Tuesday, September 22, 2009

Customize your Firefox with useful Add-ons!

Tiny menuThis post deals with a few useful Firefox Add-ons, which makes your Firefox more comfortable than before.

Tiny Menu:

If you are not using the menu bar frequently and you feel that the menu bar is occupying more space in your browser, then you can shrink it with this add-on. It will help to replace the standard menu bar in Firefox with a single popup icon in the menu bar. Customization on menu to be collapsed can also be made simple with its option.

12 Tips to Maintain a Virus Free Computer

Is your computer infected with virus? Do you often get mysterious error messages? Well this is a common problem faced by almost all the computer users across the globe. There are many viruses and worms out there that could infect your computer. Some are harmless, but, they do have the capacity to do any number of nasty things, up to and including, erasing all data from your computer. However there are ways to keep viruses away from your PC. Here are the 12 tips to maintain a virus free computer.

1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use a good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.

2. USB thumb/pen drives is another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.

3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).

4. As we all know, Internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

  • Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.
  • You can also use a pop-up blocker to automatically block those pop-ups.

5. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.

6. Install a good anti virus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from virues. If PC security is your first option then it is recommended that you go for a shareware antivirus software over the free ones. Most of the antivirus supports the Auto-Protect feature that provides realtime security for your PC. Make sure that this feature is turned on.

7. Install a good Anti spy-ware program, that operates against Internet malware and spyware.

8. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening.

9. Do not use disks that other people gave you, even from work. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.

10. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.

11. While you download files from untrusted websites/sources such as torrents, warez etc. make sure that you run a virus scan before executing them.

12. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs.

Saturday, September 5, 2009

How to Protect an Email Account from being Hacked

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is:”Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from bieng hacked.

If this is the case, then what is the reason for many people to loose their accounts?
The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who loose their email accounts are not the victims of hacking but the victims of Trapping. They loose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them loose their passwords. I’ll also mention how to protect your email account from these scams.

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original)especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

Fake Yahoo Login

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and loose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

  • Never try to login/access your email account from the sites other than the original site.
  • Always type the URL of the site in the address bar to get into the site.Never click on the hyperlink to enter the site.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely loose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.
3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes? Then definitely you are under the risk of loosing your password.In fact many people loose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.

How to Protect an Email Account from SPAM



Most of us get SPAM every day. Some of us get more and some little. Even a newly created email account will begin to receive spam just after a few days of it’s creation. Many times we wonder where these spam come from and why? But this question remains unanswered within ourselves. So in this post I will try my best to give every possible information about the spam and will also tell you about how to combat spam.

What is SPAM?

Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. Most widely recognized form of spam is email spam.

Where do these SPAM come from?

These spam come only from spammers and never from a legitimate user or a company. These spammers send a single email to hundreds (some times thousands or millions) of email addresses at a time. They either send it manually or use spambots to automate the process of spamming.

Why do spammers SPAM?

The main goal of spammers is to send the spam (unsolicited bulk messages) to as many people as possible in order to make profit. For example, John builds a small website to sell an ebook which gives information about weight loss. In order to make sales he needs publicity for his website. Instead of spending money on advertising, John decides to create an email which contains information about his site along with it’s link and send this email to say 100 email addresses in his contact list. If 1 person out of hundred buy this book john gets $10. What if he sends this email to 1000s of email addresses. He gets $100. Imagine, if he sends this email to 1 Million email addresses he gets $100000.

Now I hope you understood the idea behind spamming. So in order to make money, spammers send their advertising emails to as many people as possible without respecting the recipient’s privacy.

From where do SPAMmers get my email address?

On the Internet there exists many sites who collect the email IDs of people and sell them to spammers in bulk. Most often, people sign up for monthly newsletters and take up surveys. This is the time where these scam sites get their email addresses. Also many spammers collect email addresses by using spambots. These spambots collect email addresses from the Internet in order to build mailing lists. Such spambots are web crawlers that can gather email addresses from Web sites, newsgroups, forums, special-interest group (SIG) postings, and chat-room conversations.

Spammers also use the trick of creating Hoax Emails for gathering a huge list of email IDs. For example, a spammer sends a hoax email which says “Forward this Message to Help Severely Burned Child”. This email claims that 11 cents will be donated to the child’s family every time the message is sent to others. Most of the people believe this and start forwarding this hoax email to all of the IDs in their contact list. In this way the email spreads rapidly and eventually when it reaches the creator (spammer), the spammer gets a huge list of valid email addresses in the email header. When you get these kind of hoax emails, you can see for yourself in the email header which contains a huge list of email addresses of all those people to whom the email is being forwarded to. This is one of the effective methods used by spammers to gather email addresses.

Is SPAMming legal?

Spamming is completely illegal. Yet it is really difficult to stop spammers from spamming since they keep moving from one hosting company to another after getting banned. This makes it practically impossible to catch spammers and prosecute them.

How to protect my email account from getting SPAMmed?

The following methods can be used to combat email spam.

1. Use spam filters for your email account. If you’re using email services like Gmail, Yahoo, Hotmail etc. then spam filters are used by defaut. Each spam filter has it’s algorithm to detect spam emails and will automatically move them to SPAM folder. This keeps your inbox free from spam. However some spam emails become successful to make their way into the inbox by successfully bypassing the filters.

2. Do not post your email address in public forums, user comments and chat-rooms. Give your email address only to trustworthy websites while signing up for newsletters.

3. While taking up online surveys and filling up feedback forms, it is better not to give your personal email address. Instead singup for a dummy email account and use this for surveys and feedback forms.

4. While posting your contact email address on your website use this format: emailaddress [at] yoursite.com instead of emailaddress@yoursite.com. This protects your email address from being indexed by spambots.

5. Do not respond to hoax messages. When you receive a hoax email, avoid forwarding it to your friends. Examples of hoax messages can be found at www.hoax-slayer.com. If you really want to forward it to your friends, make sure that you use “Bcc” (blind certified copy) option to send the email. This will hide all the email IDs to which the mail is forwarded to.

Wednesday, August 26, 2009

Stoned Bootkit – Windows XP, 2003, Vista,

What is Stoned Bootkit?

A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one’s secure!

For whom is Stoned Bootkit interesting?

  1. Black Hats
  2. Law enforcement agencies
  3. Microsoft

Why is Stoned something new? Because it is the firts bootkit that..

