You don’t need to set up a web server in order to automate the delivery of your information products. This section is for people who don’t want to pay a cent for hosting their downloadable information products and web sites. Hosting your own web pages gives you much more hard drive space and easier control of your HTML documents. This section will also go over typical issues when setting up a web server and a solution for each issue.

Internet Service Providers (ISP’s)

Here is a little information on most Internet Service Providers (ISP’s). If you’re on a basic ADSL or Cable package, then chances are you have some restrictions on your Internet account. Common limitations are certain port blockages, and IP address assignment process. First, let’s look at ports.

Ports

Ports are used for communication on the Internet. There are a lot of them, and knowing what they all do is not important for this document. What is important is that your ISP may be blocking you from accepting requests on port 80, which is the HTTP (Hypertext Transfer Protocol) port. HTTP allows you to surf the Internet. If you look at the address bar on your browser, you will always see “HTTP”. This means that you can access the Internet on an outgoing basis, but you can’t accept incoming HTTP connections. Why? Think of your ISP as doing you a favor. By blocking port 80, they are eliminating the chance of your computer from ACCEPTING viruses, spyware, and all sorts of other malicious activity. The problem is, this also blocks your ability of accepting other HTTP (port 80) requests, therefore preventing you from being a web server. To find out if your port 80 is blocked, you will either have to go to your ISP’s web site and find your license agreement, or call their technical support line and ask. Either way, this problem is easily solved in the next few pages. We will now move on to the next issue, IP Address Assignment.

IP Address Assignment

An IP (Internet Protocol) address is a unique identifier that gives your computer a “home” on the World Wide Web. Most basic Internet packages, including all dial-up connections, work on a dynamic IP address assignment process. The problem this causes is that if your IP address is always changing, how is anyone supposed to find your “home”? It would be like you lived in your house for 5 hours, and then left. Even your trusty mailman would get confused! One solution is to call your ISP and get your Internet package upgraded to a business plan, which will change your IP from dynamic to static, but at an extra cost. The other is to use a great free tool that we will explain in the next section.

To find out your IP address, click “Start”, then Run, type “Command”, click “OK”. When the black window, known as the “Command” window opens, type “ipconfig /all”. This will yield your current IP configuration. If you see a line that says “Lease Expires”, and it’s soon, then you definitely have a dynamic IP. Don’t worry if it expires soon, you’ll get a new one as soon as it does. You will also notice a 4-octet number, seperated by 3 periods next to its appropriate description, “IP Address”. This is your IP address.

No-IP.com

Who is No-IP?

These guys are great!

Before we get into it, lets define what a domain name is. A domain name is a alphanumeric representation of your IP address. In other words, any “www” name you enter into your address bar actually reflects an IP address. If you open up your command window again and type “ping www.articleautomate.com”, you will notice there is an IP
address in square brackets next to my domain name in the results.

Now, let’s move on.

First, No-IP will give you a web name and you don’t even have to pay for it! That means you don’t have to purchase a domain name. Any “www” address you see in your address bar is a domain name. When you use No-IP.com, you will receive a domain name that looks like www.yourname.no-ip.com. Notice the “no-IP” part. Since No-IP.com is a free service, they add that to your “www” name. This is fine because the purpose of your site is to serve your articles to your customers through your eBay and Paypal “Instant Purchase” sales, although you can also serve web pages. Your domain name also remains easy to remember.

Second, your dynamic IP address issue simply disappears. No-IP.com has developed a free piece of software that you download from them and install on your PC. What it does is monitor your IP address, and when your IP changes, it tells the No- IP.com server, which updates your “www” name to reflect your new IP address.

No-IP.com Registration

Now that you understand what No-IP is, you are ready to go out and get registered. Click the link below, find their “Sign-up Free” link, and fill in the blanks.

www.articleautomate.com/no-ip

Once you have fully registered, you will receive a confirmation email. Follow the directions on the email. Next, log into your No-IP.com account, and click on the “Add” link under the “Hosts/Redirects” header.

