IDS/IPS

Prevent Intrusions in 5 easy steps

There are many pieces to intrusion prevention and like a puzzle, you must put them all together before you start surfing the net; miss just one piece and you've left yourself wide open to attack!

Below, I explain exactly what you need to help prevent intrusions including the web security services you should use on a regular schedule. Everything I mention is free and available for download, so this won't cost you a penny. I'll also sum it up for you in the end, but you should take the time and read this page dedicated to intrusion prevention.

For those of you that don't want to read all the details and are ready to jump right into the web security audit, then follow the five steps below; however, I highly recommend you read all the intrusion prevention material on this page before doing so.

• Take our Firewall Test, it's fast and very accurate.
• Take our Anonymous Surfing and privacy test.
• Test your Intrusion Prevention Software.
• Take our Popup Test.
• Visit our Web Security Resources for great products that help secure your system!

Intrusion Prevention at the front door!

The first piece to intrusion prevention and one of the most important is your front door (or firewall). If this isn't locked, then all kinds of strangers will help themselves to your virtual treasures; treasures you ask? Yes, your credit cards, passwords, bank accounts, personal information and more are all worth big bucks in cyberspace! There are two types of ways to prevent intruders from coming in your front door and they are intrusion prevention hardware and intrusion prevention software.

Intrusion Prevention Hardware

There are two types of firewalls, they are hardware and software. Hardware, such as a NetGear or Cisco Firewall, will make the intrusion prevention pretty easy because it's configured for tight web security right out of the box. All these intrusion detection devices are land based, not wireless (wireless is a whole different beast!)

The majority of wireless web security devices are NOT configured correctly out of the box! More on configuring wireless network security

Intrusion Prevention Software

Software designed to strengthen your web security comes in many flavors. On Windows XP, you have built in intrusion prevention (firewall) located in your control panel (choose start, settings, control panel) that when combined with an IPSec policy (the same web security policy we use), does a great job at intrusion prevention.

There is also some great free web security software available such as those in this [free firewall] list. All do a great job at preventing intruders from entering the front door of your computer!

Regardless of the intrusion prevention software you use, make sure it's working correctly by taking our free firewall test. This security audit helps determine what programs may be listening on your ports. This is very important and may reveal intruders (programs) that have already gained access to your PC. Our web security audit come in two flavors, basic and advanced web security audit.

• Our basic web security service is perfect for the average computer user, easy to use and easy to understand.
• Our advanced web security services are intensive audits designed with the network administrator in mind. It's much the same as the basic web audit but comes with many more options and includes the ability to tailor the audit to your specific need.

Preventing Intrusions from Ads

Even with the front door locked, you still have malicious websites trying to trick you into giving them special privileges. They throw you an ad/popup that might say something like "Want to turn off web security services, [yes] or [no]?" The trick is, you're going to click [no] which is really yes!

That's wrong, I know, but it happens all the time and once you make your selection, you have given the intruder the ability to bypass all your web security measures. This is such a big security problem, that we created a separate Popup Test site which we're very proud of; In fact, PCMagizine devoted an entire chapter from its web security book to this topic and featured our site! - special thanks to Ed Tittle, a great author!

Intrusions from Viruses and Spy Ware

Successfully preventing intrusions also requires installing spyware removal programs and backing it up with some type of virus prevention program, such as those found in this list of free antivirus software

Web Security Services

When you surf the web, bad sites will also try to send your browser commands that confuse it. If they are successful, your browser may end up accepting commands that will install software without your knowledge!

This happens every day and the best way you can stay on top of it is by using web security services. Web security services such as patch management are provided free by the companies that make your software, such as Microsoft, Firefox, Apache and more.

You can, and should, have these web security services update you automatically. If you prefer, you can also configure security updates for notification only and manually apply the patches. Note: this is extremely important and the most overlooked area of intrusion prevention!

One of the MOST popular and controversial web security services we provide is theIntrusion Prevention Test (or internal IP audit). This checks to make sure you are not allowing java applets to execute unrestricted. If this test displays your internal IP, then you need to tighten your security and/or configure your browser not to blindly run applets (doing so can defeat any intrusion prevention measures you have taken!)

Intrusion Detection System Test

Once you have your system configured, MAKE SURE you test often! Back up your system and make sure to take advantage of our free web security services paying special attention to any unusual configuration changes.

More on mobile

Every person whether male or female directly or indirectly fed up with unknown callers, its easy for every person to afford mobile but its hard to assist any stranger call , Low call rates are also responsible for increase in the number of strange calls .

There are only few services that helps you in detecting unknown cell phone numbers and you can use all these service to trace location of any mobile number without any cost.

Trace Mobile help you in tracing location of any mobile number in Indian without charging any cost.

Tp2location Is best for tracing any cell phone number ,They also help you in tracing international mobile number.

Bharatiyamobile service for tracking mobile numbers if you are facing problem in learning all such codes.

Information Madness for tracking mobile numbers of both India and Pakistan.

Hacktrix – You can also try Hacktrix mobile tracing service to trace mobile location.

You can also read a list of phone codes of all mobile services provided by Wiki which helps you in tracking mobile numbers without any online service.

