Scott Pilkinton's Information Technology site

Mr. Gates showed it off on Sunday during his keynote address at the Consumer Electronics show in Las Vegas. Read more…

The New York Times had some pretty good tips over the weekend for home users in regards to keeping their personal information safe. The tips actually were pretty good, but there was no explanation of why you would want to do each one. So, here go my explanations for the people who are interested:

• Don’t share your computer (on which you pay your bills) with your children (who download games)
  • This is more important than most people think. Lots and lots of advertising that goes on are focused toward kids these days. All one of the ads has to do is to catch the eye of a curious youngster and before you know it, you have a new toolbar installed in Internet Explorer! Also, lots and lots of kids games that come on CD also have ‘junk’ that gets installed – which has nothing to do with the game. What happens is a Yahoo, or someone will pay the game company to include their toolbar or other potentially unwanted program in the game’s installation program. Most of the time – it is very hard to bypass the unwanted software during installation. Anyway the thing that gets you in trouble here is spyware. I’ll give you a good example of how easy it is to get infected: My son comes home from school one day and went straight to the computer. Someone at school had introduced him to ‘cheat codes’ for his video games. These are typically sequences that are embedded into the game by the manufacture, which will allow you to get ‘extra’ stuff (like more lives, super duper powers, etc.) without having to achieve them by advancing through the game. Anyway, so one search on Google for Gameboy cheat codes and bam! The next site visited entices your child to click on a link for a free Gameboy game. Now, what just happened that you don’t realize is there is spyware now installed on your computer that will capture future information you send out with your computer. So, when you check your bank account later that night and supply your username and password – the ‘silent’ program has captured that information as it was being sent. With this valuable information in hand, it then sends it to the person who wrote the malicious spyware to begin with. Guess what, now someone can log into your bank account because they have your user/password information. Trust me, with separate computers this risk goes down drastically.
• Use a firewall program that warns you about outgoing connections that botnets make to communicate with control software.
  • Let’s say you were using that single computer with the entire family. One way to add a layer of protection is to make sure you have a firewall enabled on your computer. That way, even if the spyware program got installed while searching for Superman’s latest kryptonite antidote – the firewall would likely catch that program from sending your bank information that it captured later that night. Typically what would happen is a box would pop up anytime an ‘unknown’ program was trying to send information from your computer. By default, it would block the communication unless it was something you specifically told to allow through. Have the firewall enabled on every computer in the house.
• Don’t use the same password on more than one financial site.
  • Although financial sites tend to have a lot more security than your run of the mill website, they can still get hacked. So, if your financial userid/password credentials get stolen from one site – you don’t want the thief to start trying those same passwords on other financial sites you may have accounts with. I also want to add to this tip myself:
    • Don’t use the same password on every website that requires one. Let’s say you have a userid/password for eBay and that same password is used on your bank’s website. If that password is ever stolen, it would be fairly easy to find other sites you have used the same password with.
• Don’t let your browser store your password for such sites.
  • Most browsers offer to do this now, but you really don’t want to use this on any website that could be used without your permission. I’ll go so far as to say don’t let your browser save the password on any site that you have purchased things on. The reason for this is because most of the shopping sites will store your credit card information for future purchases. As handy as this may seem, all it takes is someone else to visit that site on your computer and they would be able to order Christmas for the next five years because the password had been saved in the browser.
• Don’t buy anything offered by a spammer.
  • Simply put, don’t click on anything in an email you receive unless you are 100% sure of where the email came from.
• Don’t click if someone offers you something too good to be true. It is
  • Very true. No matter how good something sounds – whether it came to you in an email or you saw it while browsing a website: 99.99 percent of it will come back to bite you if pursued.

Cisco To Buy Private Network-security Start-up IronPort 

(RTTNews) – If published reports on Thursday are right, Cisco Systems Inc. is buying network-security start-up IronPort Systems Inc. for about $830 million in cash and stock, to buttress its already robust global network protection business.The acquisition comes at a time when the corporate sector is clamoring for anti-virus and anti-spam software to guard against security vulnerabilities. San Bruno, California based IronPort is a closely held company that specializes in network e-mail and messaging security products that monitor email and Web traffic to block spam, viruses, spyware and other security threats.IronPort is popular for its reputation filters – a technique that filters spam by investigating the sender’s details, and thereby significantly reducing email traffic.

http://www.tradingmarkets.com/.site/news/TOP%20STORY/496421

Google to invest in China local file share network

BEIJING (MarketWatch) — Google Inc. (GOOG) will buy a stake in Xunlei Network Technology Ltd., a Chinese peer-to-peer file sharing network operator, the state-owned China Daily reported Thursday, citing Xunlei spokesman Jackson Zhang.Google China public relations official Cui Jin and Xunlei’s Zhang declined to comment on the report. Shenzhen-based Xunlei operates China’s biggest video downloading service, with tens of millions of downloads from the site each day, according to its Web site.The two companies will hold a press conference Friday on the strategic cooperation, Xunlei said.

http://www.marketwatch.com/news/story/google-invest-china-local-file/story.aspx?guid=%7B0D81E9C3-89B2-477F-B7F3-46F595943169%7D

Vonage Appoints Timothy G. Smith As President of Vonage Network, Inc.

