How to Secure a Wireless Wi-Fi Network

Protect your Wireless Internet Network

1) Encrypt your Wi-Fi Network: When you use a Wi-Fi network for accessing the internet, every piece of data you send and receive over the air can be easily snooped by anyone with the right set of tools. Packet sniffers can be used by even the most novice of users to sniff your data. This means that a hacker can not only see which websites are you accessing but also get the login details of your personal and professional accounts.

Encryption basically involves scrambling the data that is transmitted and received by you while using a wireless network. This means that even if a hacker intercepts your data transmission, (s)he will not be able to exploit the information contained within it.

There are two encryption standards available that you can use: WEP (Wired Equivalent Privacy) and WPA (Wireless Protected Access). WEP is the older standard of encryption and can now be bypassed in a matter of minutes. WPA is relatively newer but it still has security holes. AirCrack and coWPAtty are two free tools that allow anyone to easily crack WEP and WPA encryption using bruteforce technique. WPA2 is the latest standard and is what you must use if you want the highest level of protection for your wireless network. The encryption keys used change each time a device accesses the network making WPA more difficult to hack.

The encryption used by all devices in the network must be the same for the network to work properly. Your network will only be as secure as its least secure device. Make sure all devices you use support WPA2 encryption. Use a strong encryption key. Make sure that it is longer than 10 characters and contains a mixture of capital and small letters, numbers and symbols. Do not use common words and stuff that people can guess about you as your password.

2) Replace default passwords on your router with strong passwords: The biggest mistake most wireless internet users make is not changing default passwords on their routers. Hackers utilize public databases that contain default passwords and usernames from virtually every manufacturer. This enables them to change the security settings of your router according to their needs. Using a strong password for your router ensures that hackers and miscreants cannot change your network’s security settings. To change the password on your router, visit Administration settings on your router’s settings page. Also, do not store passwords in browsers as they can be easily made visible.

3) Change default SSID
Your network’s SSID or Service Set Identifier is the name of your wireless network. Usually, the SSID is the name of the router’s manufacturer along with the model number of the router. Changing it to not display this information prevents you from giving additional information about your router to prospective hackers.

4) Do not broadcast your SSID
Hiding SSID prevents unsophisticated and inexperienced hackers and wifi intruders from determining that your network exists. Hiding your SSID is relatively easy and the option to do so is usually under basic wireless settings on your router’s settings page. However, it is important to note that some devices, including those running newer versions of Windows, will show every network even if they cannot identify its name. Moreover, your network will still contain the SSID in data packets making unmasking ridiculously easy with tools like inSSIDer, Kismet and Commview for WiFi.

5) Use scary names to discourage Wi-Fi theft: If your wireless network has a name like C:\virus.exe, most people who might otherwise access your network will not for the fear of getting their devices infected. You can use your creativity to find more dangerous names for your wireless network.

6) See Connected Devices List: Almost every new router will have a page which displays the list of every device that is connected to the network. You should check this page at regular intervals to see that unknown devices are not leeching your network. When you see an unknown device, you can be certain that someone has breached your network. You can try AirSnare, a free utility which scans your network for unexpected MAC addresses and also looks into DHCP requests.

7) Turn off Guest networking: While most routers will have guest networking disabled by default, it always pays to see that you may not have accidentally enabled it. Guest networking allows others to access your network.

8) Enable MAC address based filtering: Media Access Control or MAC address identifies each device connected to your network. MAC address is an alphanumeric key separated by colons. Enabling MAC address based filtering allows only devices having particular MAC addresses to access your network. You need to enter the MAC address of every device you wish to allow to connect to your network on your router’s settings page. This prevents unknown devices from connecting to your network even if they know your password. To find the MAC address of your computer, open command prompt and execute “ipconfig /all” without quotes.

While it may prevent inexperienced users from getting access to your network, experienced hackers and advanced users can use a wireless network analyzer like Nmap and then change the MAC address of his computer with another free tool MAC Shift.