  • attacks Windows XP, Sever 2003, Windows Vista, Windows 7 with one single master boot record
  • attacks TrueCrypt full volume encryption
  • has integrated FAT and NTFS drivers
  • has an integrated structure for plugins and boot applications (for future development)

A bootkit is a rootkit that is able to load from a master boot record and persist in memory all the way through the transition to protected mode and the startup of the OS. It’s a very interesting type of rootkit.” – Robert Hensing about bootkits

You can download Stoned Bootkit here:

Open Source Framework – Stoned Bootkit Framework.zip
Infector file – Infector.exe

Or you can read more here.

Wednesday, August 12, 2009

About ISRO’s Bhuvan







About BHUVAN

Bhuvan gives you an easy way to experience, explore and visualize IRS images over Indian region
ISRO is well known amongst space faring nations for its world-leading reputation in developing new, indigenous and innovative service oriented applications using remote sensing technology. Over the past 2 decades, ISRO has mastered the art of developing these unique applications using various spectral, spatial and temporal resolutions offered by the versatile IRS satellites and these have been successfully institutionalized in many important areas of policy making, natural resources management, disaster support, and enhancing the quality of life across all sections of the society.

Bhuvan is an initiative to showcase this distinctiveness of Indian imaging capabilities including the thematic information derived from such imagery which could be of vital importance to common man with a focus on Indian region. Bhuvan, an ambitious project of ISRO to take Indian images and thematic information in multiple spatial resolutions to people through a web portal through easy access to information on basic natural resources in the geospatial domain. Bhuvan showcases Indian images by the superimposition of these IRS satellite imageries on 3D globe. It displays satellite images of varying resolution of India’s surface, allowing users to visually see things like cities and important places of interest looking perpendicularly down or at an oblique angle, with different perspectives and can navigate through 3D viewing environment. The degree of resolution showcased is based on the points of interest and popularity, but most of the Indian terrain is covered upto at least 5.8 meters of resolution with the least spatial resolution being 55 meters from AWifs Sensor. With such rich content, Bhuvan opens the door to graphic visualisation of digital geospatial India allowing individuals to experience the fully interactive terrain viewing capabilities.

Multi-resolution images from multi-sensor IRS satellites of India is seamlessly depicted through the Bhuvan web portal by enabling a common man to zoom into specific area of interest at high resolution. Bhuvan brings a whole lot of uniqueness in understanding our own natural resources whilst presenting beautiful images and thematic vectors generated from varieties of geospatial information. Bhuvan will also attempt to bring out the importance of multi-temporal data and to highlight the changes taking place to our natural resources, which will serve as a general awareness on our changing planet. There are lot more special value added services which will be enabled onto the web portal in due course of time and each one of those services are going to be unique to preserving and conserving our precious natural resources through public participation. We are sure the common man will get rich benefits from these Indian geospatial data services in days to come.

Basic features of Bhuvan:

  • Access, explore and visualise 2D and 3D image data along with rich thematic information on Soil, wasteland, water resources etc.
  • Visualise multi-resolution, multi-sensor, multi-temporal image data
  • Superpose administrative boundaries of choice on images as required
  • Visualisation of AWS ( Automatic Weather Stations) data/information in a graphic view and use tabular weather data of user choice
  • Fly to locations ( Flies from the current location directly to the selected location)
  • Heads-Up Display ( HUD) naviation controls ( Tilt slider, north indicator, opacity, compass ring, zoom slider)
  • Navigation using the 3D view Pop-up menu (Fly-in, Fly out, jump in, jump around, view point)
  • 3D Fly through (3D view to fly to locations, objects in the terrain, and navigate freely using the mouse or keyboard)
  • Drawing 2D objects (Text labels, polylines, polygons, rectangles, 2D arrows, circles, ellipse)
  • Drawing 3D Objects (placing of expressive 3D models, 3D polygons, boxes)
  • Snapshot creation (copies the 3D view to a floating window and allows to save to a external file)
  • Measurement tools (Horizontal distance, aerial distance, vertical distance, measure area)
  • Shadow Analysis (it sets the sun position based on the given time creating shadows and effects the lighting on the terrain)
  • There would be many more value added functions and facilities which will be added into the package from time to time.
  • Particular interest of ISRO/DOS would be to provide such functionalities to common man so that he/she adopts participatory approach with scientists to solve simple problems easily and interactively.

Advanced functionalities to be provided in future versions

Urban Design Tools (to build roads, junctions and traffic lights in an urban setting)
  • Contour map ( Displays a colorized terrain map and contour lines)
  • Terrain profile ( Displays the terrain elevation profile along a path)
  • Draw tools (Creates simples markers, free hand lines, urban designs)
  • Navigation map (to jump to and view locations in the 3D India)

What is Bhuvan?
Bhuvan is a geoportal that provides medium to high resolution satellite imagery of virtually the entire India over the internet. You can "fly" around using mouse and keyboard on a simple desktop computer with virtual globe in front draped with IRS images over Indian region. Many other features are built in, including 3D terrain and information on many thematic data.

What can Bhuvan do for me?
Bhuvan is a free web based image portal. Most Image visualization programs are very expensive and complex. Bhuvan provides a fast and friendly way to look at IRS satellite data and thematic information in geographic context, which is invaluable for management, planning and visualization. Additionally, Bhuvan makes it easy to share digital data between people and computers anytime, anywhere. Over a period of time a lot more unique functionalities will be added into this tool to address common man’s problems, particularly in the rural setup of India and addressing natural resources management issues.

What do I require to run Bhuvan on my Machine?
You require the Bhuvan Plug-in which can be downloaded from the Bhuvan website after registration and you will also need DirectX8 or higher version (www.microsoft.com/windows/directx/) for installing the plug-in. Please note that the Bhuvan Plug-in can be installed with administrative privileges only.

How do I use Bhuvan?
When you first open Bhuvan website, You will land on the index page which gives you information on Bhuvan and this page also allows you to register for using the Bhuvan. Once you successfully register, you will land on the Bhuvan 3D client page. Here, there are three primary areas of the program that you'll be using. The main window shows a globe, and you can navigate around with your mouse or use the Heads-Up Display (HUD) option available on the right top corner. Double right click to zoom in, and double left click to zoom out (or use your mousewheel). Right click, hold, and drag to pan. The second area is at the upper right of the main window. When you move your mouse over the navigation compass, it give you more movement options such as rotate and tilt (which you can also do with your mouse). The third area is to the left of the main window. This frame includes a fly to location and fly to important places option. On the top of the globe are the menu options for layers, 2D and 3D drawing, measurement tools, snapshot tools etc. When you select any of these options, you see the context options on the left plane where you can make appropriate choices that you can turn on to make visible in the main windows such as roads, 3D terrain, and more.

