Viruses seldom reveal whose computer is actually sending them. They commonly fake the 'From' address of the e-mail, often using an address found on the infected PC's hard drive. The virus probably came from an infected machine belonging to someone who knows both of you; it sent itself to every address on the hard drive, randomly picking yours as the "sender."

On the other hand, be very suspicious if your PC uploads files over the Internet without your approval. Much malware today sends info from your PC, either to spy on you or to use your PC to send spam or a virus. Make sure your firewall is set to stop and report on all outgoing activity you haven't explicitly approved. Windows XP's firewall doesn't provide this functionality, so if you don't already own a security suite or stand-alone firewall that can handle the job, I recommend that you get Zone Labs' ZoneAlarm or Sygate Personal Firewall, either of which is free for personal use.

You might discover hints of an infection in the System Configuration Utility, also known as Msconfig. To open it, click Start, Run, type msconfig, and then press <Enter>. Click the Startup tab. In the list of programs that load automatically when Windows starts, look for one whose name resembles an eye chart; many malicious programs rename their files with random character strings. Others, though, mimic the names of real system components.

If programs like Msconfig, the Windows Registry Editor, and your antivirus program don't load, your PC is almost certainly infected (although these programs sometimes act up for reasons other than a viral infection). For details, see my August 2005 column, "Prevent Viruses From Disabling Your Protection."

Free online virus scanners can help you find the culprit if your regular antivirus program is compromised. I recommend Bitdefender.com (see Figure 1), Kaspersky Lab, and Trend Micro.

If you keep valuable files on your laptop, you probably know that you ought to protect your data. But knowing you should do something isn't the same as actually doing it, as evidenced by the steady stream of incidents where sensitive information gets lost or stolen from corporate laptops.

The tasks of installing and running encryption software have not always been easy. But I gave a couple of new tools a try recently, and they make encryption simpler than it has ever been.

I tried PGP Whole Disk Encryption 9.5 ($119) and SecurStar DriveCrypt Plus Pack ($161). Both applications can encrypt single files, batches of documents, or the entire hard drive and everything on it. This last feature makes the most sense: You enter your password only once per Windows session, and everything gets encrypted automatically as you work.

Files are encrypted only while on the hard drive. If you send an e-mail attachment to someone from your encrypted hard drive, the software automatically decrypts the attachment before it leaves the PC, and the recipient receives a normal, unscrambled message.

Full disk encryption tools used to have one major drawback: They slowed PCs considerably. But as processor power has gone up, software makers have optimized their products so effectively that you can barely tell the encryption is happening. I surfed the Web, checked and sent e-mail, and even played some graphically intensive games on the encrypted laptop without encountering a perceptible performance hit from the encryption software, which quietly went about its business in the background.

With tools like these available, you have to wonder how many laptops full of sensitive information must be stolen from the car trunks and airport lounges of the world before their owners do something to protect that data.

protect ur windows 98/me from netbus


its very simple to hack windows 98/me with the help of NETBUS tool. it has 2 parts one is client which is a little file which can be send by email, or directly installed on target pc. this file can be renamed or re extantioned, but once it installed. it is working hiddenly and if someone can find that PATCH/CLIENT it can not be delated also. the Hacker can easily run the other part of that software and do everything what he wants to do on target computer.

Here is some simple steps to remove that patch/client from ur pc & be safe.

1) START 2)RUN 3) MSCONFIG
IN MSCONFIG GO TO STARTUP TAB AND DISABLE UNKNOWN APPLICATIONS FROM THE STARTUP.
Then restart pc and u' can remove that perticular clent/Patch
& prevent urself. from NETBUS

Google accidentally sends out Kama Sutra worm
By Robert McMillan, , 11/08/06

Google Inc. accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.

"On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night.

"Some of these posts may have contained a virus called W32/Kapser.A@mm -- a mass mailing worm. If you think you have

downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it," said the statement, which was attributed to the Google Video Team.

W32/Kasper.A@mm is better known as the Kama Sutra worm. Discovered in January of this year, it deletes files and registry keys on affected systems. It is blocked by most antivirus software.