9) Keep your firmware up to date: Router vendors regularly release firmware updates and post them on their websites. You should occasionally check the manufacturer’s website to see if a new firmware update has been released. Newer routers will automatically inform you when new firmware is available.

10) Reduce wireless signal range: If you reduce the range of your wireless network, common sense tells that it will prevent hackers located at a distance from detecting your network. This has the advantage that if hackers do not know that a wireless network exists, they will not try to break into it. You can place your router at places which would block the Wi-Fi signals. While this technique is advantageous, a hacker keen on hacking into your network will just have to use a larger antenna to pick up your router’s signals. Moreover, reducing the range of your wireless network might cause troubles for genuine users.

11) When not using your internet network, turn it off: This is self explanatory. If you are not using your network, turning it off saves you from giving extra time to hackers to try and hack into your wireless network. While it may be impractical to turn every device on your network off every time you are not using the network, it still is advisable to do so during extended periods of non use.

If you follow all these techniques, your Wi-Fi network will be a lot more protected and hackers will have a tough time breaking into it.

How to restrict virus or trojan attacks

Prevent PC or Laptops from Viruses or Trojans

If you want to know that your system is either infected by viruses and trojans then these are certain techniques, symptoms and guidelines which will help you to identify the same. You can relate them with your body when it got prey to viral infections :P… Similarly, you system behaves when it got infected. Below are some symptoms:

1. Your Computer might be running slow usual than normal(efficiency is decreased means slow processing, sometimes system hangs etc).

2. Some programs might open without your permission.

3. System start up takes too much time to boot.

4. Various Error messages appear on Screen when you open something or without opening also.

5. System registry or task manager has been disabled or folder options is missing.

6. The most important antivirus shows messages of detecting viruses time to time or in some cases unable to update antivirus or sometimes even not able to install any new antivirus or security software.

7. While scanning your system from any antivirus or anti spyware tool its showing viruses and you noticed that viruses are not deleting.

and much more…

Have you ever tried to understand the underlying concept that how is your system got infected? What has infected your System? Is it because of your Friend? or USB? or your online activity that resulted in infection of your PC or laptop? May be you have tried to explore these things but i am pity sure, you must not be able to explore why this actually occurs. So friends, no need to worry, today i will share each and every method which can infect your system and How you can fix your PC or laptop if its already infected. But Today we will explore something really unique and off course of much more importance in our day to day life. So friends lets start with “How viruses and Trojans spread themselves in your PC“.

How a System is got Infected because of your Negligence or lack of awareness?

1. Using Cracked Versions of software specially security ones like antivirus, anti-spyware etc. 

Why I have said this is the first and major cause of infection because of the following simple reason that All hackers know that general internet user public always searches for cracked versions of software’s and wishes to use them for free and Hacker take benefit of them. You all now be thinking how it help hackers. We know that almost all antivirus show each and every keygen as virus or some trojan depending upon its type. Now if we all know that then how come hackers will forget this fact so what they do they attaches trojans and viruses to these files and at the time When your antivirus shows it as virus you ignores the alert and keep the keygen means trojan running.

NOTE: And Guys an important note for you all, If your antivirus doesn’t show any keygen or crack as a virus then don’t ever think that its not a virus but its a most dangerous thing. Why dangerous because now Hacker has used some more brain to fool you that this time he has made the virus undetectable by simply editing or manipulating the hex code of original virus or attaching some dead strings. So what is the moral of story Please don’t use cracked versions.

Now you all be thinking that if we don’t use the cracked versions then how we will able to get full versions of the software’s. Don’t worry when I am there no fear drink beer and enjoy everything for free. Its solution will be in solutions step just read article.

2. Pen drive or USB drive :

The biggest cause of infection of your system is usb drives and external hard disks.

Now how a virus enters into your system using USB drives. You have connected your USB drive to your friends computer and by chance (sorry its for sure i.e 100%) your friends system is infected by virus or Trojans and its the property of Virus that it replicates itself using memory. So when you connect your USB to your friends computer your USB is now infected by virus and now when you connect this USB to your PC using the property of your Windows that it searches the files in Newly connected device and autorun the device and for doing this it loads the index of your USB’s file system into Memory and now if USB has virus its the property  of virus its replicates itself using system memory. Now if you are using good antivirus , your antivirus will pop warning and alert messages and some times you ignores them means your system is also infected. For USB drive virus solution keep reading article.