Can I use Bhuvan if I don't have a fast internet connection?
Yes. Bhuvan is designed to be as bandwidth-friendly as possible. However, it is dependent on continuously downloading a large amount of imagery. Consequently, the faster your connection, the better the program will perform. If you have a slow connection, Bhuvan will download imagery correspondingly slowly, but it will (eventually) download everything at the maximum available resolution. Depending on the number of concurrent users on over servers and the kind of bandwidth at client end the ultimate speed of visualisation will be decided. This is a beta release, however with more learnings we will be able to make things more comfortable for all types of users.

Can I use Bhuvan if I'm not connected to the internet?
No. You will have to be connected to Internet for using Bhuvan.

How current is the imagery in Bhuvan?

Bhuvan portal does NOT display data in real-time. The images you see are a combination of satellite imagery from various IRS sensors taken (generally) sometime within the last three years during different seasons. Bhuvan, on release, contains IRS satellite images from OCM, AWifs, LISS 3, and LISS 4 sensor images and will be added with more data from time to time. Bhuvan is constantly updating its database to use more recent and higher resolution images. You can explore the metadata content to determine when exactly a specific area was imaged, but you may be able to use landmarks to generalize a date range if you are familiar with the area.

How do I bookmark a place in Bhuvan?
Zoom to the location that you'd like to bookmark (placemark, more accurately), use the draw tool to place an icon. After you save the placemark, it will stay in the frame to the left of the main window, and double clicking on it will zoom you to that position.

Can I add my own data into Bhuvan?
No. In the current version, you will not be able to add your own data

Do I have to register to use Bhuvan?
Yes. It is mandatory to register to use Bhuvan.

How much does Bhuvan cost?
The basic version of Bhuvan is free. Once you register and you login, you will be asked to download the Bhuvan plug-in. Accept the installation of the plug-in and you are ready to use the full features of Bhuvan.

What are the System Requirements for Using Bhuvan?

Requirements for Windows

  • Operating System: Windows XP/Vista
  • CPU: Pentium 4 2.4GHz+ or AMD 2400xp+
  • System Memory (RAM): 512MB
  • Hard Disk: 2GB free space
  • Network Speed: 768 Kbits/sec
  • Graphics Card: 3D-capable with 32MB of VRAM
  • Screen: 1280x1024, "32-bit True Color"

Can I run Bhuvan on Mac OS and Linux?
No at the moment Bhuvan can run only on windows system and is optimised for IE 6. or higher

What type of data can I see in Bhuvan?
You will be able to see the following data on Bhuvan

  • Satellite imagery (LISS III , LISS IV along with metadata and Multi- temporal Data from OCM & AWiFS)
  • Value added information (NADAMS – National Agricultural Drought Monitoring System), Output of flood studies for certain areas,
  • Thematic information (Wastelands, Soils, watershed,water resources related maps)
  • Base layers ( administrative boundaries, transport layers, water bodies, etc)
  • Census information
  • Metadata

What do I do when I get the ‘’DD_ERR Video Ram Memory’’ error?
Close all other applications and relaunch Bhuvan.


Bhuvan ISRO Website - bhuvan.nrsc.gov.in - Bhuvan 3D Tool

The Indian Space Research Organisation (ISRO) official website of Indian Earth Observation and Visualization is www.bhuvan.nrsc.gov.in, Today (12 August, 2009) the Beta web 3D tool announced. It is very useful to anybody see the full coverage of Indian Region. The web tool is discover and explore earth in 3D space with specific emphasis on Indian region.

Minister of State in the PMO Prithviraj Chavan launched the beta version of the geoportal www.bhuvan.nrsc.gov.in on Today. It is day-long workshop of the Astronautical Society of India on "21st Century Challenges in Space -- Indian Context."

Photobucket

If you like to use this tool, First register free account via Bhuvan official website. After user login to get to use Indian 3D Mapping Tool. It is similar to Google Earth. The Bhuvan web portal that allowed all to zoom into specific area of interest at high resolution.

Further Info Check Out Bhuvan ISRO Official Website: www.bhuvan.nrsc.gov.in

Friday, July 31, 2009

SQLMAP 0.7 Released – Automatic SQL Injection Tool

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.

For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Recent Changes

Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:

  • Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
  • Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
  • Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter.
  • This make sqlmap 0.7 to work again on Windows too.
  • Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
  • HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

For a complete list of changes view the ChangeLog.

The manual is available here – README.pdf [PDF]

You can download sqlmap 0.7 here:

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip

Friday, July 24, 2009

A Virus Program to Disable USB Ports



Virus to disable USB portsIn this post we will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). C programming language used create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since wehave also given a program to re-enable all the USB ports.

1. Download the USB_Block.rar file on to your computer.

2. It contains the following 4 files.

  • block_usb.c (source code)
  • unblock_usb.c (source code)

3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.

3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).

4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.

Sunday, July 12, 2009

Latest Proxies for Free Airtel GPRS

I have got a lot of comments that the settings for free Airtel GPRS that I had posted earlier doesn’t work. So I have found out another hack to get free GPRS on Airtel. The following settings have been tested in different States and are found to be successfully working on most of them.

I have got 2 settings which you can tryout to see if any of them works for you.

First
IP Address :: 10.49.16.10
Port :: 8877
APN :: airtelfun.com

Second
IP Address :: 200.199.82.61
Port :: 8080
APN :: airtelmms.com

second one works in some states only

I have also got some IP Addresses and Open Ports which are working for different Users so I have listed them. You can tryout if the above settings doesn’t work.

Working IP Addresses
(a) 10.2.45.155
(b) 10.49.16.10
(c) 10.4.1.55
(d) 10.6.6.6
(e) 10.89.15.15
(f) 100.1.200.467
(g) 100.1.200.211 (this one is for west bengal)

Ports
(a) 8080
(b) 9421
(c) 9201

Thursday, July 9, 2009

r6x9pzeyc5

r6x9pzeyc5

Domain Hijacking – How to Hijack Domain Names

In this post We will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How to hijack a domain name

To hijack a domain name, you need to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

You can get these information by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hack the domain name. It is the key to unlock the domain control panel. So you need to hack this email account and take full control of it. Email hacking has been discussed in my previous post how to hack an email account.