Google uses its Video Blog group to let subscribers know when "interesting and fun" videos have been highlighted on the Google Video Blog. E-mail to the group's mailing list are posted by a handful of Google employees, called Google Video Team

This team was responsible for sending out the malicious e-mail Tuesday night, said Gabriel Stricker, a Google spokesman.

Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.

Google has seen a growing number of technical glitches lately, something observers are attributing to the company's break-neck growth over the past few years. One month ago, hackers found a way to publish a fake post on Google's official blog. The company also experienced service disruptions with its Blogger service recently that have left some users fuming.

Still, Google isn't the only company to accidentally distribute malware on a mailing list, according to Graham Cluley, a senior technology consultant with security vendor Sophos PLC. "Even mailing lists run by security firms have sometimes accidentally had malware posted to them, " he said in an e-mail interview. "But everyone can learn a lesson."

Will this excellent website offering full stuff.

u can disable the ads on Yahoo Messenger ! possible with Registry.

Note:I am Strictly Warning! if your doing practical on registry hacks, if any thing happen I am not responsible.




REGEDIT4

[HKEY_CURRENT_USERSoftwareYahooPageryurl>

"Chat Adurl"="NoAds.gif"
"Conf Adurl"="NoAds.gif"
"Webcam Viewer Ad"="NoAds.gif"
"Webcam Viewer Ad Big"="NoAds.gif"
"Webcam Viewer Ad Medium"="NoAds.gif"
"Webcam Upload Ad"="NoAds.gif"
"Change Room Banner"="NoAds.gif"
"Personals Alert Ad URL"=
"NoAds.gif"
"News Alert Ad URL"="NoAds.gif"
"Mail Alert Ad URL"="NoAds.gif"
"Stock Alert Ad URL"="NoAds.gif"
"Auction Alert Ad URL"="NoAds.gif"
"IMVironment Ad URL"="NoAds.gif"
"Calendar Alert Ad URL"="NoAds.gif"
"Chat Transition Ad"="NoAds.gif"
"Login Mobile Ad"="NoAds.gif"
"Chat Transition Ad"="NoAds.gif"
"N2Phone Adurl"="NoAds.gif"
"Messenger Ad"="NoAds.gif"


More Registry Hacks & Stuff Long to myweb
No Ad on registry file go to Registry Hacks section download it.

TIP1:
Restoring the Default Window Size in Internet Explorer
If the default size of Internet Explorer is not what you want,
1. Start Regedit
2. Go to HKey_Current_User / Software / Microsoft / Internet Explorer / Main
3. Delete or rename the key Window_Placement
4. Restart IE

TIP2:
Forgotten the Content Advisor Password
If you set a password for the Content Advisor and can t remember it,
the following steps will help you remove it:
1. Start Regedit
2. Go to H_KEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Policies/Ratings
3. Delete the entry called Key

TIP3:
Specifying the Default Download Directory in Internet Explorer
To specify the default download directory for the Internet Explorer
1. Start Regedit
2. Go to HKEY_USERS .DEFAULT Software Microsof
t Internet Explorer
3. Add a String value called Download Directory
4. For it s value, enter in the Directory where you want your downloaded files to go.

TIP4:
Creating Hidden URL Shortcuts
If you want to create shortcuts to your favorite URLS but don t want them to show in your Favorites folder:
1. Start Regedit
2. Go to HKEY_LOCAL_MACHINES / Software / Microsoft / InternetExplorer / AboutURLs
3. Add String Values with the shortcut name you want to use
4. Give them the value of the URL you want the shortcut to go to
5. Then from the Internet Explorer, simply type about:shortcut_name

TIP5:
Importing and Exporting Favorites and Cookies with IE5
1. With IE5 you can now import your Favorites and Cookies
2. Just select File / Import and Export
3. The Import/Export Wizard will come up on the screen. Just click on the Next button
4. Then just select what you want to do.
5. It will Export or Import from a single file

It can take days to send a letter across the country and weeks to go around the world. To save time and money, more and more people are relying on electronic mail. It's fast, easy and much cheaper than the using the post office.