HOLMDEL, N.J., Jan. 4 /PRNewswire-FirstCall/ — Vonage Holdings Corp. (NYSE: VG – News), a leading provider of broadband telephone services, today announced that its interim president of Vonage Network Inc. since June 2006, Tim Smith, has assumed the post on a permanent basis. As president of Vonage Network Inc., a subsidiary of Vonage Holdings Corp., Tim will oversee all of Vonage’s network and systems operations globally and manage the Vonage Network staff.Before joining Vonage in July 2005 as SVP of Network and Systems Infrastructure, Tim worked in various management roles for leading technology companies including Sun Microsystems Inc., UUNET Technologies Inc. and Wayport, Inc.

http://biz.yahoo.com/prnews/070104/nyth094.html?.v=77 

Online dating firm finds itself attracted to storage area network

An online dating company has formed a relationship with a vendor to provide the storage needs of the growing customers getting together on its Web sites.Vintacom Media Group ULC, a subsidiary of Think Partnership Inc., develops online dating software and social networking applications aimed at the North American market. Its properties include DreamMates.com, PassionatePersonals.com, FlirtOverFifty.com, CocktailConnection.com and MeetForCoffee.com. Vintacom went through a technology refresh last year to improve network performance at its Edmonton head office, which included Dell PowerEdge 6850 servers and a Dell CX500 storage area network (SAN). Previously, it had four aging database servers, so it had to set up a failover and replication routine for each of those servers. With its technology refresh, the company has consolidated those four systems down to one cluster so it’s easier to manage.

http://www.itbusiness.ca/it/client/en/home/News.asp?id=41775 

Aardman cranks up network to US

Wallace and Gromit would certainly approve. Aardman Animations, the company behind the plasticene duo, has upgraded its network to support the increasing amount of transatlantic collaboration the company now undertakes.The company has signed a deal with NTL Telewest to move from a 4Mbit/s long-distance network to a 10Mbit/s one to take into account the large amount of traffic heading across the Atlantic. The company used the NTL Telewest link to complete its latest feature, Flushed Away and is currently working on a version of its hit show Creature Comforts for CBS television in the US.

http://www.techworld.com/networking/news/index.cfm?newsID=7708&pagtype=samechan 

Google and Web Host EarthLink Come Close to SF-Wide Wireless Network

After months of negotiations, Google Inc. and Earthlink are coming close to finalizing a deal to build a San Francisco-wide wireless Internet networkJanuary 3, 2007 – (TopHosts News Brief) – According to reports, after months of negotiations, Internet search leader Google Inc. and partner Earthlink are close to finalizing terms of a deal to build a San Francisco-wide wireless Internet network.After more than nine months of negotiations, an agreement on contract terms means both sides have overcome major hurdles. The process, however, is by no means over. Before network construction can begin, the terms must be approved of by the city’s board of supervisors. Sources also say that although an official announcement could be made by this week, they cautioned that negotiations could unravel due to various issues.The proposed San Francisco network would have two components; one made available for free, with a high-speed Internet network supported by advertisements appearing on computer or laptop screens logged onto the network. The proposal also calls for selling a faster, commercial-free wireless Internet service in San Francisco for $20 a month.

http://www.tophosts.com/articles/004406.html

This really didn’t start out as a mini research project…

It started, because I am reading this great book by Syngress called: Penetration Tester’s Open Source Toolkit.  The book is about how to use freely available tools to conduct penetration tests on a network.  It contains tons of valuable information, including source code of a few very useful utilities.  The one that caught my eye was a website banner grabber.  The program reads in a text file containing websites that you want to pull the banner from.  For each entry, the returned banner is output to the screen.  The banner contains identifcation of the webserver software running for that site. Read More »

I got a beta invitation a few days back to beta test the new Windows Live OneCare. OneCare is basically positioning itself to be a single source for all your desktop security needs. Once installed, the program provides Firewall, Virus and Spyware monitoring, Backup and Restore, and Performance Plus (tune up module).

