Use PEBuilder to build a live WinXP CD

It's called "Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD" but it's actually a tool to create live cd out of your windows xp installation files. The native NTFS support and live cd approach make it a best candidate to do virus cleaning, rescure files etc.
The created basic live system is a little bit too simple but the tool give you the power to add applications by plugin into this live cd so it's really up to you to extend the usage of your live cd.

There are a lot plugin repositories available with applications from hard disk partitioning to wireless hacking. So you can create a Anti-Virus/Spyware, Rescure CD as well as a network security cd.
I created one live xp with firefox, explor2fs and putty. Good enough for my daily work.

Tips: You need to enable "RpcSS needs to launch DComLaunch Service first - SP2 only" in plugin, otherwise disk management will not work.

Nortel VPN Client Split Tunneling Control

Disable split tunneling works.

Noticed that the client changed routing table so I tried to break it by modifying the routing table. I can manipulate routing table without noticed by the client software but can not establish communication to other destinations. The sniffer data proved that UDP packet was sent out but not ICMP/TCP. I can see returning UDP data packets but can not see it from application in the host. It's possible that vpn client software also implemented filtering in the stack plus the routing change for split tunneling control.

Microsoft VPC Config file for virtual machine

The VMC file is XML file contains all the config info. I noticed this by trying to figure out why the share folder is not working then found out you have to setup the folder share when the vm is running. :-)

What a mistake I had.

BTW, my colleague just showed me how to  use VPN to get around the split tunneling control in one physical machine. He uses a vm to connect vpn which has split tunneling control so he can still use the host machine to do things as he wants. He can also transfer files between his host to the machines in the tunnel using this folder sharing provided by VPC. Smart. Remind me I have done this similar thing before for another vpn client software.

Phone service quick reference

Rogers call forwarding:

  • To Activate: *21*(Receiving phone number)#SEND
  • To Deactivate: #21#SEND

StillSecure release free version ID/PS-Strata Guard

We are pleased to announce that StillSecure (www.stillsecure.com, www.stillsecure.org) has made available for general release a freeware version of our award winning Intrusion Detection / Prevention System, Strata Guard.

This version is free to use for individuals and organizations. Strata Guard is a snort based, IDS/IPS that is extremely easy to use with full reporting, automatic updates against the latest attacks, quick tune wizards and false positive reduction.

Click read more for links...

It can be run in out of band and in-line mode. I invite everyone to test it out for yourselves:

http://www.stillsecure.org

Support is available via message boards on site but full context sensitive help is built in. If you have used Snort before and are looking for something a little more commercially polished or if pure Snort was a little too much to manage, Strata Guard could be perfect for you.

We are grateful to the community for all of the help and support we have received over the years and want to give something back. Enjoy and please let us know your comments.

NAT advantage compare to routing approach in a typical e-commerce data center

1. Higher security, less noise: The traffic will not deliever to your network if you have not defined that ip. No matter it's tcp/udp/icmp etc.

14:33:05.062277 arp who-has 209.*.*.50 tell 209.*.*.61
14:33:05.065794 arp who-has 209.*.*.56 tell 209.*.*.61
14:33:05.066148 arp who-has 209.*.*.59 tell 209.*.*.61
14:33:05.066506 arp who-has 209.*.*.51 tell 209.*.*.61
14:33:05.066859 arp who-has 209.*.*.53 tell 209.*.*.61
14:33:05.067207 arp who-has 209.*.*.52 tell 209.*.*.61
14:33:05.067552 arp who-has 209.*.*.54 tell 209.*.*.61
14:33:05.068195 arp who-has 209.*.*.55 tell 209.*.*.61
14:33:05.068782 arp who-has 209.*.*.57 tell 209.*.*.61

2. Help with the layered data center design approach instead of using subnets for different layers which has a router in the center of all subnets.

To be continued...

About

About me

Information security professional with 15+ years IT experience and over 7 years in information security field. Focus on security architect and process integration which involve people,process and technologies. Expert in leveraging both open source and commercial tools to fullfill the business goals.

My Specialties:

1. Security architecture
2. Open source security tools integration
3. Create security process and put into operation

My family

I live with my two kids and wife in Toronto,Canada. We like outdoor activities,movie and music. My daughter is proudly a member of the champion soccer team-Richmond Hill Rep.

Contact

email: jli@jlisbz.com

MSN: jliworks@hotmail.com

Syndicate content