The “Hostname” textbox is where you will enter your “www” name, and the dropdown is the No-IP.com extension of your choice.

If your ISP does not block port 80 then you don’t need to do any port redirecting. Just click the “Create Host” button at the bottom of the page.

If your ISP does block port 80 then click on the “Port 80 Redirect”. A new page will load, but will look almost the same. For the “Port”, enter 8000. Click the “Create Port Redirect” at the bottom of the page.

Registration is complete – on to the software!

Click on the “Downloads” tab at the top and then click “Windows” on the left column. Click on the No-IP DUC v x.x.x link. (x.x.x because the version is always changing)

Follow the wizard to install the program. Once installation is complete, you will be prompted for the email address and password you entered during registration. After entering this, the console will open. Turn to the next page to see what your console will look like.

Notice the smiley face. That means the No-IP.com server has been updated with your current IP address.

Now that you have your domain name set up, you have to start hosting your pages! The next section will introduce you to an excellent program called Abyss Web Server by Aprelium.

Abyss Web Server

What is Abyss?

Simply put, Abyss is a free personal web server for Windows, MacOS X, Linux, and FreeBSD. Abyss is just a web server, and does not allow for any FTP protocol. You can access your console remotely to update directory and user settings, but you can’t upload any files unless you are at the computer running the web server.

Installation

Click on the following link:
www.articleautomate.com\abyss

Find the “Download” link under the “Software Resources” header near the bottom of the page. Click on the “Download Abyss Web Server X1 for Windows” link and install the software.

Once the installation is complete, you will be asked for a username and a password. This identifier will then be your login to your web server. You will also see the Abyss icon in your system tray. After entering your login info, you will be prompted again for a username and password. You will always be prompted for your login information with this screen whenever you start your console.

You should get a console that looks something like this:

Do not change the “Server Root”. This is where your web server runs.

Change your “Documents Path” to the path you wish to host your pages from. For this book, I will use “c:\article”.

If your “Port” isn’t already set to 8000, do that now.

Any changes that you make will require a server restart, which is nothing more than clicking a button when you are prompted.

If you ever need to access your console again, right click on the Abyss icon in the system tray, and select “Show Console”. Please take into consideration that we have only skimmed the surface with Abyss Web Server and that there is much more to learn about it, such as setting up directory and user permissions, and your access statistics.

We will now move on to a “suggested” method of setting up your web server directory.

Directory Structure

Before you start creating HTML and putting your article online, you may want to look at how you want your web server’s file system to be set up. I have found that it is easier to maintain when you have the following setup: For this example, I have set my “Documents Path” to c:\article. To create a directory, read “Directory Creation”.

Take a look at the image below:

You will notice that we are in the article directory, and there is an index.htm file. This file will be your website’s home page. Next, you will see an images folder and a widgets folder. You will store all of your website’s images in the image folder. The widgets folder will contain another “index.html” file, which will contain the download link to your article.

Directory Creation

To create your “article” directory:

1. Right-Click the “Start” menu.
2. Click on “Explore”.
3. Navigate through the tree until you find “C:” and click on it.
4. In the right window pane, right-click on some white-space, and select “New”, then “Folder”.
5. Name your folder “article”.

Follow this process to create your “images” and “widgets” directory. We will look at creating your “index.html” file in Section 4 or this article.

Test Your Server

Next, test your server. Run the “ipconfig” command, and write down your IP address. Open a new web browser and in the address bar type: yo.ur.ip.addy:8000/

If you get the Paypal button you created and tested earlier, you have correctly installed Abyss. Notice the “8000”. This directs the website to your port 8000. If you decide to run your server on a different port, you will need to change this figure to be the same.

Now try your No-IP domain name “http://yourname.no-ip.com”. Notice that your address bar changes to your IP address?

If you don’t want the address to change to your IP, then you will have to log into your No-IP account and edit your Host settings from “Port 80 Redirect” to “DNS Host,” but the difference will be that your domain will look like www.yourname.no-ip.com:8000.