What is e-mail? In its simplest form, e-mail is an electronic message sent from one device to another. While most messages go from computer to computer, e-mail can also be sent and received by mobile phones and PDAs. With e-mail, you can send or receive personal and business-related messages with attachments, such as photos or formatted documents. You can also send music, video clips and software programs.

Let's say you have a small business with sales reps working around the country. How do you communicate without running up a huge phone bill? Or what about keeping in touch with far-flung family members? E-mail is the way to go. It's no wonder e-mail has become the most popular service on the Internet.


Follow the Trail

Just as a letter makes stops at different postal stations along the way to its final destination, e-mail passes from one computer, known as a mail server, to another as it travels over the Internet. Once it arrives at the destination mail server, it's stored in an electronic mailbox until the recipient retrieves it. This whole process can take seconds, allowing you to quickly communicate with people around the world at any time of the day or night.

Sending and Receiving Messages

To receive e-mail, you need an account on a mail server. This is similar to having a street address where you receive letters. One advantage over regular mail is that you can retrieve your e-mail from anywhere location in the world, provide that you have Internet access. Once you connect to your mail server, you just download your messages to your computer or wireless device.


To send e-mail, you need a connection to the Internet and access to a mail server that forwards your mail. The standard protocol used for sending Internet e-mail is called SMTP, short for Simple Mail Transfer Protocol. It works in conjunction with POP servers. POP stands for Post Office Protocol.

When you send an e-mail message, your computer routes it to an SMTP server. The server looks at the e-mail address (similar to the address on an envelope), then forwards it to the recipient's mail server, where it is stored until the addressee retrieves it. You can send e-mail anywhere in the world to anyone who has an e-mail address. Remember, almost all Internet service providers and all major online services offer at least one e-mail address with every account.


TRY THIS...
Send yourself a message. Click on this link. When the e-mail window appears, type your address in the TO: field, then fill in the Subject field and write a note. Now click the Send button. In a few minutes, your message should appear in your Inbox.



At one time, Internet e-mail was good only for text messages. You couldn't send attachments, such as formatted documents. With the advent of MIME, which stands for Multipurpose Internet Mail Extension, and other types of encoding schemes, such as UUencode, not only can you send messages electronically, but you can also send formatted documents, photos, audio and video files. Just make sure that the person to whom you send the attachment has the software capable of opening the file.


Queen Elizabeth II sent the first royal e-mail on March 26, 1976.

Overview of Internet Security

As of 1996, the Internet connected an estimated 13 million computers in 195 countries on every continent, even Antarctica (1). The Internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dial-up connections, and Internet service providers. The Internet is easily accessible to anyone with a computer and a network connection. Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day.

However, along with the convenience and easy access to information come new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home, and may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can create new electronic files, run their own programs, and hide evidence of their unauthorized activity.


Basic Security Concepts

Three basic security concepts important to information on the Internet are confidentiality, integrity, and availability. Concepts relating to the people who use that information are authentication, authorization, and nonrepudiation.

When information is read or copied by someone not authorized to do so, the result is known as loss of confidentiality. For some types of information, confidentiality is a very important attribute. Examples include research data, medical and insurance records, new product specifications, and corporate investment strategies. In some locations, there may be a legal obligation to protect the privacy of individuals. This is particularly true for banks and loan companies; debt collectors; businesses that extend credit to their customers or issue credit cards; hospitals, doctors' offices, and medical testing laboratories; individuals or agencies that offer services such as psychological counseling or drug treatment; and agencies that collect taxes.

Information can be corrupted when it is available on an insecure network. When information is modified in unexpected ways, the result is known as loss of integrity. This means that unauthorized changes are made to information, whether by human error or intentional tampering. Integrity is particularly important for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial accounting.

Information can be erased or become inaccessible, resulting in loss of availability. This means that people who are authorized to get information cannot get what they need.

Availability is often the most important attribute in service-oriented businesses that depend on information (e.g., airline schedules and online inventory systems). Availability of the network itself is important to anyone whose business or education relies on a network connection. When a user cannot get access to the network or specific services provided on the network, they experience a denial of service.