Once you take full control of this email account, you need to visit the domain registrar’s website and click on forgot password in the login page. You will be asked to enter either the domain name or the administrative email address to initiate the password reset process. once you do this all the details to reset the password will be sent to the administrative email address. Since you already have access to this email account you can easily reset the password of domain control panel. After resetting the password, login to the control panel with your new password and from there you can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

Saturday, June 27, 2009

Create One-Click Shutdown and Reboot Shortcuts

This is really very easy one but very effective one. Enjoy it!

First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.

But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:

shutdown -r -t 01 -c “Rebooting your PC”
Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message “Rebooting your PC.” The shutdown command includes a variety of switches you can use to customize it.

I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:

shutdown -s -t 03 -c “Bye Bye m8!”
shutdown -r -t 03 -c “I ll be back m8 ;) !”

Switch
What it does

-s
Shuts down the PC.

-l
Logs off the current user.

-t nn
Indicates the duration of delay, in seconds, before performing the action.

-c “messagetext”
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.

-f
Forces any running applications to shut down.

-r
Reboots the PC.

Super Bluetooth Hack 2008(Latest Version)

This is a New Version of Super Bluetooth Hack for Conventional and Mobile-based Symbian. This program through MDM can be used to control other people’s mobile phone at a distance (10-15 metres, it’s Then)

Super Bluetooth hack New 2008

More in New Version :

1) Connect via BT/Irda
2) Reading SMS
3) Changing time/alarms
4) Pressing keys…

What else can you do once connected to a another phone via blue tooth?

1) Read SMS matches.
2) Turn off telephone.
3) Switch on music.
4) Choose modes (normal, without sound …)
5) Block Phone.
6) Read his Contacts
7) Change Profile
8) Play his Ringtone even if phone is on silent
9) Restore Factory Settings.
10) Restart the phone
11) Change Ringing Volume
And here comes the best
“Call from his phone” it includes all call functions like hold etc.
And much, much more

Install:
1) Download
2) Pour on the mobile
3) Run the Installer (what you download, incidentally need JAVA)
4) He finds it, and you will be able to run software
5) Choose the language and going configured
6) Click Connection
7) Click search devices
8) Choose the “victim”
9) AND MANAGE

Download

Friday, June 26, 2009

Airtel Hack 2009 for Unlimited Free SMS

Many people search for free Airtel message center number to start sending unlimited messages without paying for them. Well, previously many websites made posts on these free message center numbers, but after the frequent use of the number, Airtel capped or filtered those numbers from further use. But still there are few working message center numbers and here I am going to reveal that with you. Note that Airtel might ban this number anytime, so be fast in using this and send free sms to anyone from your Airtel mobile number.

airtel-free-sms-300x112

How to send unlimited free SMS using free SMS center no hack

  1. Navigate to Messages option on your mobile and click on Settings
  2. Click on Message Center Number and proceed to add a new message center number.
  3. In Message Center Name field, write anything. For an example, “Hungry Hacker”.
  4. In the Message Center Number field, write +919810051905
  5. Choose Preferred Connection Type as Packet Data
  6. Save the message center and activate it from the options.

free-message-center-no-india-300x234

Now we have configured the message settings to send and receive all message through an another message center number. But since we have selected Packet data as connection type, we have to do some additional settings on our phone.

  1. Go to your phone menu and navigate to Settings >> Phone Settings >> Connection >> Packet Data
  2. In the settings of packet Data, edit the following options
  3. Packet Data Connection >> When available and Access Point >> Airtel Live
  4. Save all settings and you are done.

Note: Here we are using a CDMA message center number to send free messages from Airtel mobile. Since CDMA networks don’t support 91 as the country code, you have to add 0 before every number. This is very important and if you make mistake here, this trick will not work.

Example : Suppose you want to send free messages to 9861098610, now while composing the SMS, type this number as 09861098610 in stead of 919861098610 or +919861098610.

And also, message center number settings option may vary from phone to phone. The above steps are mentioned for Nokia mobile phones. If you want to try sending free SMS from any other handset, use your mobile manual and set the new message center number accordingly.

Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.

The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”

Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”

If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Download Free Softwares, Games, Movies and lot of Hacking Stuff from 50+ FTP Sites

Internet definitely has several unheard places also known as underground websites, few of these website offer users 100s and 1000s of softwares, games, movies and lot of Hacking Stuff for downloads. Though these sites are pretty tough to find, I was able to unearth more than 50+ FTP sites that allow users to download softwares, games, movies and lot of Hacking tools for free.

Here is a list of 50+ FTP sites that will allow you download content for free. Don’t forget to share and bookmark this page so that everyone can take advantage of it.

1. ftp://ftp.freenet.de/pub/filepilot/
2. ftp://193.43.36.131/Radio/MP3/
3. ftp://195.216.160.175/
4. ftp://207.71.8.54:21/games/
5. ftp://194.44.214.3/pub/music/
6. ftp://202.118.66.15/pub/books
7. ftp://129.241.210.42/pub/games/
8. ftp://clubmusic:clubmusic@217.172.16.3:8778/
9. ftp://212.174.160.21/games
10. ftp://ftp.uar.net/pub/e-books/
11. ftp://129.241.210.42/pub/games/
12. ftp://193.231.238.4/pub/
13. ftp://207.71.8.54/games/
14. ftp://194.187.207.98/video/
15. ftp://194.187.207.98/music/
16. ftp://194.187.207.98/soft/
17. ftp://194.187.207.98/games/
18. ftp://ftp.uglan.ck.ua/
19. ftp://159.153.197.74/pub
20. ftp://leech:l33ch@61.145.123.141:5632/
21. ftp://psy:psy@ftp.cybersky.ru
22. ftp://130.89.175.1/pub/games/
23. ftp://194.44.214.3/pub/
24. ftp://195.116.114.144:21/
25. ftp://64.17.191.56:21/
26. ftp://80.255.128.148:21/pub/
27. ftp://83.149.236.35:21/packages/
28. ftp://129.241.56.118/
29. ftp://81.198.60.10:21/
30. ftp://128.10.252.10/pub/
31. ftp://129.241.210.42/pub/
32. ftp://137.189.4.14/pub
33. ftp://139.174.2.36/pub/
34. ftp://147.178.1.101/
35. ftp://156.17.62.99/
36. ftp://159.153.197.74/pub/
37. ftp://193.140.54.18/pub/
38. ftp://192.67.63.35/
39. ftp://166.70.161.34/
40. ftp://195.161.112.15/musik/
41. ftp://195.161.112.15/
42. ftp://195.131.10.164/software
43. ftp://195.146.65.20/pub/win/
44. ftp://199.166.210.164/
45. ftp://195.46.96.194/pub/
46. ftp://61.136.76.236/
47. ftp://61.154.14.248/
48. ftp://62.210.158.81/
49. ftp://62.232.57.61/
50. ftp://212.122.1.85/pub/software/
51. ftp://193.125.152.110/pub/.1/misc/sounds/mp3/murray/

DDoS Attacks and DDoS Defense Mechanisms

Introduction

Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard to grasp a global view of the problem.