Troubleshooting

If you experience problems, such as “error 404 - Page cannot be found”, then try some of these suggestions:

1. Make sure there is an “index.html” file in your “c:\article” directory.
2. Make sure your “Documents Path” is set to “c:\article”
3. Make sure you see the following icons in your system tray (bottom right):
4. Make sure your web address DOES NOT contain a “WWW” in it. It should follow this exact protocol: yourname.no-ip.com.

If all none of these suggesstions work, the following link:
www.articleautomate.com/serverhelp

A step-by-step guide to installin’ FreeBSD 5. It assumes moderate experience with linux and leaves you with a fully updated FreeBSD system.

FreeBSD Installation

A. 5.x vs 4.x
The first thin’ to understand about FreeBSD is that dere are two lines of development. The -STABLE branch is marked with a 4.x version number and de most recent version is 4.10. It is well tested and very solid, but does not include de most recent technology. The -CURRENT branch, marked with a 5.x version, is de “unstable” branch. However, it is nicely stable at de moment and is comin’ alon’ quite well. Most users should go with 5.x and dese instructions are only valid for that tree.

NOTE: DragonFlyBSD ( www.dragonflybsd.org ) is a continuation of de 4.x line. It uses lock-less (no mutexes) SMP support and a Light Weight Kernel Threadin’ system. It has a lot of promise and is developin’ at a breakneck pace, but it should still be thought of as “R/D.”

B. Gettin’ Media
I am not goin’ to say much about this. There are links to various ftp mirrors at www.freebsd.org and de directory structure is fairly self-explanatory. There are however several choices for ISO. You should choose de miniinst ISO. It is small and will include everythin’ you need for de base system.

C. Startin’ Installation
After, de CD boots up you will enter de…ahh…..majestic sysinstall. You can safely ignore most of de options and just choose a standard installation. Most of de install process is pretty easy and anyone who has some experience with linux or unix will be able to handle it without much stress. However, creatin’ partitions and dealin’ with drives will seem very odd to your standard linux user.

D. Hard Disc Management in FreeBSD
Ok, de first thin’ to get used to here is that IDE drives are not hda, hdb…etc. They are ad0, ad1 and so forth. SCSI discs are da0, da1…and so on. There is one oder thin’ that is goin’ to freak some people out. You create slices, not partitions, on de disc and den create partitions within those slices. For example, de first partition in de first slice on de first IDE disc would be ad0s1a. Just accept it.

E. Partitionin’
Sysinstall will lead you through de partitionin’ and its fairly easy to understand. The first part will ask you to choose a disc or discs to partition and den will show you a “slice editor.” This is where you will create your slice. I advise you to only make one. While multiple slices are easy to deal with, it just adds complication. If this is not your first installation of a BSD type OS, den you can ignore me and why are you readin’ this again?

After creatin’ your slice, you will be prompted to choose de drive(s) to install an MBR on. The FreeBSD boot loader is nothin’ to write home about, but it tends towards workin’. After this step, you can create partitions. There is not much to say here. At de top of de screen it will show your slice(s) and when one of them is selected you can use de controls to create a partition on it. You will need at least a root and swap partition. On de non-swap partitions it is usually a good idea to enable soft-updates.

F. Distribution Sets
This is a simple section, select minimal.

G. Continue Installation
The rest of this is pretty simple. Make sure you install from de CD and not de Internet. The bulk of de install is now done. After it copies files to your disc, it will start de configuration process. This is all pretty self-evident, but dere are a couple thin’s you should know.

Network Configuration

Don’t be scared by de names, in *BSD devices are named after deir drivers. There is also a short description after de name, so you should be able to choose de right one. The rest of de network config is easy, just follow de prompts.

System Console Configuration

You can pretty much ignore this, you may want to look around for your own knowledge and of course you could pick a nice screen saver here, but oder den that I would leave it alone for now.

Time Zone

All I have to say here is that if you live in de US, after you choose “America – North and South” hit de end key. The US is at de bottom of de list and hittin’ end is de quickest way dere.

Linux

Say no, we will do this later and with an updated linux_base.