3. Downloading things from Unknown Sites:

Most of the users searches for thing over the internet and where ever they find their desired result means file that they want they start downloading that from that site only. Now how it affects your system suppose you want to download any wallpaper say Katrina Kaif. Now hackers know the fact that Katrina has a huge fan following and user will surely going to download it. Then what they do they simply bind their malicious codes with some of files and when users download it his system is infected and he can never imagine that the virus has come from wallpaper that he has downloaded from unknown site. For its solution read on article.

4. The most important one Becoming a Hacker like Me (ROFL but its truth).

Why I have mentioned this you might be clear from the above discussion. Most of the internet users always curious to know ways how can i hack my friends email account or his system for these they download all type of shit from the internet and believe me 99.9% of this shit contains viruses and Trojans that sends your information to the providers. Now I don’t say that stop hacking but try to follow some basic steps to learn hacking and first of all you must know how to protect yourself from such type of fake software’s. For its solution read on article.

Now after discussing the things How you system is got infected by your simple negligence. Its time You should Know How to fix them and protect your system from all types of viruses and trojans.

HOW TO STOP VIRUS OR TROJANS ??

1. Using Good Antivirus:

There is a nice misconception between the internet users that full antivirus provides better security. Ya its 100% truth but full antiviruses paid versions not the cracked versions.

There are several other solutions to them that you will get for absolutely Free and I guarantee that it will protect your system 100% just doing some little extra configurations.

Best Free Antivirus : Avira Personal Antivirus i.e Antivir. Avira is still the best free antivirus available on the internet and its because of its expert configuration ability.

You can download avira for free from :

http://www.filehippo.com/download_antivir/

Now after downloading the antivirus what you have to do to make it as good as paid antiviruses.

a. Install the antivirus and update it. Note updating antivirus regularly is compulsory. Don’t worry its not your work it will update itself automatically whenever update is available.

b. After Installing at the right hand top corner you will see a “CONFIGURATION” button. Just click on it now a new window will pop up.

c. Now There at left hand top you will see a click box in front of Expert is written . Click on that now you will see several things in it. Now do the following setting one by one.

1. Click on “Scanner” click on all files and set the “Scanner Priority” to high and click on apply.

2. Click on “Guard” and click on all files and click on “Scan while reading and writing” and then click apply.

3. Click on “General” Now click on select all and click on apply. In general tab only go to WMI section and click on advanced process protection and then click on apply.

4. After doing that restart your PC.

Now you have made your free antivirus an equivalent to the paid one..

Best Free Anti-Spyware: Spyware Terminator with crawler Web security toolbar.

Download It for free :

http://www.filehippo.com/download_spyware_terminator/

Install spyware terminator with web security tool bar . Now your following problems are being solved:

1. No Trojan can attack you.

2. Protection from Malicious websites and much more..

2. Solution for Cracked version Software’s:

As I have mentioned earlier never download cracks and keygens directly to you system but several other methods are there while you are searching for Crack or Keygen first try to search for Serial Key if you found it then its awesome and if not what to do.

Before downloading any Crack and Keygen . Go to the Website:

http://www.virustotal.com/ 

Now copy the download link of the Keygen or crack in the URL box provided on website this website contains all the world famous antiviruses and it will scan file for you if it contains any virus just ignore that otherwise have fun with crack or Keygen.

3. Pen drive or USB drive solution:

For windows XP, Follow below steps:

How you can protect your system from being infected from the pen drive. Just do the following three things rest is being cared by your antivirus.

1. Turn off Auto Play Devices:

To do it Go to Start Menu–> RUN–>type gpedit.msc and press enter–>User Configuration–>Administrative templates–>System–>Turn off Autoplay–> click on enable and then select all drives.

