 | Jonah on How many FSMO Roles? |
 | Paula on Intrasite and Intersite R… |
 | Charles on Robocopy ERROR 5 (0x00000005)… |
 | Taya on Enabling Anonymous LDAP A… |
 | jmmelkon on Robocopy ERROR 5 (0x00000005)… |
Ignited RSS
Normal—Backs up the files you select, and marks the files as backed up.
Incremental—Backs up the files that changed since the last backup, and marks the files as backed up.
Differential—Backs up the files that changed since the last backup, but doesn’t mark the files as backed up.
Copy—Backs up the files you select, but doesn’t mark the files as backed up.
Daily—Backs up the files that changed that day, but doesn’t mark the files as backed up.
Problem: What Is the IP Address of a Router?
A typical home network router possesses two IP addresses, one for the internal home (LAN) and one for the external Internet (WAN) connection. How can you find the router IP addresses?
Solution:
The internal, LAN-IP address is normally set to a default, private number. Linksys routers, for example, use 192.168.1.1 for their internal IP address. D-Link and Netgear routers typically use 192.168.0.1. Some US Robotics routers use 192.168.123.254, and some SMC routers use 192.168.2.1. No matter the brand of router, its default internal IP address should be provided in documentation. Administrators often have the option to change this IP address during router setup. In any case, however, the private LAN-IP address remains fixed once set. It can be viewed from the router’s administrative console.
The external, WAN-IP address of the router is set when the router connects to the Internet service provider. This address can also be viewed on the router’s administrative console. Alternatively, the WAN-IP address can be found by visiting a Web-based IP address lookup service like http://checkip.dyndns.org/ from any computer on the home LAN.
Another way to identify the public IP addresses of routers, involves executing a ping or “traceroute” command. From inside a home network, the (DOS) command “ping -r 1” will send a message through the home router that will cause its IP address to be displayed. For example, “ping -r 1 http://www.yahoo.com” should result in a message like the following displayed on the command prompt:
Reply from 67.84.235.43: bytes=32 times=293ms TTL=56
Route: 209.178.21.76
…
In this example, the IP address after “Route:” (209.178.21.76) corresponds to the router WAN address.
On corporate networks, network discovery services based on SNMP can automatically determine the IP addresses of routers and many other network devices.
Power-on self-test (POST) is the common term for a computer, router or printer’s pre-boot sequence. The same basic sequence is present on all computer architectures. It is the first step of the more general process called initial program load (IPL), booting, or bootstrapping. The term POST has become popular in association with and as a result of the proliferation of the PC. It can be used as a noun when referring to the code that controls the pre-boot phase or when referring to the phase itself. It can also be used as a verb when referring to the code or the system as it progresses through the pre-boot phase. Alternatively, this may be called “POSTing.”
For embedded systems power-on self-test (POST) refers to the testing sequence that occurs when a system is first powered on. POST is software written to initialize and configure a processor and then execute a defined series of tests to determine if the computer hardware is working properly. Any errors found during the self-test are stored or reported through auditory or visual means, for example through a series of beeps, flashing LEDs or text displayed on a display. Once the POST sequence completes, execution is handed over to the normal boot sequence which typically runs a boot loader or operating system. POST for embedded systems has been around since the earliest days of computer systems.
On power up, the main duties of POST are handled by the BIOS, which may hand some of these duties to other programs designed to initialize very specific peripheral devices, notably for video and SCSI initialization. These other duty-specific programs are generally known collectively as option ROMs or individually as the video BIOS, SCSI BIOS, etc.
The principal duties of the main BIOS during POST are as follows:
The BIOS will begin its POST duties when the CPU is reset. The first memory location the CPU tries to execute is known as the reset vector. In the case of a hard reboot, the northbridgewill direct this code fetch (request) to the BIOS located on the system flash memory. For a warm boot, the BIOS will be located in the proper place in RAM and the northbridge will direct the reset vector call to the RAM.