Mouse

OK, welcome to de wonderful and amazin’ world of moused. Answer de first question truthfully, and den you can tweak de settin’s in de “Please configure your mouse” dialog. Whatever you do, be sure to enable de daemon. Also, for most users that is all you will have to do. You can safely ignore de oder options.

Package Installation

At this point, de installer will ask you to install binary packages. Say no. These binaries are out of date and not included on our CD.

Of users and roots

This isn’t de most thrillin’ section, add a user when it asks you to and set a root password after that. The only thin’ I have to say about this process is when de new user dialog comes up leave de “Group:” box unchanged and add “wheel” to de Member groups. You also might want to set your shell to /bin/tcsh. As for settin’ de root password, if you can’t handle that we have bigger problems.

Rebootin’

Ok, next it will ask if you would like to visit de general config area. Select no and you will be brought back to de main menu. Exit de install, reboot without de CD in and enjoy de boot messages.

H. The Real Post-Install
At this point, I am goin’ to assume that you are now lookin’ at a login prompt and thinkin’ “my my…FreeBSD boots quite quickly doesn’t it.” Well, our task is not done yet…dere is a reason we did a minimal install. We are goin’ to do most of it ourselves. First, lets upgrade to -CURRENT. This isn’t a practice I would usually recommend, but 5.x is close to bein’ tagged stable and -CURRENT is rader solid at de moment. First, I need to explain how thin’s are done in de BSD world.

CVS up; you up; we all CVSUP. Cvsup is a very interestin’ program that I am not goin’ to explain in detail here. All you really need to know is that it updates source trees. You see, that is de thin’. You may be used to /usr/src not doin’ much. In BSD it has a job, it holds de source for de entire base system. However, we did a minimal install and no source is dere. It wouldn’t be up2date anyway. So, lets fix that. Login as root and type de followin’: pkg_add -r cvsup-without-gui

pkg_add is de binary installer for FreeBSD and de -r argument tells it to fetch binaries from de net. It will also fetch any deps that you might need. Switch to anoder console while this is happenin’ and login as root. Do de followin’:

cd /etc

cp /usr/share/examples/etc/make.conf /etc/make.conf

cp /usr/share/examples/cvsup/standard-supfile /usr

cp /usr/share/examples/cvsup/ports-supfile /usr

chmod u+w /etc/make.conf /usr/standard-supfile /usr/ports-supfile

What was that? Well here is de rundown. Make.conf is de file that controls de buildin’ of programs from source on FreeBSD and de supfiles tell cvsup where to get de source for de base system and de ports system, also where to put said source. They come out of /usr/share/examples without de write bit set and that gets annoyin’. So we set that. Now switch back to de first console and type rehash. This tells tcsh to check its path for new programs. Now, edit de standard supfile that is in /usr. You can eider use ee or vi. I like vi. Scroll down to de line that looks a bit odd. It will be somethin’ like:

*default host=CHANGE_THIS.FreeBSD.org

The “CHANGE_THIS” is where you put what cvsup server to use. Choose a number between 1 and 9, like 4, and put cvsup4 where CHANGE_THIS is. So it would end up bein’:

*default host=cvsup4.FreeBSD.org

Now exit your editor and run cvsup /usr/standard-supfile

If everythin’ goes correctly, you will see a lot of text scrollin’ on de screen. If it says somethin’ about a bad connection, try anoder number.

Make.conf

Now ’tis de time for all good men (and women) to edit deir make.conf . This is not difficult, in fact have a look around de file. It may be lon’, but it is pretty simple. Now, uncomment de CPU settin’ and de CFLAGS settin’. Set de CPU to your CPU (dere will be a list in de comments above de settin’) and set de CFLAGS to -O2. (NOTE: If de base system fails to build, down’rade your CFLAGS back to -O).