To make information available to those who need it and who can be trusted with it, organizations use authentication and authorization. Authentication is proving that a user is whom he or she claims to be. That proof may involve something the user knows (such as a password), something the user has (such as a "smartcard"), or something about the user that proves the person's identity (such as a fingerprint). Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program. Authentication and authorization go hand in hand. Users must be authenticated before carrying out the activity they are authorized to perform. Security is strong when the means of authentication cannot later be refuted - the user cannot later deny that he or she performed the activity. This is known as nonrepudiation.


Why Care About Security?

It is remarkably easy to gain unauthorized access to information in an insecure networked environment, and it is hard to catch the intruders. Even if users have nothing stored on their computer that they consider important, that computer can be a "weak link", allowing unauthorized access to the organization's systems and information.

Seemingly innocuous information can expose a computer system to compromise. Information that intruders find useful includes which hardware and software are being used, system configuration, type of network connections, phone numbers, and access and authentication procedures. Security-related information can enable unauthorized individuals to get access to important files and programs, thus compromising the security of the system. Examples of important information are passwords, access control files and keys, personnel information, and encryption algorithms.

Judging from CERT? Coordination Center (CERT/CC) data and the computer abuse reported in the media, no one on the Internet is immune. Those affected include banks and financial companies, insurance companies, brokerage houses, consultants, government contractors, government agencies, hospitals and medical laboratories, network service providers, utility companies, the textile business, universities, and wholesale and retail trades.

The consequences of a break-in cover a broad range of possibilities: a minor loss of time in recovering from the problem, a decrease in productivity, a significant loss of money or staff-hours, a devastating loss of credibility or market opportunity, a business no longer able to compete, legal liability, and the loss of life.

This document provides a general overview of email spoofing and the problems that can result from it. It includes information that will help you respond to such activity.

Introduction

I. Description

II. Technical Issues

III. What You Can Do

1. Reaction
2. Prevention (Deterrence)

IV. Additional Security Measures That You Can Take

I. Description
Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:

* email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this
* email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

If, after investigating the activity, you find that there is more to the incident than spoofed email (such as a compromise at your site or another site), please refer to Section IV below.
II. Technical Issues

* If you provide email services to your user community, your users are vulnerable to spoofed or forged email.
* It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted.
* In addition to connecting to the SMTP port of a site, a user can send spoofed email via other protocols (for instance, by modifying their web browser interface).

III. What You Can Do

1. Reaction
1. You may be alerted to spoofed email attempts by reports from your users or by investigating bounced email error messages.
2. Following relevant policies and procedures of your organization, review all information (such as mail headers and system log files) related to the spoofed email.

Examine tcp_wrapper, ident, and sendmail logs to obtain information on the origin of the spoofed email.

The header of the email message often contains a complete history of the "hops" the message has taken to reach its destination. Information in the headers (such as the "Received:" and "Message-ID" information), in conjunction with your mail delivery logs, should help you to determine how the email reached your system.

If your mail reader does not allow you to review these headers, check the ASCII file that contains the original message.

NOTE: Some of the header information may be spoofed; and if the abuser connected directly to the SMTP port on your system, it may not be possible for you to identify the source of the activity.
3. Follow up with other sites involved in this activity, if you can identify the sites. Contact them to alert them to the activity and help them determine the source of the original email.

We would appreciate a cc to "[email protected]" on your messages; this facilitates our work on incidents and helps us relate ongoing intruder activities.

If you have a CERT# reference for this incident, please include it in the subject line of all messages related to this incident. (NOTE: This reference number will be assigned by the CERT/CC, so if you do not have a reference number, one will be assigned once we receive the incident report.)