2. Turn off Computer Browser service:

To do it Go to Start Menu–> RUN–>type services.msc and press enter–>then Find Computer Browser service and disable it and restart your system.

3. Most important one Always scan the Pen drive or External hard drives after connecting them.

And Best alternative is to use Linux, as there is no autorun or autoplay concept in Linux operating system.

4.Downloading stuff from Unknown Sites Solution:

The solution of this problem is already provided Web browser Security toolbar will help you in surfing only secured and genuine websites and if you want to visit and download Virus Total will help you to identify the file whether its infected or not.

5. Now for being a Hacker like me i.e Method to use or test Hack tools.

Why I have mentioned this is simply because Hackers always take benefit of these noobish tricks that they attach viruses with files and name them as hack tools . So avoid them if you are too curious like me. Then there are several ways to Handle it. Some are mentioned below:

1. Use Deep Freeze on C drive: For testing Hack tools always use deep freeze as after the next restart your system will be at same position as it was previous.

2. Install Virtual Box and over virtual box install another Windows and test all hack tools using virtual windows. This will protect your system from being infected. Also It will give you more knowledge about handling the viruses and other situations like when something wrong is done what i have to do.

3. Use Sandbox browser to test run the downloaded files.

4. Create two to three fake email ID’s and use them for testing Keyloggers and other fake email hacking software’s but don’t forgot to follow above 3 points.

I hope You all have liked this Article if you have any queries ask in form of comments and all suggestions are heartily accepted. If you have your security related aspects share with us..

How to share remote screens and control PC without any software in Windows

Remote sharing is nowadays on its peak, people use remote sharing to provide live support or for sharing screens. Most of us always use third party software’s for sharing or controlling remote systems using software’s like Teamviewer or Radmin etc.  Today i am going to teach you guys how to connect any two or as many as windows PC through remote without using any third party tool like team viewer etc. So lets learn how to share screens without any third party tool.

Windows Remote assistance without any external software

As we all knows Windows OS is  full of hidden programs that are only limited to developer or geeks. Today we are going to learn about MSRA (windows remote assistance) executable. MSRA is windows inbuilt remote assistance program using which you can control remote pc’s, share remote screens, provide remote support and much more. Lets learn how to use MSRA for remote sharing.

Steps to Share or Control Remote PC using MSRA:

1. First of all click on startup and type command “MSRA” and press enter as shown below:

Type msra in search option

2. Now you will see screen like below having title “Windows Remote Assistance” , there are two options displayed:
a. Invite someone you trust to help you : Choose this option if you want to share your screen with someone.
b. Help someone who invited you : Choose this option if you want to control someone others PC remotely.

Click on Option a “Invite someone you trust to help you” to share your screen:

Select shown option to continue

Once you click the above option then you will see below panel with multiple options:

Options displayed for Windows remote assistance

Now you can see three different options :
a. Send this invitation as file : On clicking this option you can save the invitation file and send it to anyone from which you require help. After saving the file another window will open containing the password. You have to provide that password to person whom you want to connect to your machine.

b. Use email to send an invitation: You can send invitation directly via email but it requires email client on your machine to send email like outlook etc.

c. Use Easy connect: Another method to directly connect two PC is using Easy connect but this require some basic settings at your routers end i.e. If the computer has IPv6 disabled or is behind a NAT router that blocks Teredo traffic, the Easy Connect option will be unavailable.

Now once you have send the  remote assistance invitation file to user, he can connect to your PC by double clicking the invitation file and then entering the password.

Note: You need to enable remote assistance service.

3. Help someone who invited you : By clicking this option you can provide help to anyone who has done the above task. You will need two things : Invitation file and password to connect remote PC.

Woohooo… Did you know there is another smart option by which you can directly connect to any PC using IP address? If not, well lets learn that too. Yup we can also provide windows remote assistance support using IP address too. Here are options.

1. First of all click on startup and type command “MSRA” and press enter.
2. Now you will see screen where two options are displayed, Select “Help someone who invited you”.
3. After that you will see some option, click on the bottom one “Advanced connection option for help desk” as shown below :

Select advanced connection option for help desk

After clicking option you see below panel to enter IP address:

Enter IP address or computer name

After entering IP address press Next to connect to IP address. That’s all.

