 | Jonah on How many FSMO Roles? |
 | Paula on Intrasite and Intersite R… |
 | Charles on Robocopy ERROR 5 (0x00000005)… |
 | Taya on Enabling Anonymous LDAP A… |
 | jmmelkon on Robocopy ERROR 5 (0x00000005)… |
Ignited RSS
Normal—Backs up the files you select, and marks the files as backed up.
Incremental—Backs up the files that changed since the last backup, and marks the files as backed up.
Differential—Backs up the files that changed since the last backup, but doesn’t mark the files as backed up.
Copy—Backs up the files you select, but doesn’t mark the files as backed up.
Daily—Backs up the files that changed that day, but doesn’t mark the files as backed up.
Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as hard disk drives, storage tapes, CDs, DVDs, RAID, and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.
The most common “data recovery” issue involves an operating system (OS) failure (typically on a single-disk, single-partition, single-OS system), where the goal is to simply copy all wanted files to another disk. This can be easily accomplished with a Live CD, most of which provide a means to 1) mount the system drive, 2) mount and backup disk or media drives, and 3) move the files from the system to the backup with a file manager or optical disc authoring software. Further, such cases can be mitigated by disk partitioning and consistently moving valuable data files to a different partition from the replaceable OS system files.
The second type involves a disk-level failure such as a compromised file system, disk partition, or a hard disk failure —in each of which the data cannot be easily read. Depending on the case, solutions involve repairing the file system, partition table or MBR, or hard disk recovery techniques ranging from software-based recovery of corrupted data to hardware replacement on a physically damaged disk. These last two typically indicate the permanent failure of the disk, thus “recovery” means sufficient repair for a one-time recovery of files.
A third type involves the process of retrieving files that have been “deleted” from a storage media, since the files are usually not erased in any way but are merely deleted from the directory listings.
Although there is some confusion as to the term, the term “data recovery” may be used to refer to such cases in the context of forensic purposes or spying.
A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanical failures, such as head crashes and failed motors; tapes can simply break. Physical damage always causes at least some data loss, and in many cases the logical structures of the file system are damaged as well. This causes logical damage that must be dealt with before any files can be salvaged from the failed media.
Most physical damage cannot be repaired by end users. For example, opening a hard disk in a normal environment can allow airborne dust to settle on the platter and become caught between the platter and the read/write head, causing new head crashes that further damage the platter and thus compromise the recovery process. Furthermore, end users generally do not have the hardware or technical expertise required to make these repairs. Consequently, costly data recovery companies are often employed to salvage important data. These firms often use “Class 100” / ISO-5 cleanroom facilities to protect the media while repairs are being made. (Any data recovery firm without a pass certificate of ISO-5 or better will not be accepted by hard drive manufacturers for warranty purposes
Recovering data from physically-damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analysed for logical damage and will possibly allow for much of the original file system to be reconstructed.
Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive, performing a live PCB swap (in which the System Area of the HDD is damaged on the target drive which is then instead read from the donor drive, the PCB then disconnected while still under power and transferred to the target drive), read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. Some data recovery companies have procedures that are highly technical in nature and are not recommended for an untrained individual. Any of them will almost certainly void the manufacturer’s warranty.
The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete.
Open source tools such as DCFLdd or DOS tools such as HDClone can usually recover data from all but the physically-damaged sectors. Studies have shown that DCFLdd v1.3.4-1 installed on a Linux 2.4 Kernel system produces extra “bad sectors” when executed with certain parameters, resulting in the loss of information that is actually available. These studies state that when installed on a FreeBSD Kernel system, only the bad sectors are lost. DC3dd, a tool that has superseded DCFLdd, and ddrescue resolve this issue by accessing the hardware directly. Another tool that can correctly image damaged media is ILook IXImager.
Typically, Hard Disk Drive data recovery imaging has the following abilities: (1) Communicating with the hard drive by bypassing the BIOS and operating system which are very limited in their abilities to deal with drives that have “bad sectors” or take a long time to read. (2) Reading data from “bad sectors” rather than skipping them (by using various read commands and ECC to recreate damaged data). (3) Handling issues caused by unstable drives, such as resetting/repowering the drive when it stops responding or skipping sectors that take too long to read (read instability can be caused by minute mechanical wear and other issues). and (4) Pre-configuring drives by disabling certain features, such as SMART and G-List re-mapping, to minimize imaging time and the possibility of further drive degradation.
Problem: What Is the IP Address of a Router?
A typical home network router possesses two IP addresses, one for the internal home (LAN) and one for the external Internet (WAN) connection. How can you find the router IP addresses?
Solution:
The internal, LAN-IP address is normally set to a default, private number. Linksys routers, for example, use 192.168.1.1 for their internal IP address. D-Link and Netgear routers typically use 192.168.0.1. Some US Robotics routers use 192.168.123.254, and some SMC routers use 192.168.2.1. No matter the brand of router, its default internal IP address should be provided in documentation. Administrators often have the option to change this IP address during router setup. In any case, however, the private LAN-IP address remains fixed once set. It can be viewed from the router’s administrative console.
The external, WAN-IP address of the router is set when the router connects to the Internet service provider. This address can also be viewed on the router’s administrative console. Alternatively, the WAN-IP address can be found by visiting a Web-based IP address lookup service like http://checkip.dyndns.org/ from any computer on the home LAN.