To find site contact information, please refer to

http://www.cert.org/tech_tips/finding_site_contacts.html

You may also want to contact the postmaster at sites that may be involved. Send email to

postmaster@[host.]site.domain (for example, [email protected])

Please include a copy of this document in your message to sites.
4. To provide as much information as possible to help trace this type of activity, you can increase the level of logging for your mailer delivery daemon.
5. Realize that in some cases, you may not be able to identify the origin of the spoofed email.
2. Prevention (Deterrence)
1. Use cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages. Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.
2. Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites.
3. Ensure that your mail delivery daemon allows logging and is configured to provide sufficient logging to assist you in tracking the origin of spoofed email.
4. Consider a single point of entry for email to your site. You can implement this by configuring your firewall so that SMTP connections from outside your firewall must go through a central mail hub. This will provide you with centralized logging, which may assist in detecting the origin of mail spoofing attempts to your site.
5. Educate your users about your site's policies and procedures in order to prevent them from being "social engineered," or tricked, into disclosing sensitive information (such as passwords). Have your users report any such activities to the appropriate system administrator(s) as soon as possible. See also CERT advisory CA-1991-04, available from

http://www.cert.org/advisories/CA-1991-04.social.engineering.html

IV. Additional Security Measures That You Can Take

1. If you have questions concerning legal issues, we encourage you to work with your legal counsel.

U.S. sites interested in an investigation of this activity can contact the Federal Bureau of Investigation (FBI). Information about how the FBI investigates computer crimes can be found here

http://www.cert.org/tech_tips/FBI_investigates_crime.html

For information on finding and contacting your local FBI field office, see

http://www.fbi.gov/contact/fo/fo.htm

Non-U.S. sites may want to discuss the activity with their local law enforcement agency to determine the appropriate steps for pursuing an investigation.
2. For general security information, please see

http://www.cert.org/

3. To report an incident, please complete and return

http://www.cert.org/reporting/incident_form.txt

Or use the web-based Incident Reporting Form at

https://irf.cc.cert.org

gr8 scripts

IP Spoofing: An Introduction


Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by ?spoofing? the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.

History

The concept of IP spoofing, was initially discussed in academic circles in the 1980's. While known about for sometime, it was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction. Stephen Bellovin discussed the problem in-depth in Security Problems in the TCP/IP Protocol Suite, a paper that addressed design problems with the TCP/IP protocol suite. Another infamous attack, Kevin Mitnick's Christmas Day crack of Tsutomu Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

Technical Discussion

To completely understand how these attacks can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.

Internet Protocol ? IP

Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.



Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses ? specifically the ?source address? field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

Transmission Control Protocol ? TCP

IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This ?conversation?, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.




As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It?s quite different than IP, since transaction state is closely monitored.

Consequences of the TCP/IP Design

Now that we have an overview of the TCP/IP formats, let's examine the consequences. Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session, albeit a false one, is built. We will examine the ramifications of this in the attacks discussed below.

Spoofing Attacks

There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.

Non-Blind Spoofing

This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.

Blind Spoofing

This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and TCP sessions. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.

Man In the Middle Attack

Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a victim into disclosing confidential information by ?spoofing? the identity of the original sender, who is presumably trusted by the recipient.

Denial of Service Attack

IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against ? denial of service attacks, or DoS. Since crackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block traffic.

Misconceptions of IP Spoofing

While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.

Defending Against Spoofing

There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:

Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense. You will need to implement an ACL (access control list) that blocks private IP addresses on your downstream interface. Additionally, this interface should not accept addresses with your internal range as the source, as this is a common spoofing technique used to circumvent firewalls. On the upstream interface, you should restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.

Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. Additionally, you should eliminate all host-based authentication measures, which are sometimes common for machines on the same subnet. Ensure that the proper authentication measures are in place and carried out over a secure (encrypted) channel.

Conclusion

IP Spoofing is a problem without an easy solution, since it?s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

Yahoo Messenger
Instant Messaging is a very fast and convenient form of communication. However it has opened up a new medium for hackers and script kiddies to mess around. In this paper, we'll take a look at yahoo messenger and see what we can do to keep our PCs safe.

We will look at two levels at which you can protect your PC. The first one will include configuring yahoo messenger's default settings and installing a firewall. The second level will deal with third party programs which either replace yahoo messenger or create a safer environment by constantly monitoring your system.