DDoS Attack Overview

A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A distributed denial-of-service attack deploys multiple machines to attain this goal. The service is denied by sending a stream of packets to a victim that either consumes some key resource, thus rendering it unavailable to legitimate clients, or provides the attacker with unlimited access to the victim machine so he can inflict arbitrary damage. This section will answer the following questions:

1. What makes DDoS attacks possible?
2. How do these attacks occur?
3. Why do they occur?

Internet Architecture

The Internet is managed in a distributed manner; therefore no common policy can be enforced among its participants.Such design opens several security issues that provide opportunities for distributed denial-of-service attacks:

1. Internet security is highly interdependent. DDoS attacks are commonly launched from systems that are subverted through security related compromises. Regardless of how well secured the victim system may be, its susceptibility to DDoS attacks depends on the state of security in the rest of the global Internet.

2. Internet resource is limited. Each Internet host has limited resources that can be consumed by a sufficient number of users.

3. Power of many is greater than power of few. Coordinated and simultaneous malicious actions by some participants can always be detrimental to others, if the resources of the attackers are greater than the resources of the victims.

4. Intelligence and resources are not collocated an end-to-end communication paradigm led to locating most of the intelligence needed for service guarantees with end hosts. At the same time, a desire for large throughput led to the design of high bandwidth pathways in the intermediate network. Thus, malicious clients can misuse the abundant resources of unwitting network for delivery of numerous messages to a victim.

DDoS Attack Strategy

In order to perform a distributed denial-of-service attack, the attacker needs to recruit the multiple agent (slave) machines. This process is usually performed automatically through scanning of remote machines, looking for security holes that would enable subversion. Vulnerable machines are then exploited by using the discovered vulnerability to gain access to the machine, and they are infected with the attack code. The exploit/infection phase is also automated, and the infected machines can be used for further recruitment of new agents .Agent machines perform the attack against the victim. Attackers usually hide the identity of the agent machines during the attack through spoofing of the source address field in packets. The agent machines can thus be reused for future attacks.

DDoS Goals

The goal of a DDoS attack is to inflict damage on the victim, either for personal reasons (a significant number of DDoS attacks are against home computers, presumably for purposes of revenge), for material gain (damaging competitor’s resources) or for popularity (successful attacks on popular Web servers gain the respect of the hacker community).

Taxonomy of DDoS Attacks

In order to devise a taxonomy of distributed denialof- service attacks we observe the means used to prepare and perform the attack, the characteristics of the attack itself and the effect it has on the victim. Various classification criteria are indicated in bold type. Figure 1 summarizes the taxonomy.

Classification by Degree of Automation

During the attack preparation, the attacker needs to locate prospective agent machines and infect them with the attack code. Based on the degree of automation of the attack, we differentiate between manual, semi-automatic and automatic DDoS attacks.

Manual Attacks
Only the early DDoS attacks belonged to the manual category. The attacker scanned remote machines for vulnerabilities, broke into them and installed the attack code, and then commanded the onset of the attack. All of these actions were soon automated, leading to development of semiautomatic DDoS attacks, the category where most contemporary attacks belong.

Semi-Automatic Attacks

In semi-automatic attacks, the DDoS network consists of handler (master) and agent (slave, daemon) machines. The attacker deploys automated scripts for scanning and compromise of those machines and installation of the attack code. He then uses handler machines to specify the attack type and the victim’s address and to command the onset of the attack to agents, who send packets to the victim. Based on the communication mechanism deployed between agent and handler machines we divide semi-automatic attacks into attacks with direct communication and attacks with indirect communication.

Attacks with direct communication

During attacks with direct communication, the agent and handler machines need to know each other’s identity in order to communicate. This is achieved by hard-coding the IP address of the handler machines in the attack code that is later installed on the agent. Each agent then reports its readiness to the handlers, who store its IP address in a file for later communication. The obvious drawback of this approach is that discovery of one compromised machine can expose the whole DDoS network. Also, since agents and handlers listen to network connections, they are identifiable by network scanners.

Attacks with indirect communication

Attacks with indirect communication deploy a level of indirection to increase the survivability of a DDoS network.Recent attacks provide the example of using IRC channels for agent/handler communication. The use of IRC services replaces the function of a handler, since the IRC channel offers sufficient anonymity to the attacker. Since DDoS agents establish outbound connections to a standard service port used by a legitimate network service, agent communications to the control point may not be easily differentiated from legitimate network traffic. The agents do not incorporate a listening port that is easily detectable with network scanners. An attacker controls the agents using IRC communications channels. Thus, discovery of a single agent may lead no further than the identification of one or more IRC servers and channel names used by the DDoS network. From there, identification of the DDoS network depends on the ability to track agents currently connected to the IRC server. Although the IRC service is the only current example of indirect communication, there is nothing to prevent attackers from subverting other legitimate services for similar purposes.

Automatic Attacks

Automatic DDoS attacks additionally automate the attack phase, thus avoiding the need for communication between attacker and agent machines. The time of the onset of the attack,
attack type, duration and victim’s address is preprogrammed in the attack code. It is obvious that such deployment mechanisms offer minimal exposure to the attacker, since he is only involved in issuing a single command – the start of the attack script. The hard coded attack specification suggests a single-purpose use of the DDoS network. However, the propagation mechanisms usually leave the backdoor to the compromised DDoS machine open, enabling easy future access and modification of the attack code. Both semi-automatic and automatic attacks recruit the agent machines by deploying automatic scanning and propagation techniques. Based on the scanning strategy, we differentiate between attacks that deploy random scanning, hit list scanning, topological scanning, permutation scanning and local subnet scanning. Attackers usually combine the scanning and exploitation phases, thus gaining a larger agent population, and my description of scanning techniques relates to this model.

Attacks with Random Scanning

During random scanning each compromised host probes random addresses in the IP address space, using a different seed. This potentially creates a high traffic volume since many machines probe the same addresses. Code Red (CRv2) performed random scanning .