This version will run on XP with SP2 and Vista (build 5600 and above). Since I haven’t ran the previous versions – I really don’t have anything to compare it to.

First, I downloaded the small setup executable and ran it.

Once you pick the language and accept the license agreement, the program will download and install.

The download and installation on my machine took less than 10 minutes.

During the beta, the readme said to safely ignore the Activation option. I selected Not yet to continue.

The next thing you will see is the main program window that will serve as the central information source on the overall health status of the Operating system.

The Virus scan options let you just do a quick scan at first and then it will run the full scan at a scheduled time that you setup.

Running the TuneUp portion will make sure all the necessary parts of the program have successfully run along with cleaning up any unneeded files.

After the next day or two, I got this message while using my computer about installing an update.

Overall, I can see where this would be very usefull program to have – especially for home computers that need some ‘self-maintaining’ capabilities. Is it worth $49 a year for the service? Probably…. Will I continue the service after the beta expires and am forced to sign up? No… It’s really not a tech-guys program and it certainly isn’t for corporate installation use.

There are plenty of times where you might want to use Dynamips when not connected to a network. Maybe your out on the road and just want to practice some labs. It would be nice to have your laptop network adapter part of the emulated network – even when your laptop is not connected to any network.

The solution is to use a loopback adapter in Windows, then including it in your Dynagen config file.

First, create a new loopback adapter in Windows (these instructions are assuming Windows XP)

1. Click Start, and then click Control Panel. Because this is XP, you may have it set up this way, or you may have your interface set up in Classic view. Either way, navigate your way to ‘Add Hardware’, or ‘Printers and Other Hardware’
2. Launch the Wizard to Add Hardware to your system. Do not be confused because you are not actually installing any new hardware, just simply adding a ‘network adapter’ which is acting as a virtual adapter.
3. Click next, once you have launched the Wizard. You will see a series of dialog boxes open to ask you about scanning for hardware changes, etc – you will want to do everything manually in this exercise. There will be no automatic scanning for any reason because you have not installed anything, the installation will immediately fail.
   
4. You will next be asked if the hardware is connected. You can select Yes from the options and click Next.
   
5. Now, select *from the bottom of the list* the ‘Add a new hardware device’ option, and then click Next.
   
6. Click Install the hardware that I manually select from a list, and then click Next
7. Select ‘Network adapters’ from the Common hardware types section within the dialog box. Click Next
   
8. Select Microsoft and then the Microsoft Loopback Adapater, and then click Next.
   
   
   
9. Now, you can go into the network connections folder and modify any properties of the loopback, just like any other network adapter. You can assign a static IP address to the loopback at this point.

In order to use the new loopback with Dynamips, run the Network Device List command in the Dynamips folder.

The command shows our loopback as: \Device\NPF_{AC6BC0D4-7AE7-45B3-A74B-13A59015D26C}

So, if you have installed the Dynagen package – look at the Dynagen Sample Labs folder. In this explanation – I will use the simple2 folder.

Edit the simple2.net file and modify it to look something like the following:

# Another simple dynagen configuration file
#
# All the f0/0 interfaces are on VLAN 1 and the F1/0 interfaces are on VLAN 2

[localhost]

[[7200]]
image = \Program Files\Dynamips\images\image.bin
# On Linux / Unix use forward slashes:
# image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image
npe = npe-400
ram = 160

[[ROUTER Zapp]]
console = 2001
f0/0 = S1 1
f1/0 = S1 2

[[ROUTER Leela]]
console = 2002
f0/0 = S1 3
f1/0 = S1 4

[[ROUTER Kif]]
console = 2003
f0/0 = S1 5
f1/0 = S1 6

[[ethsw S1]]
1 = access 1
2 = access 2
3 = access 1
4 = access 2
5 = access 1
6 = access 2
7 = access 1 NIO_gen_eth:\Device\NPF_{AC6BC0D4-7AE7-45B3-A74B-13A59015D26C}

When this Dynagen configuration file is run, you will have three 7200 routers – all with the fa0/0 interface in the same vlan as the Windows loopback adapter.

To test, assign fa0/0 on Zapp an ip address in the same subnet as your MS loopback – then perform a ping test.

Now you have a test lab with your laptop as part of the simulated network.