Floating Hacks - The Problem

Let us first take a look at some of the types of hacks floating around. These fall into the following categories:

Booters
A booter is something that disconnectes (or "boots") the target from the chat/IM service. Usually, a lot of junk traffic is sent to your client causing yahoo to disconnect you.


Bombers
If you have suddenly found many windows opening, covering up all of your screen, starving your system of resources and eventually crashing your computer, you've just been bombed! This is usually the result of programming error/ not taking too much trouble in designing the protocol/ oversight by the programmers at yahoo. An unchecked bombing will crash your system and you'll have to reboot your machine.


Internet Explorer vulnerabilities
Later versions of yahoo use internet explorer to display all the chat/IM text. If you haven't lived on Mars all your life (or you are a fellow penguin lover [wtf are you doing here anyway?]), you must have heard of the various patches/security updates released by microsoft. These vulnerabilities range from the annoying to the severe and can be really dangerous in the right (wrong?) hands. You can loose all data, all your personal info can be read, your mails and correspondence peeked at and your computer can be taken over.

Fortunately, most of the internet explorer vulnerabilities can be exploited only in rare circumstances but your best bet is to stay updated.

The Solution
Level I

The first thing to do is to check whether messengers' settings are set properly. These are found under Login -> Preferences in the menu.



Messages - One of the ways of freezing the victims computer has been to send too many messages each with a different yahoo ID. Many windows pop up as a result using up all your memory eventually causing your computer to crash.

To avoid this to a certain extent, select 'Messages are shown in a single message box'. This will still cause a crash if you are being bombarded with messages. For better protection, follow the instructions under 'Privacy'.


Archiving - Imagine someone breaking into you computer and having access to all your conversations! Uncheck "Enable Archiving" and delete the folder Archive typically present under C:\Program Files\Yahoo!\Messenger\Profiles\your-username\Archive.


File Transfer - Disable automatic download of files. This way nobody can send you files without your permission. To do this, select "Ask me for permission before downloading files" and "Ask me for permission to get files".


Webcam settings - Avoid Peeping Toms. Choose "Always ask for my permission" under Login -> Preferences -> Webcam.


Privacy - Do not allow people other than your friends to IM you. This way you'll avoid most of PM boots and other nasty stuff. Select "Ignore anyone who is not on my Friend List".
Installing a firewall
A firewall is a program that monitors incoming and outgoing packets and performs a (preconfigured) action on them. What this means is that a firewall will check that data coming into your computer is from an expected (previously configured) address and that the data going out of your computer is from an expected (previously configured) program.

Any good firewall will do.

Level II
A number of programs have been created to address the problem of stability. Use a search engine to locate these programs.
Ym!lite - This program has no known boots.

Update: Ym!lite now supports cam and voice is under development.

Yahelite - This is the most popular proggy out there. It supports voice chat and video cams.

A lot, and I mean a lot of people are infected with Magic PS. Especially with Magic PS 1.5 Second Edition. If you don't know what is Magic PS. Magic PS is a trojan, simply a program that steal your Yahoo! Messenger 5 or 6 user name and password to the sender. Magic PS 1.5 SE no longer show itself in the Message Archive, so checking there won't help.

If the sender is stupid enough, he/she would sent you the file "sender.exe", DO NOT accept it because it is the default name for a MPS created file.

Check your computer for certain files such as these:

regsvr.exe in c:\Winnt or c:\Windows ; depends on version of Windows

MsAgent32.exe in c:\*Win installed folder*\system 32

Perflib-Perfdata in c:\*Win installed folder*\System32

PIF in c:\*Win installed folder*
NTMSJRLN in c:\*Win installed folder*\system32\NtmsData

Sender.exe

MPSmmtask0.exe in c:\Documents settings\*User Name*\Local settings\Temp

The sender.exe (can be any name) file may also contain a text string "UPX-Scrambler RC1.x -&gt; ?OnT?oL". You can see this by using a hex editor, etc.

MPS 1.5 SE hides the (sender/hacker) Yahoo! ID in the sender.exe file, it is scrambled so even with a hex-editor, you still cannot view it. To reveal the (sender/hacker) Y! ID, simply reverse-engineer the sender.exe file.