Attacks with Hitlist Scanning

A machine performing hitlist scanning probes all addresses from an externally supplied list. When it detects the vulnerable machine, it sends one half of the initial hitlist to the recipient and keeps the other half. This technique allows for great propagation speed (due to exponential spread) and no collisions during the scanning phase. An attack deploying hitlist scanning could obtain the list from netscan.org of domains that still support directed IP broadcast and can thus be used for a Smurf attack.

Attacks with Topological Scanning

Topological scanning uses the information on the compromised host to select new targets. All mail worms use topological scanning, exploiting the information from address books for their spread.

Attacks with Permutation Scanning

During permutation scanning, all compromised machines share a common pseudo-random permutation of the IP address space; each IP address is mapped to an index in this permutation. A machine begins scanning by using the index computed from its IP address as a starting point. Whenever it sees an already infected machine, it chooses a new random start point. This has the effect of providing a semi coordinated, comprehensive scan while maintaining the benefits of random probing. This technique is described in as not yet deployed.

Attacks with Local Subnet Scanning

Local subnet scanning can be added to any of the previously described techniques to preferentially scan for targets that reside on the same subnet as the compromised host. Using this technique, a single copy of the scanning program can compromise many vulnerable machines behind a firewall. Code Red II and Nimda Worm used local subnet scanning. Based on the attack code propagation mechanism, we differentiate between attacks that deploy central source propagation, back-chaining propagation and autonomous propagation .

Attacks with Central Source Propagation

During central source propagation, the attack code resides on a central server or set of servers.
After compromise of the agent machine, the code is downloaded from the central source through a file transfer mechanism. The 1i0n worm operated in this manner.

Attacks with Back-chaining Propagation

During back-chaining propagation, the attack code is downloaded from the machine that was used to exploit the system.The infected machine then becomes the source for the next propagation step. Back-chaining propagation is more survivable than central-source propagation since it avoids a single point of failure. The Ramen worm and Morris Worm used backchaining propagation.

Attacks with Autonomous Propagation

Autonomous propagation avoids the file retrieval step by injecting attack instructions directly into the target host during the exploitation phase. Code Red, Warhol Worm and numerous E-mail worms use autonomous propagation.

Classification by Exploited Vulnerability

Distributed denial-of-service attacks exploit different strategies to deny the service of the victim to its clients. Based on the vulnerability that is targeted during an attack, we differentiate between protocol attacks and brute-force attacks.

Protocol Attacks

Protocol attacks exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources. Examples include the TCP SYN attack, the CGI request attack and the authentication server attack. In the TCP SYN attack, the exploited feature is the allocation of substantial space in a connection queue immediately upon receipt of a TCP SYN request. The attacker initiates multiple connections
that are never completed, thus filling up the connection queue indefinitely. In the CGI request attack, the attacker consumes the CPU time of the victim by issuing multiple CGI requests. In the authentication server attack, the attacker exploits the fact that the signature verification process consumes significantly more resources than bogus signature generation. He sends numerous bogus authentication requests to the server, tying up its resources.

Brute-force Attacks

Brute-force attacks are performed by initiating a vast amount of seemingly legitimate transactions. Since an upstream network can usually deliver higher traffic volume than the victim network can handle, this exhausts the victim’s resources. We further divide brute-force attacks based on the relation of packet contents with victim services into filterable and non-filterable attacks.

Filterable Attacks

Filterable attacks use bogus packets or packets for non-critical services of the victim’s operation, and thus can be filtered by a firewall. Examples of such attacks are a UDP flood attack or an
ICMP request flood attack on a Web server.

Non-filterable Attacks

Non-filterable attacks use packets that request legitimate services from the victim. Thus, filtering all packets that match the attack signature would lead to an immediate denial of the specified service to both attackers and the legitimate clients. Examples are a HTTP request flood targeting a Web server or a DNS request flood targeting a name server. The line between protocol and brute force attacks is thin. Protocol attacks also overwhelm a victim’s resources with excess traffic, and badly designed protocol features at remote hosts are frequently used to perform “reflector” brute-force attacks, such as the DNS request attack or the Smurf attack. The difference is that a victim can mitigate the effect of protocol attacks by modifying the deployed protocols at its site, while it is helpless against brute-force attacks due to their misuse of legitimate services (non-filterable attacks) or due to its own limited resources (a victim can do nothing about an attack that swamps its network bandwidth). Countering protocol attacks by modifying the deployed protocol pushes the corresponding attack mechanism into the brute-force category. For example, if the victim deploys TCP SYN cookies to combat TCP SYN attacks, it will still be vulnerable to TCP SYN attacks that generate more requests than its network can accommodate. However, the brute-force attacks need to generate a much higher volume of attack packets than protocol attacks, to inflict damage at the victim. So by modifying the deployed protocols the victim pushes the vulnerability limit higher. Evidently, classification of the specific attack needs to take into account both the attack mechanisms used and the victim’s configuration. It is interesting to note that the variability of attack packet contents is determined by the exploited vulnerability. Packets comprising protocol and non-filterable brute force attacks must specify some valid header fields and possibly some valid contents. For example TCP SYN attack packets cannot vary the protocol or flag field, and HTTP flood packets must belong to an established TCP connection and therefore cannot spoof source addresses, unless they hijack connections from legitimate clients.

Classification by Attack Rate Dynamics

Depending on the attack rate dynamics we differentiate between continuous rate and variable rate attacks.

Continuous Rate Attacks

The majority of known attacks deploy a continuous rate mechanism. After the onset is commanded, agent machines generate the attack packets with full force. This sudden packet flood disrupts the victim’s services quickly, and thus leads to attack detection.

Variable Rate Attacks

Variable rate attacks are more cautious in their engagement, and they vary the attack rate to avoid detection and response. Based on the rate change mechanism we differentiate between attacks with increasing rate and fluctuating rate
.
Increasing Rate Attacks

Attacks that have a gradually increasing rate lead to a slow exhaustion of victim’s resources. A state change of the victim could be so gradual that its services degrade slowly over a long time period, thus delaying detection of the attack.

Fluctuating Rate Attacks

Attacks that have a fluctuating rate adjust the attack rate based on the victim’s behavior, occasionally relieving the effect to avoid detection. At the extreme end, there is the example of pulsing attacks. During pulsing attacks, agent hosts periodically abort the attack and resume it at a later time. If this behavior is simultaneous for all agents, the victim experiences periodic service disruptions. If, however, agents are divided into groups who coordinate so that one group is always active, then the victim experiences continuous denial of service.

Classification by Impact

Depending on the impact of a DDoS attack on the victim we differentiate between disruptive and degrading attacks.

