
53001 Remote Windows Shutdown
54321 SchoolBus .69-1.11
61466 Telecommando
65000 Devil
## Summary ##
I hope this tutorial is useful in showing you both how to secure yourself
against unwanted connections, and also how to determine an attacker's identity.
The Internet is by no means as anonymous as some people think it is, and
although this is to the detriment of people's security online, this also works
both ways....it IS possible to find and stop even the most determined of
attackers, you just have to be patient and keep hunting for clues which will
help you put an end to their exploits
nbsstat -A (ip)
net view\\(ip)
-a RemoteName : Displays the NetBIOS name table of a remote computer, where RemoteName is the NetBIOS computer name of the remote computer. The NetBIOS name table is the list of NetBIOS names that corresponds to NetBIOS applications running on that computer.
-A IPAddress : Displays the NetBIOS name table of a remote computer, specified by the IP address (in dotted decimal notation) of the remote computer.
-c : Displays the contents of the NetBIOS name cache, the table of NetBIOS names and their resolved IP addresses.
-n : Displays the NetBIOS name table of the local computer. The status of Registered indicates that the name is registered either by broadcast or with a WINS server.
-r : Displays NetBIOS name resolution statistics. On a Windows XP computer that is configured to use WINS, this parameter returns the number of names that have been resolved and registered using broadcast and WINS.
-R : Purges the contents of the NetBIOS name cache and then reloads the #PRE-tagged entries from the Lmhosts file.
-RR : Releases and then refreshes NetBIOS names for the local computer that is registered with WINS servers.
-s : Displays NetBIOS client and server sessions, attempting to convert the destination IP address to a name.
-S : Displays NetBIOS client and server sessions, listing the remote computers by destination IP address only.
Interval : Redisplays selected statistics, pausing the number of seconds specified in Interval between each display. Press CTRL+C to stop redisplaying statistics. If this parameter is omitted, nbtstat prints the current configuration information only once.
/? : Displays help at the command prompt.
THIS HAS BEEN AROUND A WHILE AND WORKS
We Are INDONESIA CODER TEAM
Get The Code and Fell The Soul
Posted in: TutorialSpeedup Broadband Cable Internet Connection
Further speedup broadband cable Internet connection
READ DISCLAIMER FIRST AND THEN FOLLOW INSTRUCTIONS BELOW IF APPLICABLE:
It seems that Windows XP installs two separate versions of the NIC card. One you do not normally see in any properties. Remember the "netcap/?" command above show two different adapters? The LAN one is the one you see. The invisible one slows everything down and its like your running two separate cards together, sharing a connection among two cards. This method breaks This "bond" and allows the NIC to run unhindered.
IMPORTANT DISCLAIMER:
This tweak assumes that you have let Windows XP create a connection on install for your cable modem/NIC combination and that your connection has tcp/ip - QoS - file and print sharing - and client for Microsoft networks ,only installed. It also assumes that winxp will detect your NIC and has in-box drivers for it. If it doesn't do not try This as This may not work.
A. in the "My Network Places" properties (right click on the desktop icon and choose properties), highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK
B. Continue as indicated below steps:
1. from the Windows XP CD in the support directory from the support cab, extract the file netcap.exe and place it in a directory on your hard drive or even in the root of your C:\ drive.
2. next, open up a command prompt window and change directories to where you put netcap.exe then type "netcap/?". It will list some commands that are available for netcap and a netmon driver will be installed. At the bottom you will see your adapters. You should see two of them if using a 3Com card. One will be for LAN and the other will be for WAN something or other.
3. Next type "netcap/Remove". This will remove the netmon driver.
4. Open up control panel / system / dev man and look at your network adapters. You should now see two of them and one will have a yellow ! on it. Right click on the one without the yellow ! and choose uninstall. YES! you are uninstalling your network adapter, continue with the uninstall. Do not restart yet.
5. Check your connection properties to make sure that no connection exists. If you get a wizard just cancel out of it.
6. Now restart the machine and go to your connection properties again and you should have a new connection called "Local area connection 2". highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK.
8. Choose connection properties and uncheck the "QOS" box
9. Restart the machine and enjoy the increased responsiveness of IE, faster page loading, and a connection speed boost
READ DISCLAIMER FIRST AND THEN FOLLOW INSTRUCTIONS BELOW IF APPLICABLE:
It seems that Windows XP installs two separate versions of the NIC card. One you do not normally see in any properties. Remember the "netcap/?" command above show two different adapters? The LAN one is the one you see. The invisible one slows everything down and its like your running two separate cards together, sharing a connection among two cards. This method breaks This "bond" and allows the NIC to run unhindered.
IMPORTANT DISCLAIMER:
This tweak assumes that you have let Windows XP create a connection on install for your cable modem/NIC combination and that your connection has tcp/ip - QoS - file and print sharing - and client for Microsoft networks ,only installed. It also assumes that winxp will detect your NIC and has in-box drivers for it. If it doesn't do not try This as This may not work.