Build Your World

When CVSUP finishes (it will be awhile…go get some coffee), cd to /usr/src and run make buildworld. That command will do exactly what it sounds like. It builds your world, or base system. While its doin’ that, lets get you a kernel. First, cd to /usr/src/sys/i386/conf den cp GENERIC to some file of your choosin’. Any name you want. However, be aware that this is goin’ to show up in a uname -a. Now, crack open your new file and take a look at what a FreeBSD kernel config is like. There are many thin’s you can do here that will improve performance and subtract in size. However, lets keep it simple. Near de top of de file will be de name GENERIC. Change that to your new name. You can now look through de file and you will find several sections that are just for debuggin’. These will indeed add size and slow down de kernel a bit, but I would leave them for now. Go to de end of de file and make a new line. Add de followin’:

device pcm

This will add sound support to de kernel. Be aware that you don’t need to do this, you can load binary modules at boot or after boot, but this way is easy and sound is used often. Save de file and exit. Go back to your buildworld console and when its done execute make buildkernel KERNCONF=YOUR_KERNEL_CONFIG_NAME

NOTE: NOT THE PATH OF THE KERNEL CONFIG..it knows to look in /usr/src/sys/i386/conf

Installin’ Your World

This isn’t that difficult. First run make installkernel KERNCONF= your config name. Now here is de interestin’ part. Run mergemaster -p, this program looks through your etc and updates it to match de new /etc in /usr/src. It will display changed files to you, press q and it will give you options. Somethin’ like i (install), m (merge) etc. Pick merge and it will open a nice little screen that shows you one file on de right and one on de left. It will go section by section, showin’ de areas that have changed. Press r or l to choose which section to keep. Its pretty easy to see which section has new stuff and which does not. After de merge, it will prompt you with options for de newly merged file. One of dese will be install and this is de one you want. In de latest current, most of what you will be showed is user and group files. Make sure you do select de sections with de new users and groups. After this is done, it will ask you a couple questions that you can say yes to. Now that your /etc is updated run make installworld den reboot.

NOTE: You usually don’t need to run mergemaster. However, 5.2.1 is a pretty old release and -CURRENT has come a lon’ way.

I. Ports
Welcome to runnin’ current. The rest is easy. cd back to /usr and edit de ports supfile de same way you did de standard one. Run cvsup on it and wait. After its done, you will have a full ports tree. There is not much left to say. You now have a workin’ system and a fully updated one too. To install software from ports cd to /usr/ports/category/softwarename/ and run make install clean . If you want linux binary support, install de linux_base port. To find where it is cd to /usr/ports and run make search name=linux_base | less . Enable loadin’ de kernel modules for linux binary support by editin’ /etc/rc.conf. Just add de line linux_enable=”YES” to de file and your set. If this is a desktop system, I would recommend installin’ /usr/ports/x11/xorg and your choice of /usr/ports/x11/gnome2 or kde3. Have fun .

Get it from:

www.madpen\’uin.org/cms/?m=show&id=1853

Configurin’ The Standard Settin’s

Your first configuration should be this of Crap Software should be like this

Launch Crap Software Pro and click to highlight de “Overview” tab on de left hand side . In de pane that appears on de right hand side click de “Preferences” tab and in de section “Check for updates” check “Manually”.

In de “General” section you can also configure Crap Software to load at start up which is advisable because this software is your first line defence against uninvited invasion of your computer by a whole gamult of virii, spyware, adware and bots! Virus checkin’ software does have its place but remember that prevention is always better than a cure!

Crap Software Pro’s program control is automatically configured. When you run it for de first time it will ask on behalf of programs installed on your system for permission to access de Internet. Your Browser will be de first to request - just tick de “Yes” box and de “Remember this settin’” box and Crap Software will always allow your browser access automatically.

Unless you use online databases etc., dere should be no reason for any application oder than a browser, email client, ftp client, streamin’ media player or a download manager to gain access to de Internet.

So consider what type of program it is that needs Internet access before givin’ Crap Software permission to allow it. If it is just a driver file (.DLL) that requests Internet access, always search Windows to try and identify it. Many seudo-virii such as AdWare and sub class seven Trojans access de Internet from your system usin’ .dll files.