Disruptive Attacks

The goal of disruptive attacks is to completely deny the victim’s service to its clients. All currently known attacks belong to this category.

Degrading Attacks

The goal of degrading attacks would be to consume some (presumably constant) portion of a victim’s resources. Since these attacks do not lead to total service disruption, they could remain undetected for a significant time period. On the other hand, damage inflicted on the victim could be immense. For example, an attack that effectively ties up 30% of the victim’s resources would lead to denial of service to some percentage of customers during high load periods, and possibly slower average service. Some customers, dissatisfied with the quality, would consequently change their service provider and victim would thus lose income. Alternately, the false load could result in a victim spending money to upgrade its servers and networks.

Taxonomy of DDoS Defense Mechanisms

The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Some of these mechanisms address a specific kind of DDoS attack such as attacks on Web servers or authentication servers. Other approaches attempt to solve the entire generic DDoS problem. Most of the proposed approaches require certain features to achieve their peak performance, and will perform quite differently if deployed in an environment where these requirements are not met.
As is frequently pointed out, there is no “ram ban (means the weapon which never misses the target in hindi)” against DDoS attacks. Therefore we need to understand not only each existing DDoS defense approach, but also how those approaches might be combined together to effectively and completely solve the problem.

Classification by Activity Level

Based on the activity level of DDoS defense mechanisms, we differentiate between preventive and reactive mechanisms.

Preventive Mechanisms

The goal of preventive mechanisms is either to eliminate the possibility of DDoS attacks altogether or to enable potential victims to endure the attack without denying services to legitimate clients. According to these goals we further divide preventive mechanisms into attack prevention and denial-of-service prevention mechanisms.

Attack Prevention Mechanisms
Attack prevention mechanisms modify the system configuration to eliminate the possibility of a DDoS attack. Based on the target they secure, we further divide them into system security and protocol security mechanisms.

System Security Mechanisms

System security mechanisms increase the overall security of the system, guarding against illegitimate accesses to the machine, removing application bugs and updating protocol installations to prevent intrusions and misuse of the system. DDoS attacks owe their power to large numbers of subverted machines that cooperatively generate the attack streams. If these machines were secured, the attackers would lose their army and the DDoS threat would then disappear. On the other hand, systems vulnerable to intrusions can themselves become victims of DDoS attacks in which the attacker, having gained unlimited access to the machine, deletes or alters its contents. Potential victims of DDoS attacks can be easily overwhelmed if they deploy vulnerable protocols. Examples of system security mechanisms include monitored access to the machine, applications that download and install security patches, firewall systems, virus scanners, intrusion detection systems, access lists for critical resources, capability-based systems and client-legitimacy-based systems. The history of computer security suggests that this approach can never be 100% effective, but doing a good job here will certainly decrease the frequency and strength of DDoS attacks.

Protocol Security Mechanisms

Protocol security mechanisms address the problem of bad protocol design. Many protocols contain operations that are cheap for the client but expensive for the server. Such protocols can be misused to exhaust the resources of a server by initiating large numbers of simultaneous transactions. Classic misuse examples are the TCP SYN attack, the authentication server attack, and the fragmented packet attack, in which the attacker bombards the victim with malformed packet fragments forcing it to waste its resources on reassembling attempts. Examples of protocol security mechanisms include guidelines for a safe protocol design in which resources are committed to the client only after sufficient authentication is done , or the client has paid a sufficient price , deployment of powerful proxy server that completes TCP connections , etc. Deploying comprehensive protocol and system security mechanisms can make the victim completely resilient to protocol attacks. Also, these approaches are inherently compatible with and complementary to all other approaches.
Denial-of-service prevention mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. This is done either by enforcing policies for resource consumption or by ensuring that abundant resources exist so that legitimate clients will not be affected by the attack. Consequently, based on the prevention method, we differentiate between resource accounting and resource multiplication mechanisms.

Resource Accounting Mechanisms

Resource accounting mechanisms police the access of each user to resources based on the privileges of the user and his behavior. Such mechanisms guarantee fair service to legitimate well-behaving users. In order to avoid user identity theft, they are usually coupled with legitimacy-based access mechanisms that verify the user’s identity. Approaches proposed in illustrate resource accounting mechanisms.

Resource Multiplication Mechanisms

Resource multiplication mechanisms provide an abundance of resources to counter DDoS threats. The straightforward example is a system that deploys a pool of servers with a load balancer and installs high bandwidth links between itself and upstream routers. This approach essentially raises the bar on how many machines must participate in an attack to be effective. While not providing perfect protection, for those who can afford the costs, this approach has often proven sufficient. For example, Microsoft has used it to weather large DDoS attacks.

Reactive Mechanisms

Reactive mechanisms strive to alleviate the impact of an attack on the victim. In order to attain this goal they need to detect the attack and respond to it. The goal of attack detection is to detect every attempted DDoS attack as early as possible and to have a low degree of false positives. Upon attack detection, steps can be taken to characterize the packets belonging to the attack stream and provide this characterization to the response mechanism. We classify reactive mechanisms based on the attack detection strategy into mechanisms that deploy pattern detection, anomaly detection, hybrid detection, and third-party detection.

Mechanisms with Pattern Attack Detection

Mechanisms that deploy pattern detection store the signatures of known attacks in a database. Each communication is monitored and compared with database entries to discover occurrences of DDoS attacks. Occasionally, the database is updated with new attack signatures. The obvious drawback of this detection mechanism is that it can only detect known attacks, and it is usually helpless against new attacks or even slight variations of old attacks that cannot be matched to the stored signature. On the other hand, known attacks are easily and reliably detected, and no false positives are encountered

Mechanisms with Anomaly Attack Detection

Mechanisms that deploy anomaly detection have a model of normal system behavior, such as a model of normal traffic dynamics or expected system performance. The current state of the system is periodically compared with the models to detect anomalies. Approaches presented in provide examples of mechanisms that use anomaly detection. The advantage of anomaly detection over pattern detection is that unknown attacks can be discovered. However, anomaly-based detection has to address two issues:

1. Threshold setting. Anomalies are detected when the current system state differs from the model by a certain threshold. The setting of a low threshold leads to many false positives, while a high threshold reduces the sensitivity of the detection mechanism.

2. Model update. Systems and communication patterns evolve with time, and models need to be updated to reflect this change. Anomaly based systems usually perform automatic model update using statistics gathered at a time when no attack was detected. This approach makes the detection mechanism vulnerable to increasing rate attacks that can mistrial models and delay or even avoid attack detection.