Download MinGW-5.0.2 and run the installer

• From the install type dropdown menu – Select Minimal install
  • In the box under the dropdown, check the g++ compiler and MinGW Make Options
• Install in the default folder (C:\MinGW)

Download MSYS-1.0.10 and run the installer

• Install in the default folder (C:\msys\1.0)
• When asked if you want to go through the post install configuration, answer yes
  • When the question is asked: Do you have MinGW installed? [yn ] Answer y
  • When the question is asked: Where is your MinGW installation? Answer c:/mingw
• You should see the following at the end of the configuration process:

Oh joy, you do not have c:/mingw/bin/make.exe. Keep it that way.

C:\msys\1.0\postinstall>pause
Press any key to continue.....

Download OpenSSL 0.9.8b binary distribution

• Install this at C:\OpenSSL

Download WinPcap 3.1 Installer for Windows 95/98/ME/NT4/2000/XP/2003/Vista and the Developers Pack

• Run the WinPcap 3.1 Auto Installer

Now update your path statement by Right Clicking on My Computer -> Properties
Go to the Advanced Tab and press the Environment Variables button

• Append c:\mingw\bin and c:\msys\1.0\bin to your PATH

Browse to the c:\MinGW folder and create a folder under it called ntop-3.2.2
Under C:\MinGW\ntop-3.2.2 create another folder called ntop

Download the ntop source

• Now unzip the contents of the Ntop zip file to C:\MinGW\ntop-3.2.2\ntop

Browse to the C:\MinGW\include folder and create a folder under it called openssl – then browse to the openssl folder you just created.

In a second explorer window, Browse to the C:\OpenSSL\include\openssl folder. Select all files in that folder and copy them to your original folder window, which should be at: C:\MinGW\include\openssl

Create folder openssl-0.9.8b under C:\MinGW\ntop-3.2.2. Copy libeay32.a and ssleay32.a from C:\OpenSSL\lib\MinGW to C:\MinGW\ntop-3.2.2\openssl-0.9.8b.

Unzip WpdPack_3_1.zip (WinPcap Developers pack) in C:\MinGW\ntop-3.2.2 and rename the WpdPack folder to winpcap-3.1.

Create folder mysql under C:\MinGW\include and copy all files in the C:\MinGW\ntop-3.2.2\mysql-5.0.24\include folder to it.

Your folder tree should look like this (only most important folders
shown):

c:\mingw
|
+--include
| |
| +--mysql
| |
| +--openssl
|
+--ntop-3.2.2
|
+--gdbm-1.8.3
|
+--graphics
| |
| +--gd-2.0.33
| | |
| | +--libpng-1.2.12
| |
| +--zlib-1.2.3
|
+--mysql-5.0.24
|
+--ntop
| |
| +--docs
|
+--openssl-0.9.8b
|
+--pcre-6.7
| |
| +--.libs
|
+--rrdtool-1.2.15
| |
| +--src
| |
| +--release
|
+--winpcap-3.1
|
+--Include
|
+--Lib

Run MSYS and type the following commands:

cd /mingw/ntop-3.2.2/ntop/
make -f Makefile.mingw depend (lots of warnings… don’t worry)
make -f Makefile.mingw (lots of warnings… don’t worry)

It should compile fine

Open a command prompt and CD to \mingw\ntop-3.2.2\ntop. Try

ntop /h

You might get the following error in a message box:

“ntop.exe- Unable to locate DLL. The dynamic link library packet could
not be found in the specified path.”

If this happens, run the command below:

copy %WINDIR%\system32\packet.dll packet

and run

ntop /h

again. It should display the help. Then try

ntop /c

and it should run in console mode.

Recently, I had the need to get a Netflow collector up rather quickly. There were a couple of old circuits that we were in the process of replacing on some remote routers and I needed to know what traffic was still going across them. Since most of the traffic was already going across the replacement circuits – it was some one off host systems that routing was different for various reasons. Before the old T1′s could be disconnected, the oddball conversations needed to be identified and fixed.

Netflow is probably the best method of determining end to end traffic flows. Netflow does not have requirements that you would typically have with doing traditional sniffer traces. The device that is exporting netflow data does all the work. Every time a new conversation is initiated or closed between two systems – netflow data is generated. The exporting device (router,switch,etc.) then sends the conversation information to a netflow collector. Ntop has a plug-in that is used to work as the collector.

About ntop:

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.

The author of ntop has licensed this program as open source and provides compiled binaries for different Unix platforms. However, for the Windows platform, it is encouraged to submit a donation to obtain a fully functional copy of the Windows version. Otherwise, you can download a (demonstration version) Windows binary that is very limited on the amount of traffic it will report on.

Since the software is open source, it is possible to compile it yourself. However, to compile on Windows – you need Microsoft Visual C++ 6.0. There is one other alternative to whipping out a fully functional Windows binary yourself, which is the point of this article.