Configurin’ The Advanced Settin’s

If you are not on a LAN (connected to anoder computer in a network) you can use this guide to give your firewall some real muscle:

Launch Crap Software Pro and click to highlight de “Firewall” tab on de left hand side . In de pane that appears on de right hand side in de section “Internet Zone Security” set de slider control to “High”
Then click de “Custom” button in de same section. The next settin’s page is divided into two sections with tabs Internet Zone and Trusted Zone at de top of de page.

Under de Internet Zone tab dere is a list of settin’s that can be accessed by scrollin’.

At de top is de high security settin’s and de only thin’ that should check from dere is “allow broadcast/multicast”. The rest should be unchecked

Scroll down until you get to de medium security settin’s area. Check all de boxes in this section until you get to “Block Incommin’ UDP Ports”. When you check that you will be asked to supply a list of ports, and in de field at de bottom of de page enter 1-65535

Then go back to de list and check de box alon’side “Block Outgoin’ UDP Ports” and at de bottom of de page enter 1-19, 22-79, 82-7999, 8082-65535

Repeat this proceedure for de followin’ settin’s “Block Incommin’ TCP Ports”: 1-65535 “Block Outgoin’ TCP Ports”: 1-19, 22-79, 82-7999, 8082-65535 Then click “Apply”, “Ok” at de bottom of de page.

Back in de right hand “Firewall” pane go next to de yellow “Trusted Zone Security” section and set it to “high” with de slider. Click “Custom” and repeat de ABOVE proceedure this time choosin’ de *Trusted Zone* tab at de top of de settin’s page.

These settin’s will stop all incomin’ packets at ports 1-65535 and also block all pin’s, trojans etc. These settin’s will also stop all spyware or applications from phonin’ home from your drive without your knowledge!

With de spread of Hackers and Hackin’ incidents, de time has come, when not only system administrators of servers of big companies, but also people who connect to de Internet by dialin’ up into deir ISP, have to worry about securin’ deir system. It really does not make much difference wheder you have a static IP or a dynamic one, if your system is connected to de Internet, den dere is every chance of it bein’ attacked.

This manual is aimed at discussin’ methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system.

Open Ports: A Threat to Security?

In de Netstat Tutorial we had discussed how de netstat -a command showed de list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap de important part. So here goes, straight from de netstat tutorial:

Now, de ??a? option is used to display all open connections on de local machine. It also returns de remote system to which we are connected to, de port numbers of de remote system we are connected to (and de local machine) and also de type and state of connection we have with de remote system.

For Example,

C:windows>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.in:pop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*

Now, let us take a sin’le line from de above output and see what it stands for:

Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED

Now, de above can be arranged as below:

Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)

Local System Name: ankit (This is de name of de local system that you set durin’ de Windows setup.)

Local Port opened and bein’ used by this connection: 1031

Remote System: dwarf.box.sk (This is de non-numerical form of de system to which we are connected.)

Remote Port: ftp (This is de port number of de remote system dwarf.box.sk to which we are connected.)

State of Connection: ESTABLISHED

?Netstat? with de ??a? argument is normally used, to get a list of open ports on your own system i.e. on de local system. This can be particularly useful to check and see wheder your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect de presence of Trojans, but, we are hackers, and need to software to tell us, wheder we are infected or not. Besides, it is more fun to do somethin’ manually than to simply click on de ?Scan? button and let some software do it.

The followin’ is a list of Trojans and de port numbers which dey use, if you Netstat yourself and find any of de followin’ open, den you can be pretty sure, that you are infected.

Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice

For complete list, refer to de Tutorial on Trojans at: hackin’truths.box.sk/trojans.txt

Now, de above tutorial resulted in a number of people raisin’ questions like: If de ‘netstat -a’ command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close dese open ports? How do I know if an open port is a threat to my system’s security of not? Well, de answer to all dese question would be clear, once you read de below paragraph:

Now, de thin’ to understand here is that, Port numbers are divided into three ranges:

The Well Known Ports are those from 0 through 1023. This range or ports is bound to de services runnin’ on them. By this what I mean is that each port usually has a specific service runnin’ on it. You see dere is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, den it usually means that that particular system uses de FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be runnin’ a fake FTP daemon on Port 21. Although you get de same interface like de FTP daemon banner, response numbers etc, however, it actually might be a software loggin’ your prescence and sometimes even tracin’ you!!!