Another way to identify the public IP addresses of routers, involves executing a ping or “traceroute” command. From inside a home network, the (DOS) command “ping -r 1” will send a message through the home router that will cause its IP address to be displayed. For example, “ping -r 1 http://www.yahoo.com” should result in a message like the following displayed on the command prompt:
Reply from 67.84.235.43: bytes=32 times=293ms TTL=56
Route: 209.178.21.76
…
In this example, the IP address after “Route:” (209.178.21.76) corresponds to the router WAN address.
On corporate networks, network discovery services based on SNMP can automatically determine the IP addresses of routers and many other network devices.
1. Click on “Start” in the bottom left hand corner of screen
2. Click on “Run”
3. Type in “command” and hit ok
You should now be at an MSDOS prompt screen.
4. Type “ipconfig /release” just like that, and hit “enter”
5. Type “exit” and leave the prompt
6. Right-click on “Network Places” or “My Network Places” on your desktop.
7. Click on “properties”
You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on “Local Area Connection” and click “properties”
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab
10. Click on “Use the following IP address” under the “General” tab
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
13. Hit the “Ok” button here
14. Hit the “Ok” button again
You should now be back to the “Local Area Connection” screen.
15. Right-click back on “Local Area Connection” and go to properties again.
16. Go back to the “TCP/IP” settings
17. This time, select “Obtain an IP address automatically”
18. Hit “Ok”
19. Hit “Ok” again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
P.S:
This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back
Networking Interview Question.
Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. This can help prevent access to data by unauthorized persons and provides a layer of security againsthackers and other online threats.
The concept of hard-drive encryption is simple enough. When a file is written to the drive, it is automatically encrypted by specialized software. When a file is read from the drive, the software automatically decrypts it while leaving all other data on the drive encrypted. The encryption and decryption processes are transparent to all common applications such as word processors, databases,spreadsheets or imaging programs. A computer equipped with hard-drive encryption appears, from the user’s point of view, to function as any other computer would.
Windows Vista Enterprise and Ultimate editions offer a hard-drive encryption program called BitLocker that employs two-factor authentication.
Two terms to be familiar with in these days of increased communication via electronic mail: email “spamming” and email “spoofing”.
Email “spamming” refers to sending email to thousands and thousands of users – similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address. However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email inbox.
Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending “junk” email or “SPAM”, typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.
There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.
Sometimes email spoofing is used for what is known as “social engineering”, which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the LSE’s email administrator, or from your ISP, asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project. The From field suggests that the message comes from the LSE, but instead it is from a competitor.
There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn’t make any sense, then you may want to find out if it is really from the person it says it’s from. You can look at the Internet Headers information to see where the email actually originated.
Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.
An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email’s Internet Headers.
1. With the Outlook Inbox displayed, right-click on the message and click on the Optionscommand to display the Message Options dialog box.
2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.
If you receive an alert that you’re sending infected emails, first run a virus scan using Antivirus . If you are uninfected, then you may want to reply to the infection alert with this information:
“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From’ address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”
But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.
Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.
Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server’sdomain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijackingprogram, or other malware can be downloaded to the user’s computer from the rogue location.
Cache poisoning can be transmitted in a variety of ways, increasing the rate at which rogue programs are spread. One tactic is the placement of compromised URLs within spam e-mail messages having subject lines that tempt users to open the message (for example, “Serious error in your tax return”). Images and banner ads within e-mail messages can also be vehicles by which users are directed to servers that have been compromised by cache poisoning. Once an end user’s computer has been infected with the nefarious code, all future requests by that user’s computer for the compromised URL will be redirected to the bad IP address — even if the “victim” server resolves the problem at its site. Cache poisoning is particularly dangerous when the targets are well-known and trusted sites, such as those to which browsers are pointed when automatic virus-definition updates are performed.
Cache poisoning differs from another form of DNS poisoning, in which the attacker spoofs valid e-mail accounts and floods the inboxes of administrative and technical contacts. Cache poisoning is related to URL poisoning. In URL poisoning, also known as location poisoning, Internet user behavior is tracked by adding an identification (ID) number to the location line of the browser that can be recorded as the user visits successive pages on the site.
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS “master.” It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple — sometimes thousands of — compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder.
What is a clipboard hijack attack?
A clipboard hijacking is an exploit in which the attacker gains control of the victim’s clipboard and replaces its contents with their own data, such as a link to a malicious Web site.
The attack makes it impossible for users to copy anything else to the clipboard until they either close the browser or reboot the machine. Aside from the nuisance factor, the danger is that a user might inadvertently paste the inserted content into their browser or into online content, exposing themselves or others to malicious code.
In August 2008, there were reports of clipboard hijack attacks conducted through Adobe Flash-based ads on many legitimate Web sites, including Digg, Newsweek and MSNBC.com. The coding is in Shockwave files and uses a method called System.setClipboard() that repeatedly flushes and replaces clipboard contents. If users follow the inserted link, they are taken to a fake security software site warning them that their systems are infested with malware. The purpose of the attack is to get users to download fraudulent software, putting personal information at risk in the process. All major operating systems and browsers are vulnerable to the attacks, as long as Flash is installed.
Adobe has since announced it will add a mechanism to the next version of Flash that allows users to grant or deny access when a Shockwave file tries to load data to the clipboard.
Ravindra Kulkarni
IgNiTeD SoUL 