A. in the "My Network Places" properties (right click on the desktop icon and choose properties), highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK
B. Continue as indicated below steps:
1. from the Windows XP CD in the support directory from the support cab, extract the file netcap.exe and place it in a directory on your hard drive or even in the root of your C:\ drive.
2. next, open up a command prompt window and change directories to where you put netcap.exe then type "netcap/?". It will list some commands that are available for netcap and a netmon driver will be installed. At the bottom you will see your adapters. You should see two of them if using a 3Com card. One will be for LAN and the other will be for WAN something or other.
3. Next type "netcap/Remove". This will remove the netmon driver.
4. Open up control panel / system / dev man and look at your network adapters. You should now see two of them and one will have a yellow ! on it. Right click on the one without the yellow ! and choose uninstall. YES! you are uninstalling your network adapter, continue with the uninstall. Do not restart yet.
5. Check your connection properties to make sure that no connection exists. If you get a wizard just cancel out of it.
6. Now restart the machine and go to your connection properties again and you should have a new connection called "Local area connection 2". highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK.
8. Choose connection properties and uncheck the "QOS" box
9. Restart the machine and enjoy the increased responsiveness of IE, faster page loading, and a connection speed boost
Posted in: Tips and TrickSunday, August 24, 2008
WinXP Tips and Tricks [ Users Quick Reference ]
Opening Ports or Adding Allowed Programs with SP2's Firewall
1.Click on Start / Run
2.Enter in firewall.cpl
3.Click on the Exceptions tab
Adding a Port for Internet Access:
1.Click on the Add Port button
2.Name it whatever you want
3.Enter in the ports you want to open
Adding a Program for Internet Access
1.Click on Add Program... button
2.A list of all installed programs will be displayed
3.Highlight the one you want to include for Internet access
4.Click on the OK button
Autoexec.nt or Config.nt Errors
If you are getting errors similar to:
The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.
Try copying the file from \windows\repair directory to the one that is in the \windows\system32 directory.
Common Control Panel Applets
The follow are some common Control Panel Applets that are located in the \windows\system32 directory.
If you find yourself using any of these frequently, then you can simply make shortcuts to them on your desktop.
appwiz.cpl >>Add/Remove Programs
desk.cpl >> Display Properties
firewall.cpl >> Firewall Settings
inetcpl.cpl >> Internet Options
mmsys.cpl >> Sound and Audio
ncpa.cpl >> Network Connections
nusrmgr.cpl >> User Accounts
powercfg.cpl >> Power Options
sysdm.cpl >>System Properties
wscui.cpl >> Security Center
wuaucpl.cpl >> Automatic Updates Configuration
Windows Explorer Opens Search Companion Rather than the Folder
If the Windows Explorer opens up the Search Companion rather than opening up the actual folder, the default setting for opening a folder is changed.
To correct this:
Start Regedit
Go to HKEY_CLASSES_ROOT \ Directory \ shell
Edit the default value to be explorer or none
Guest Only Network Access
If you try and connect to an XP computer and are shown a logins screen with only the computername/Guest,
You may need to change one of the Local Security Policies:
Got to Control Panel - Administrative Tools
Go to Local Policies - Security Options
Check the Network access: Sharing and security model for local accounts
Set it to Classic - local users authenticate as themselves
Hiding a XP Computer from Network Neighborhood
If you want to share files from a XP computer,
yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes
Easy Way to Share Multiple Folders
If you need to share multiple folders, running the program SHRPUBW.EXE will bring up a simple dialog box to let you:
Browse to the folder you want to share
Enter in a Share name
Ender in a Share description
Set permissions. Several choices are available
Restart the process from within the same program
Not Viewing Zip Files as Folders
If you want to turn of WindowsXP showing Zip files as folders,
just run:
regsvr32 /u zipfldr.dll
Setting Capslock, Numlock, Scroll Lock
If you want to set the startup state for any or all of these keys,
you just need to edit the registry.
Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Keyboard
Open InitialKeyboardIndicators
Change the value to one of the following numbers
0 - All Keys off
1 - Caps Lock on
2 - Num Lock on
4 - Scroll Lock on
For multiple keys, add their values:
3 - Caps Lock and Num Lock on
5 - Caps Lock and Scroll Lock on
6 - Num Lock and Scroll Lock on
7 - Caps Lock, Num Lock, and Scroll Lock on
Log off and back on again
Restoring Desktop Icon to the Quicklaunch Bar
If you mistakenly deleted the icon for the Desktop on the Quicklaunch toolbar
Go to C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch
(where user_name is replaced by your login name)
Create a Text file called ShowDesktop.SCF with the following contents:
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
Network Access After Norton Anti-Virus Install
Sometimes you can't access a WinXP computer after installing Norton Anti-Virus.
There might be a variety of errors at the other computer depending on the operating system.
On the XP computer, in the Event Viewer / System log, there will be the following error:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device.
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parameters
Edit the IRPStackSize
Give it a value of 15
Reboot the computer
Configure for Auto-Logon
If you are the only person using the computer and what to have it automatically log you on,
Start / Run / "control userpasswords2" - no quotes
Uncheck User must enter a user name and password to use this computer
Services You Can Disable
There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.