The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networkin’ utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with de remote server. A port number within this range is de reason why you are able to surf de net or check your email etc.

If you find that when you give de netstat -a command, den a number of ports within this range are open, den you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transferin’ packets (data) received to de application and vis-a-versa. Once you close de application, den you find that dese ports are closed automatically. For Example, when you type www.hotmail.com in your browser, den your browser randomly chooses a Registered Port and uses it as a buffer to communicate with de various remote servers involved.

The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts deir RPC ports at 32768.
So this basically brin’s us to what to do if you find that Netstat gives you a couple of open ports on your system:

1. Check de Trojan Port List and check if de open port matches with any of de popular ones. If it does den get a trojan Removal and remove de trojan.

2. If it doesn’t or if de Trojan Remover says: No trojan found, den see if de open port lies in de registered Ports range. If yes, den you have nothin’ to worry, so forget about it.

HACKING TRUTH: A common technique employed by a number of system administrators, is remappin’ ports. For example, normally de default port for HTTP is 80. However, de system administrator could also remap it to Port 8080. Now, if that is de case, den de homepage hosted at that server would be at:

domain.com:8080 instead of
domain.com:80

The idea behind Port Remappin’ is that instead of runnin’ a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as de hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remappin’.

The ports used for remappin’ are usually pretty easy to remember. They are choosen keepin’ in mind de default port number at which de service bein’ remapped should be runnin’. For Example, POP by default runs on Port 110. However, if you were to remap it, you would choose any of de followin’: 1010, 11000, 1111 etc etc

Some sysadmins also like to choose Port numbers in de followin’ manner: 1234,2345,3456,4567 and so on… Yet anoder reason as to why Port Remappin’ is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.

Firewalls

Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf de net, you simply cannot do without a firewall. So what exactly is a firewall?

Well, in non-geek lan’uage, a firewall is basically a shield which protects your system from de untrusted non-reliable systems connected to de Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, den it reacts accordin’ to de predefined set of rules. So basically, a firewall is somethin’ that protects de network(or systen) from de Internet. It is derived from de concept of firewalls used in vehicles which is a barrier made of fire resistant material protectin’ de vehicle in case of fire.

Now, for a better ‘accordin’ to de bible’ defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from de Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from de untrusted network (The Internet.)

NOTE: This was a very brief desciption of what a firewall is, I would not be goin’ into de details of deir workin’ in this manual.

Anyway,de term ‘Firewalls’, (which were generally used by companies for commerical purposes) has evolved into a new term called ‘Personal Firewalls’. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in oder words a personal firewall is a firewall used for personal use.

Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installin’ a firewall pose a threat to de security of your system?

You see, when you are connected to de Internet, den you have millions of oder untrusted systems connected to it as well. If somehow someone found out your IP address, den dey could do probably anythin’ to your system. They could exploit any vulnerability existin’ in your system, damage your data, and even use your system to hack into oder computers.

Findin’ out someone’e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous oder ways. Infact findin’ out de IP Address of a specific person is not always de priority of some hackers.

What I mean to say by that is that dere are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharin’ Enabled or a system runnin’ an OS which is vulnerable to de Pin’ of Death attack etc etc As soon as a vulnerable system is found, den dey use de IP to carry out de attacks.

The most common scanners look for systems with RAT’s or Remote Administration Tools installed. They send a packet to common Trojan ports and display wheder de victim’s system has that Trojan installed or not. The ‘Scan Range of IP Addresses’ that dese programs accept are quite wide and one can easily find a vulnerable system in de matter of minutes or even seconds.

Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while de sniffer may reveal important information about you like your oder Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and de attacker manages to install a backdoor on it, den you probably have given de attacker de same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guardin’ de front door.