Mechanisms with Hybrid Attack Detection

Mechanisms that deploy hybrid detection combine the pattern-based and anomaly-based detection, using data about attacks discovered through an anomaly detection mechanism to devise new attack signatures and update the database. Many intrusion detection systems use hybrid detection. If these systems are fully automated, properly extracting a signature from a detected attack can be challenging. The system must be careful not to permit attackers to fool it into detecting normal behavior as an attack signature, or the system itself becomes a denial-of-service tool.

Mechanisms with Third-Party Attack Detection

Mechanisms that deploy third-party detection do not handle the detection process themselves, but rely on an external message that signals the occurrence of the attack and provides attack characterization. Examples of mechanisms that use third-party detection are easily found among trace back mechanisms The goal of the attack response is to relieve the impact of the attack on the victim, while imposing minimal collateral damage to legitimate clients of the victim. I classify reactive mechanisms based on the response strategy into mechanisms that deploy agent identification, rate-limiting, filtering and reconfiguration approaches.

Agent Identification Mechanisms

Agent identification mechanisms provide the victim with information about the identity of the machines that are performing the attack. This information can then be combined with other response approaches to alleviate the impact of the attack. Agent identification examples include numerous trace back techniques and approaches that eliminate spoofing thus enabling use of the source address field for agent identification.

Rate-Limiting Mechanisms

Rate-limiting mechanisms impose a rate limit on a stream that has been characterized as malicious by the detection mechanism. Examples of rate limiting mechanisms are found in Rate limiting is a lenient response technique that is usually deployed when the detection mechanism has a high level of false positives or cannot precisely characterize the attack stream. The disadvantage is that they allow some attack traffic through, so extremely high scale attacks might still be effective even if all traffic streams are rate-limited.

Filtering Mechanisms

Filtering mechanisms use the characterization provided by a detection mechanism to filter out the attack stream completely. Examples include dynamically deployed firewalls , and also a commercial system Traffic Master . Unless detection strategy is very reliable, filtering mechanisms run the risk of accidentally denying service to legitimate traffic. Worse, clever attackers might leverage them as denial-of service tools.

Reconfiguration Mechanisms

Reconfiguration mechanisms change the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines. Examples include reconfigurable overlay networks, resource replication services, attack isolation strategies etc. Reactive DDoS defense mechanisms can perform detection and response either alone or in cooperation with other entities in the Internet. Based on the cooperation degree we differentiate between autonomous, cooperative and interdependent mechanisms.

Autonomous Mechanisms

Autonomous mechanisms perform independent attack detection and response. They are usually deployed at a single point in the Internet and act locally. Firewalls and intrusion detection systems provide an easy example of autonomous mechanisms.

Cooperative Mechanisms

Cooperative mechanisms are capable of autonomous detection and response, but can achieve significantly better performance through cooperation with other entities. Mechanisms deploying pushback provide examples of cooperative mechanisms. They detect the occurrence of a DDoS attack by observing congestion in a router’s buffer, characterize the traffic that creates the congestion, and act locally to impose a rate limit on that traffic. However, they achieve significantly better performance if the rate limit requests can be propagated to upstream routers who otherwise may be unaware of the attack.

Interdependent Mechanisms

Interdependent mechanisms cannot operate autonomously; they rely on other entities either for attack detection or for efficient response. Traceback mechanisms provide examples of interdependent mechanisms. A traceback mechanism deployed on a single router would provide almost no benefit.

Classification by Deployment Location

With regard to a deployment location, we differentiate between DDoS mechanisms deployed at the victim, intermediate, or source network.

Victim-Network Mechanisms

DDoS defense mechanisms deployed at the victim network protect this network from DDoS attacks and respond to detected attacks by alleviating the impact on the victim. Historically, most defense systems were located at the victim since it suffered the greatest impact of the attack and was therefore the most motivated to sacrifice some resources for increased security. Resource accounting and protocol security mechanisms provide examples of these systems.

Intermediate-Network Mechanisms

DDoS defense mechanisms deployed at the intermediate network provide infrastructural service to a large number of Internet hosts. Victims of DDoS attacks can contact the infrastructure and request the service, possibly providing adequate compensation. Pushback and traceback techniques are examples of intermediate-network mechanisms.

Source-Network Mechanisms

The goal of DDoS defense mechanisms deployed at the source network is to prevent customers using this network from generating DDoS attacks. Such mechanisms are necessary and desirable, but motivation for their deployment is low since it is unclear who would pay the expenses associated with this service. Mechanisms proposed in provide examples of source-network mechanisms.

REFRENCE

http://www.cert.org/tech_tips/denial_of_service.html
http://www.cert.org/archive/pdf/DoS_trends.pdf
http://www.cert.org/incident_notes/IN-2001-08.html
http://www.cert.org/incident_notes/IN-2001-03.html
http://www.cert.org/incident_notes/IN-2001-01.html
http://www.cs.berkeley.edu/~nweaver/warhol.html
http://www.cert.org/incident_notes/IN-2001-09.html
http://www.cert.org/advisories/CA-2001-26.html
http://www.cert.org/incident_notes/IN-2000-04.html
http://www.cert.org/advisories/CA-1998-01.html
http://www.cisco.com/warp/public/707/newsflash.html
J. D. Howard, “An analysis of security incidents on the Internet,”
F. Kargl, J. Maier and M. Weber, “Protecting web servers from distributed denial of service attacks,”
J. D. Howard and T. A. Longstaff, “A common language for computer security incidents”
http://www.cert.org/research/taxonomy_988667.pdf
S. Axelsson, “Intrusion detection systems: A survey and taxonomy, “
K. Hafner and J. Markoff, Cyberpunk: Outlaws and hackers on the computer frontier
http://www.tripwire.com/products/servers/
http://www.usenix.org/publications/login/2000-7/apropos.html.
M. Franklin and A. Stubblefield, “An algebraic approach to IP Traceback”,
http://search.ietf.org/internet-drafts/draft-ietf-itrace-01.txt, Oct.
RFC 2267,
J. Leiwo, P. Nikander, and T. Aura, “Towards network denial of service resistant protocols
Wikipedia and
Also Credits-some articles by my hackers friends for writing different parts (WAR10RD, DIGITAL, ICEBEAR 64 ETC) ,Jelena , Martin and Peter

Call phones from Gmail- Calls from PC to Phone with Google Talk ~~~~ Now in India ~~~~

Free International Calls from PC to Phone with Google Talk and Talkster (GTalk-to-VoIP) Google has officially unveiled its new Google Mai...