During the POST flow of a contemporary BIOS, one of the first things a BIOS should do is determine the reason it is executing. For a cold boot, for example, it may need to execute all of its functionality. If, however, the system supports power savings or quick boot methods, the BIOS may be able to circumvent the standard POST device discovery, and simply program the devices from a preloaded system device table.
The POST flow for the PC has developed from a very simple, straightforward process to one that is complex and convoluted. During POST, the BIOS must integrate a plethora of competing, evolving, and even mutually exclusive standards and initiatives for the matrix of hardware and OSes the PC is expected to support. However, the average user still knows the POST and BIOS only through its simple visible memory tests and setup screen.
Networking Interview Question.
Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. This can help prevent access to data by unauthorized persons and provides a layer of security againsthackers and other online threats.
The concept of hard-drive encryption is simple enough. When a file is written to the drive, it is automatically encrypted by specialized software. When a file is read from the drive, the software automatically decrypts it while leaving all other data on the drive encrypted. The encryption and decryption processes are transparent to all common applications such as word processors, databases,spreadsheets or imaging programs. A computer equipped with hard-drive encryption appears, from the user’s point of view, to function as any other computer would.
Windows Vista Enterprise and Ultimate editions offer a hard-drive encryption program called BitLocker that employs two-factor authentication.
Two terms to be familiar with in these days of increased communication via electronic mail: email “spamming” and email “spoofing”.
Email “spamming” refers to sending email to thousands and thousands of users – similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address. However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email inbox.
Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending “junk” email or “SPAM”, typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.
There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.
Sometimes email spoofing is used for what is known as “social engineering”, which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the LSE’s email administrator, or from your ISP, asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project. The From field suggests that the message comes from the LSE, but instead it is from a competitor.
There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn’t make any sense, then you may want to find out if it is really from the person it says it’s from. You can look at the Internet Headers information to see where the email actually originated.
Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.
An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email’s Internet Headers.
1. With the Outlook Inbox displayed, right-click on the message and click on the Optionscommand to display the Message Options dialog box.
2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.
If you receive an alert that you’re sending infected emails, first run a virus scan using Antivirus . If you are uninfected, then you may want to reply to the infection alert with this information:
“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From’ address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”
But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.
Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.
Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server’sdomain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijackingprogram, or other malware can be downloaded to the user’s computer from the rogue location.
Cache poisoning can be transmitted in a variety of ways, increasing the rate at which rogue programs are spread. One tactic is the placement of compromised URLs within spam e-mail messages having subject lines that tempt users to open the message (for example, “Serious error in your tax return”). Images and banner ads within e-mail messages can also be vehicles by which users are directed to servers that have been compromised by cache poisoning. Once an end user’s computer has been infected with the nefarious code, all future requests by that user’s computer for the compromised URL will be redirected to the bad IP address — even if the “victim” server resolves the problem at its site. Cache poisoning is particularly dangerous when the targets are well-known and trusted sites, such as those to which browsers are pointed when automatic virus-definition updates are performed.
Cache poisoning differs from another form of DNS poisoning, in which the attacker spoofs valid e-mail accounts and floods the inboxes of administrative and technical contacts. Cache poisoning is related to URL poisoning. In URL poisoning, also known as location poisoning, Internet user behavior is tracked by adding an identification (ID) number to the location line of the browser that can be recorded as the user visits successive pages on the site.
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS “master.” It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple — sometimes thousands of — compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder.
Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server’s root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.
Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.
Directory traversal is also known as directory climbing or backtracking.
| A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example,Nimda gained entrance through a back door left by Code Red.
Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article “Who gets your trust?” security consultant Carole Fennelly uses an analogy to illustrate the situation: “Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn’t have time to go through all that might just rig up a back exit so they can step out for a smoke — and then hope no one finds out about it.” |
Ravindra Kulkarni
IgNiTeD SoUL 