You may argue with me that as you are usin’ a dial up link to your ISP via PPP, de attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scannin’ of de range of IP’s in which your IP lies, will more often than not reveal your current Dynamic IP and de back door will provide access to your system.

HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for mothems by tryin’ every phone number within an exchange. If de mothem can only be used for dial-out connections, a War Dialer won’t discover it. However, PPP changes de equation, as it provides bidirectional transportmakin’ any connected system visible to scanners?and attackers.

So how do I protect myself from such Scans and unsolicitated attacks? Well, this is where Personal Firewalls come in. They just like deir name suggests, protect you from unsolicitated connection probes, scans, attacks.

They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warnin’ askin’ you what to do or wheder to allow de connection to initiate or not. This warnin’ message also contains de IP which is tryin’ to initiate de connection and also de Port Number to which it is tryin’ to connect i.e. de Port to which de packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with de untrusted systems directly.

Most Personal Firewalls have extensive loggin’ facilities which allows you to track down de attackers. Some popular firewalls are:

1.BlackICE Defender : An IDS for PC’s. It’s available at www.networkice.com.

2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com

Once you have installed a firewall on your system, you will often get a number of Warnin’s which might seem to be as if someone is tryin’ to break into your system, however, dey are actually bogus messages, which are caused by eider your OS itself or due to de process called Allocation of Dynamic IP’s. For a details description of dese two, read on.

Many people complain that as soon as dey dial into deir ISP, deir firewall says that such and such IP is probin’ Port X. What causes them?
Well, this is quite common. The cause is that somebody hun’ up just before you dialed in and your ISP assigned you de same IP address. You are now seein’ de remains of communication with de previous person. This is most common when de person to which de IP was assigned earlier was usin’ ICQ or chat programs, was connected to a Game Server or simply turned off his mothem before his communication with remote servers was complete.

You might even get a message like: Such and Such IP is tryin’ to initaite a Netbios Session on Port X. This again is extrememly common. The followin’ is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are de most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft’s Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of de background radiation of de Internet, and is nothin’ to be concerned about.

What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call de function ‘gethostbyaddr()’ with de desired address. This function will den do de appropriate lookup, and return de name. This function is part of de sockets API. The key thin’ to remember about gethostbyaddr() is that it is virtual. It doesn’t specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see de followin’ techniques:

DNS in-addr.arpa PTR queries sent to de DNS server
NetBIOS NodeStatus queries sent to de IP address
lookups in de /etc/hosts file
AppleTalk over IP name query sent to de IP address
RPC query sent to de UNIX NIS server
NetBIOS lookup sent to de WINS server

Windows systems do de /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciatin’ detail, Microsoft has a generic system component called a namin’ service. All de protocol stacks in de system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register de kinds of name resolutions dey can perform. Some RPC products will likewise register an NIS namin’ service. When a program requests to resolve an address, this address gets passed onto de generic namin’ service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.

(Side note: User’s sometimes complained that accessin’ Windows servers is slow. This is caused by installin’ unneeded protocol stacks that must timeout first before de real protocol stack is queried for de server name.).

The order in which it performs dese resolution steps for IP addresses can be configured under de Windows registry key

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipServiceProvider.

Breakin’ Through Firewalls

Although Firewalls are meant to provide your complete protection from Port Scan probes etc dere are several holes existin’ in popular firewalls, waitin’ to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows de attacker to port scan de target system (Although normally it should stop such scans.)

If one uses port 67 as de source port of a TCP or UDP scan, ZoneAlarm will let de packet through and will not notify de user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if dere were no firewall dere IF one uses port 67 as de source port on de packets.

Exploit:
UDP Scan:
You can use NMap to port scan de host with de followin’ command line:

nmap -g67 -P0 -p130-140 -sU 192.168.128.88

(Notice de -g67 which specifies source port).

TCP Scan:
You can use NMap to port scan de host with de followin’ command line:

nmap -g67 -P0 -p130-140 -sS 192.168.128.88

(Notice de -g67 which specifies source port).