Some possibilities are:
Alerter - Sends alert messages to specified users that are connected to the server computer.
Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
Help and Support - Allows the XP Built-in Help and Support Center to run.
IMAPI CD-Burning COM Service - You don't need this if you have other software to create CDs.
Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don't need this running.
Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don't need this running
Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don't need to monitor your performance logs, then you don't need this service.
Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don't need this service.
Remote Registry - Enables remote users to modify registry settings on this computer.
Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
Smart Card - Manages access to smart cards read by this computer.
Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today's network environment.
Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.
1.Click on Start / Run
2.Enter in firewall.cpl
3.Click on the Exceptions tab
Adding a Port for Internet Access:
1.Click on the Add Port button
2.Name it whatever you want
3.Enter in the ports you want to open
Adding a Program for Internet Access
1.Click on Add Program... button
2.A list of all installed programs will be displayed
3.Highlight the one you want to include for Internet access
4.Click on the OK button
Autoexec.nt or Config.nt Errors
If you are getting errors similar to:
The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.
Try copying the file from \windows\repair directory to the one that is in the \windows\system32 directory.
Common Control Panel Applets
The follow are some common Control Panel Applets that are located in the \windows\system32 directory.
If you find yourself using any of these frequently, then you can simply make shortcuts to them on your desktop.
appwiz.cpl >>Add/Remove Programs
desk.cpl >> Display Properties
firewall.cpl >> Firewall Settings
inetcpl.cpl >> Internet Options
mmsys.cpl >> Sound and Audio
ncpa.cpl >> Network Connections
nusrmgr.cpl >> User Accounts
powercfg.cpl >> Power Options
sysdm.cpl >>System Properties
wscui.cpl >> Security Center
wuaucpl.cpl >> Automatic Updates Configuration
Windows Explorer Opens Search Companion Rather than the Folder
If the Windows Explorer opens up the Search Companion rather than opening up the actual folder, the default setting for opening a folder is changed.
To correct this:
Start Regedit
Go to HKEY_CLASSES_ROOT \ Directory \ shell
Edit the default value to be explorer or none
Guest Only Network Access
If you try and connect to an XP computer and are shown a logins screen with only the computername/Guest,
You may need to change one of the Local Security Policies:
Got to Control Panel - Administrative Tools
Go to Local Policies - Security Options
Check the Network access: Sharing and security model for local accounts
Set it to Classic - local users authenticate as themselves
Hiding a XP Computer from Network Neighborhood
If you want to share files from a XP computer,
yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes
Easy Way to Share Multiple Folders
If you need to share multiple folders, running the program SHRPUBW.EXE will bring up a simple dialog box to let you:
Browse to the folder you want to share
Enter in a Share name
Ender in a Share description
Set permissions. Several choices are available
Restart the process from within the same program
Not Viewing Zip Files as Folders
If you want to turn of WindowsXP showing Zip files as folders,
just run:
regsvr32 /u zipfldr.dll
Setting Capslock, Numlock, Scroll Lock
If you want to set the startup state for any or all of these keys,
you just need to edit the registry.
Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Keyboard
Open InitialKeyboardIndicators
Change the value to one of the following numbers
0 - All Keys off
1 - Caps Lock on
2 - Num Lock on
4 - Scroll Lock on
For multiple keys, add their values:
3 - Caps Lock and Num Lock on
5 - Caps Lock and Scroll Lock on
6 - Num Lock and Scroll Lock on
7 - Caps Lock, Num Lock, and Scroll Lock on
Log off and back on again
Restoring Desktop Icon to the Quicklaunch Bar
If you mistakenly deleted the icon for the Desktop on the Quicklaunch toolbar
Go to C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch
(where user_name is replaced by your login name)
Create a Text file called ShowDesktop.SCF with the following contents:
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
Network Access After Norton Anti-Virus Install
Sometimes you can't access a WinXP computer after installing Norton Anti-Virus.
There might be a variety of errors at the other computer depending on the operating system.
On the XP computer, in the Event Viewer / System log, there will be the following error:
The server's configuration parameter "irpstacksize" is too small for the server to use a local device.
Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parameters
Edit the IRPStackSize
Give it a value of 15
Reboot the computer
Configure for Auto-Logon
If you are the only person using the computer and what to have it automatically log you on,
Start / Run / "control userpasswords2" - no quotes
Uncheck User must enter a user name and password to use this computer
Services You Can Disable
There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.
Some possibilities are:
Alerter - Sends alert messages to specified users that are connected to the server computer.
Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
Help and Support - Allows the XP Built-in Help and Support Center to run.
IMAPI CD-Burning COM Service - You don't need this if you have other software to create CDs.
Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don't need this running.
Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don't need this running
Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don't need to monitor your performance logs, then you don't need this service.
Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don't need this service.
Remote Registry - Enables remote users to modify registry settings on this computer.
Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
Smart Card - Manages access to smart cards read by this computer.
Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today's network environment.
Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.