Game Of IMEI no

International Mobile Equipment Identity i.e IMEI number popular known as Mobile phone’s serial number is a 15 digit code that will appear on the mobile screen when you press * # 0 6 # Copy the number down and keep it for future reference.

This number is unique to your handset and helps you disabling and blocking yours stolen or lost phone in future . Motoralla Users can also try press #,* to retrive IEMI Number of your Phones

How To Use IMEI Number to Block Phones

If your mobile phone is lost or stolen you can inform your network provider with yours IMEI number who can then put the serial number on a shared database. This list stops this particular phone from registering on any network and will be useless for anyone even if the mobile phone’s SIM card is changed!

BSNL GPRS Hack

This research work is done by my student from kanpur.

here are the steps to perform:-

Logic: the server has a major bug in it, by which it fails to block two simultaneous connections from the phone and establishes a connection with full internet working,

Supported devices: all phones with multichannel gprs support

For connection on your mobile phone:-

1) Make two connections like bsnlportal and BSNLPORTAL1

(names of profile don’t matter, u can keep one as billgates and shahrukhkhan lol..the basic purpose of names is to enable the user to differentiate between the two accounts,)

2) Select the application you got to have the full connection working on.
Surpassingly “web” now just select “bsnlportal” profile and select a link like wap.cellone.in the page will get open, just press the red button such that the “web” application goes in the background.
Make sure that the gprs connection is still established with the web app. Two parallel lines on the top left of the screen will confirm this

3) Now open any other app that requires web connection like opera. Select BSNLPORTAL and open any other link like wap.google.com, u will get error –

the aim of using the other app is to perform multi-channel gprs,
this is verified by seeing some dots on the pre-existing connection established by “web”

(step 2)

“Access denied.

Technical description:
403 Forbidden - You are not allowed to communicate with the requested resource.”

4) close opera and open web and open a site like esato.com

5) if everything is done as said here then esato will load and voila! We have the whole internet!

For connection on pc.

1)create a connection and enter the number to be dialed as *99***1#

2) enter the following string as extra initialization command

3)now dial from pc, the connection will be established

4)pick the phone and open “web” open “wap.cellone.in” the phone shows error .

5) close “web” and then from the browser open www.google.com
and voila! The whole intenet is here

settings for profiles

apn: celloneportal
ip: 192.168.51.163
port : 8080

leave other fields blank as they are of the least concern!

the browser settings on pc too go the same as mentioned above!

Google Hacking

Google Hacking

Application security vendor Fortify reported in 2006 that 20 percent to 30 percent of the attacks it recorded as part of a six-month study came as a result of some form of search engine hacking.

Google is not particularly enamored by the efforts of some of its users to use its index for malicious gain.

"As part of Google's efforts to index all of the information online we find that on occasion malicious executable files become available to users through Google Web search," Megan Quinn, a Google spokeswoman, told internetnews.com. "We deplore these malicious efforts to violate our users' security.
http://www.hackthissite.org/articles/read/991
"When possible, we endeavor to shield our users from these executable files," Quinn added. "However we always encourage users to keep their security software up-to-date to ensure the safest Web surfing experience."

But what kind of Codes are available I hear you all ask;

Well here's just a few of them I've found out about. . .

Interesting Searches…
* Source http://www.i-hacked.com/content/view/23/42/
* intitle:"Index of" passwords modified
* allinurl:auth_user_file.txt
* "access denied for user" "using password"
* "A syntax error has occurred" filetype:ihtml
* allinurl: admin mdb
* "ORA-00921: unexpected end of SQL command"
* inurl:passlist.txt
* "Index of /backup"
* "Chatologica MetaSearch" "stack tracking:"
* inurl:passwd.txt
…and this one is just priceless…
* "login: *" "password= *" filetype:xls

Listings of what you want
* change the word after the parent directory to what you want
* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Name of Singer or album" -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Music (*this is already posted in another thread)
* You only need add the name of the song/artist/singer.
* Example: intitle:index.of mp3 jackson

CD Images
* inurl:microsoft filetype:iso
* You can change the string to whatever you want, ex. Microsoft to Adobe, .iso to .zip etc…

Passwords
* "# -FrontPage-" inurl:service.pwd FrontPage passwords.. very nice clean search results listing !!

* "AutoCreate=TRUE password=*" This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

Passwords in the URL
* "http://*:*@www" domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net
* "http://*:*@www" gamespy or http://*:*@www"gamespy
* Another way is by just typing "http://bob:bob@www"

IRC Passwords
* "sets mode: +k" This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
* eggdrop filetype:user user These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

Access Database Passwords
* allinurl: admin mdb Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

DCForum Passwords
* allinurl:auth_user_file.txt DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks.

MySQL Passwords
* intitle:"Index of" config.php
* This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

The ETC Directory
* intitle:index.of.etc
* This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

Passwords in backup files
*filetype:bak inurl:"htaccess|passwd|shadow|htusers
* " This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.

Serial Numbers
* Let's pretend you need a serial number for Windows XP Pro.
* In the Google search bar type in just like this - "Windows XP Professional" 94FBR
* the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you.
* or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR

These are only a sample of some of the fun things you can do with the wrong kind of Google search. Such strings return very random results, and are of very little use for targeted attacks. But for random hacking of peoples Frontpage password's, it's priceless.

* inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"