Be warned that Magic PS 1.6 will be release in the near future. Keep an eye out on the file that whoever sent you, you'll probably be safe.

Hope this helps everyone and understandable, because I'm so sleepy when I wrote this =P

Backup & Restore Registry



REGISTRY BASICS

The registry contains extended information, settings and various other values for the the Microsoft Windows 95, Windows 98, Windows NT, Windows 2000, Windows ME and Windows XP operating system. Within the registry you can control a great majority of the operating system as well as fix a lot of issues with Windows. However we only recommend those whom are experienced with computers or whom feel confident to go into the registry.

Before going into the Registry and changing or deleting anything we ALWAYS recommend that you backup the registry.

The computer registry consists of two files hidden in the Windows directory, system.dat and user.dat. User-specific system information is contained in the user.dat file and Computer and Hardware specific information in the system.dat file.

To get into the Windows 95 or Windows 98 registry click Start / Run / type regedit



When typing regedit you will get the following screen this window as you can see is the Registry editor. This windows looks very similar to Explorer however within each folder you have sub folders which have various settings.

The following are the types of files that you will see during the time you are in the registry.

Open or selected folder just as you would see in Windows Explorer
Closed folder just as you would see in Windows Explorer
String Value allows you to place certain values to certain aspects of a program such as a version number.
Binary Value allows you to set attributes to a particular application, values are in binary.
Dword Similar to the binary value allowing you to set attributes however done in binary and hex.

BACKING UP / RESTORING THE REGISTRY

Backing up Windows 95 Registry:

To backup Windows 95 Registry from the Windows desktop click Start / Shut Down / Restart the computer in MS-DOS mode.

At C:WINDOWS> type the following:

attrib user.dat -r -a -s -h <press>
attrib system.dat -r -a -s -h <press>
md backup <press>
copy user.dat backup <press>
copy system.dat backup <press>

The above will copy the registry files into a backup directory in your Windows directory. Once the above has been done you can restart the computer and edit the registry as needed.

Restoring Windows 95 Registry:

If you by chance make a mistake while in the registry and have done the above, get to a DOS prompt. If you are not able to get into Windows. As the computer is booting up and you see Starting Windows 95 or you hear a beep press your F8 key on the keyboard this should get you into the
Windows 95 Startup menu. Choose the option for Safe Mode command prompt only.

When at the DOS prompt type cdwindows (note you will not be able to get into this directory if you have not followed the above steps earlier in backing up your registry.

Once in the Windows directory type the following:

attrib user.dat -r -a -s -h <press>
attrib system.dat -r -a -s -h <press>
del user.dat <press>
del system.dat <press>

Once these files have been deleted type cdwindowsackup once in the windowsackup directory type the following:

copy user.dat c:windows <press>
copy system.dat c:windows <press>

The above should copy two files, once copied reboot the computer and you should now be able to get back into Windows.

Backing Windows 98 Registry:

Windows 98 has a new feature referred to as scanreg that will automatically backup your registry each time you boot up your computer, however the steps listed above for backing up Windows 95 registry also work but are not necessarily need unless you wish to keep an originally un-touched copy of the registry.

Restoring Windows 98 Registry:

To restore Windows 98 registry get into a DOS prompt, if you are not able to get into Windows 98 to shutdown the computer to get into a DOS prompt as the computer boots up press and hold your left ctrl key on your keyboard which should get you into a Windows 98 startup menu, in this menu choose the option for command prompt only (safe mode command prompt only will not work).

Once at the prompt type cdwindowscommand

Once in this directory type scanreg /restore this will restore a previously backed up copy of your registry. You then should be able to reboot the computer and get back into Windows.

If you backed up your registry using the Windows 95 steps use the Windows 95 restore steps to restore the registry.


REGISTRY SCREEN SHOTS



REGISTRY Q&A

Q: Is there a way to edit the registry from a command prompt (DOS)?
A: Unfortunately because the registry is a part of Windows it is not possible to edit the registry without running Regedit through Windows. If you are not able to get into Windows you may wish to attempt to run regedit.exe from Safe mode.