Hope you all enjoyed the learning. If you have any queries ask me in form of comments.

How to disable Autorun in Windows 7

As operating systems have evolved, their primary goal has always been to make computing easier for the end user, be it a tablet, a smartphone or a desktop computer. Thanks to hybrid operating systems like Windows 8, and the deep integration that Apple’s OS X and iOS enjoy, the difference between various hardware platforms is quickly diminishing, making room for a more streamlined, unified experience. However, good as the intention may be, in doing so, some of the convenience aspects beget a security risk, thereby exposing the system in question to security breaches and execution of undesired code. One such feature in Windows – the most widely used desktop operating system – is the AutoPlay (or AutoRun, as it was formerly known). In this article, we’ll tell you how to disable AutoPlay / AutoRun for good at a system-wide level.
Difference Between AutoPlay & AutoRun
Before we get to disabling the feature, let’s quickly take a glance at what these two terms mean, and whether there is any difference between the two or not. Essentially, AutoRun and AutoPlay are both the same, in that AutoPlay is the successor of AutoRun from older versions of Windows like XP, 2000 and earlier. When AutoRun was introduced, it basically allowed manufacturers of removable storage media (particularly CD/DVD ROMs) to incorporate an autorun.inf file within the device, which instructed the operating system which application (or executable) to call when you inserted the storage device. Windows Vista onwards, Microsoft made room for more choices with the introduction of AutoPlay, which basically allowed the user to choose what program the AutoRun feature should call once invoked. This also allowed leverage for USB-based storage media, extending the support beyond just optical disks. Hence, in essence, both are the same, with AutoPlay being the more advanced of the two.
To disable AutoPlay or AutoRun completely, you can either use the Local Group Policy Editor, if your version of Windows ships with that, or the Registry Editor. We’ll explain both step by step.
Disable AutoRun / AutoPlay Using Local Group Policy Editor
Step 1: Pull up the Run dialog box (Win + R) and type gpedit.msc. Hit Enter to launch the Local Group Policy Editor.
Step 2: Within Group Policy Editor, navigate to this location:
Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies

Step 3: Double-click the Turn off Autoplay option to edit its settings, select Enabled, and then select All drives in the options panel below. Hit Apply when done.

Step 4: Restart your computer.
That’s it; the AutoRun feature has been completely disabled for all users, and for all drives that connect to your machine.
Disable AutoRun / AutoPlay Using Registry Editor
Should you have a version of Windows that doesn’t ship with Local Group Policy Editor, follow these instructions.
Step 1: In the Run dialog, type regedit to launch the Registry Editor.
Step 2: Depending on whether you want to disable AutoRun for all users or just for the current one, navigate to either of these registry keys (the first one is for all users):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
Step 3: Within this subkey, locate the setting labeled “NoDriveTypeAutoRun”. If it doesn’t exist, create a new 32-bit DWORD with this name and assign it the hexadecimal value 000000FF (Decimal 255).

Step 4: Restart the computer.
The DWORD defined above will disable AutoRun for all drives and devices, and will have the same effect that you would’ve gotten through Local Group Policy Editor.
Should you want to restore AutoPlay ever again, just reverse the changes that you made in these steps, and you should be good to go.

Port Scanning Tutorial for Hackers

First part consists of:
1. Introduction of Ports and Port Number
2. What is port scanning and how it works
3. How to protect yourself from port scanners
Second part will contain:
1. Different types of port scanning.
2. How different types of port scanning works.
Third part will contain:
1. Practical implementation of port scanning.
2. Port scanning using NMAP.
3. NMAP tutorial Basics.
Fourth Part:
NMAP advanced tutorial for Hackers and Network administrators.