An open source Windows C++ compiler exists called MinGW. At some point, ntop could be compiled using MinGW along with some other tools. As ntop continued to develop, the compile process broke using MinGW. Admittedly, I wouldn’t have been in any hurry to fix this either if I was the author. I am one of the biggest proponents of Open Source that you will find, but I also agree that open source project owners should have revenue opportunities that provide them income for their efforts.

Read More »

I learned of a very unique and amazing program a couple of weeks ago. Ever since my discovery, I have found it very useful in my day to day work.

The software I'm speaking of is an emulator, but not your common pc or mac emulator. No, this is not another game platform emulator – (I did say useful in my work).

This program emulates a Cisco 7200 router! If you have ever seen router simulators for test study purposes, you know that they try to be as close to the real thing as possible.

With dynamips the hardware is emulated that of a Cisco 7200, similar to an Intel PC emulator such as VMWare. This means that you need a valid operating system in conjunction with the emulator. So, the same image used on your 7200 router is also used with dynamips.

You can obtain a valid image from the cisco.com website, provided you have a support contract of any kind. I have successfully booted anything from 12.2 IP only images to 12.4 Enterprise software. Once booted, you basically have a usable 7200 router completely made up of software.

The emulator can be configured with different hardware components, such as: Serial, ATM, Ethernet Cards, flash cards, and more. More than one emulator can be configured and booted at the same time. Things like frame relay, ATM, and virtual Ethernet switches can also be configured so that the virtual machines can talk to each other over these mediums. One more exciting little piece: an Ethernet port on a virtual router can be mapped to your pc's Ethernet card! Now your emulated 7200's have access to THE real network your pc is connected to.

This brings all sorts of possibilities: Your virtual routers can participate with other existing routers in your network! How cool is that!

Although one might see this as an opportunity to use this software on a pc in place of a real hardware router – make no mistake, this program is targeted to promote learning only and certainly not any type of production work.

Now for the 'other' details:

This software is very cryptic to configure! Thankfully, there is a separate project that's focus is to make the emulator configuration much more user friendly.

The dyna-gen project uses a plain text configuration file to configure your total environment. Once you have your environment setup with any number of routers, interfaces, virtual switches, etc. – it is easy to go back the next time and work with the same scenario.

If you install dyna-gen, it includes everything you need (minus ios image). It will probably include a version of dynamips that is a revision or two behind. If you want to run the latest, you should just be able to download the latest dynamips from here and simply replace the exe contained in the dyna-gen installation. However, by doing this – any new feature or optimization in dynamips wouldn't necessarily be available when running through dyna-gen. This is simply because dyna-gen is a 'wrapper' to go around dynaips. Clear as mud?, I thought so…

Seriously, you will definitely see this useful if you work on routers at all. Let me know what you would like to see and I'll help out where I can… For example, pre-built configuration files ready to run in dyna-gen that already has a particular network setup.

At the dyna-gen site, there are sample networks and instructions on how to build. 

There is a cool open source network related project called NeDi. This application is definitely one of the best discovery tools that I have ever used. NeDi unfolds its full potential with Cisco’s CDP (Cisco Discovery Protocol) in the core of your network.

Features include:

Automated Network Discovery

• Automatically discovers Cisco network devices and learns how they connect to each other (network topology)

Beautiful Web-Interface

• Simple to use

Device Management

• Quickly telnet to a device with just a few clicks
• Make bulk configuration changes to many devices at once
• Archive device configurations and report configuration changes

Reporting

• Location of users on the network (DNS–>IP–>MAC–>Switch–>Port)
• Show which IP addresses are being used, and which ones are available
• Report by device name, type, serial number, software version, vlans, and much more!

Monitor Performance

• Graph traffic statistics on every interface
• View the available memory and CPU utilization of network devices

Monitor Availability

• Poll network devices
• Send email or SMS alerts when a device goes down

Monitor Errors

• Receive and display SNMP Traps from devices
• Receive and display Syslog messages from devices
• Display error rates on interfaces

To make things very simple, you can download a Linux distribution (Ubuntu) that has NeDi already installed and ready to configure. The configuration process has been simplified with having the required configuration files on the desktop, ready to be edited with just a few simple parameters. The only drawback on this one particular image, is that it is an entire Ubuntu installation (GUI included). This makes it easier for the newcomer to Linux, however it will take a while to download(823 MB image).

If your needing a very robust tool that will quickly go in and identify a network – keep this image handy in your VMware images toolbox.

http://www.vmware.com/vmtn/appliances/directory/184