So lets start from the very first part. So friends lets begin our learning:
First of all, you all must know what is port and for what purpose it is used. Port is a medium between two devices(can be two computers) to communicate with each other. A port is always associated with an IP address (usually of host) and the type of protocol (TCP or UDP) used for communication. A port is identified for each IP address and protocol by a 16-bit number, commonly known as the port number. The port number completes the destination address for a communication’s session means which service has to be invoked.

Since its a 16 bit number so there are 2^16 (means 0 to 65535) ports exists each for UDP and TCP protocols. Out of these first 1k ports are fixed for system services and rest we can configure according to our choice.

List of Common Port Numbers:

Some default useful ports that we use in day to day life(:P Hackers and network administrators) :

Port number       Service

7                                 Ping

21                               FTP(File transfer protocol)

22                               SSH (Secure shell)

23                               Telnet

25                               SMTP (Mail)

43                               WHOIS

53                               DNS

80                               HTTP

110                             POP3 (Mail Access)

119                             Network News Transfer Protocol (NNTP)

143                             Internet Message Access Protocol (IMAP)

161                             Simple Network Management Protocol (SNMP)

443                             HTTP Secure (HTTPS)

513                             Remote login

8080                           Proxy

Port Scanning:

From above you might have guessed that what is port scanning. Now lets understand what actually port scanning technique is? Port scanning is one of the most important step in gathering the information(reconnaissance phase) about the victim against whom you want to launch attack or simply gathering loop holes of your own system(like network and system administrators) to prevent that from hackers. Port scanning is done to get the current state of the port means Port is open, close, filtered or prevented. I usually prefer NMAP for port scanning because it is simply best port scanner available online.

Note: Most of us think that port scanners is only used by hackers. But port scanners serve more to security administrators rather than hackers. Network security administrators use port scanners on regular basis to monitor all the ports status. So either you are a hacker or a security expert, knowledge of port scanning is must for both.

Port scanning help the hackers to find out the open ports on a host. Let me relate it to some practical example of our daily life. Port scanning is basically like ringing a door bell of someone’s house, if somebody respond to ringing door bell, it means somebody is at home. If no one respond then there will be two situation’s, First members in house is busy or nobody is at home. Similarly in case of Hacking, you send a request to host for checking that particular port is live or not. If it responds back means its live other wise its closed or inactive. Now you all must be wondering why i am focusing too much on this. Consider an example, what will happen if you left your home gate always open. :P, its absolutely similar to unprotected PC which has left its ports open.

How to Protect Your Self?

To help ensure that your network is protected and secure you may wish to perform your own port scans.To get accurate results it may be best to perform the port scan from a remote location using non-company equipment and a different ISP. Using software such as NMap you can scan a range of IP addresses and ports and find out what an attacker would see if they were to port scan your network. NMap in particular allows you to control almost every aspect of the scan and perform various types of port scans to fit your needs. Once you find out what ports respond as being open by port scanning your own network you can begin to work on determining whether its actually necessary for those ports to be accessible from outside your network. If they’re not necessary you should shut them down or block them. If they are necessary, you can begin to research what sorts of vulnerabilities and exploits your network is open to by having these ports accessible and work to apply the appropriate patches or mitigation to protect your network as much as possible.

That’s all for today my friends. I will extend the tutorial on Port Scanning in my next article tomorrow. So friends keep reading. In my next class i will explain you different types of port scanning techniques and much more.

If you have any queries ask me in form of comments.

Advanced Port Scanning techniques tutorials

Different types of port scanning techniques:
1. Open Scan : Also known as vanilla scan. In this type of scan hacker try to connect to all the ports of the victim. This scan uses a normal TCP connection to determine port availability and utilizes a TCP 3-way handshake connection that typically every other TCP application will use on a network . Because of this fact this technique has a drawback that it can be easily detected and blocked.  

How open scan works? 

When the port is open, the client sends a SYN flag, the server replies a SYN+ACK flag, which is acknowledged back with an ACK flag by client. Once the handshaking is completed, the connection is terminated by the client. This confirm an open port. When the port is closed or “not listening” the server response a RST+ACK flag, which is acknowledged back with an RST flag by client, and then the connection is closed.
The disadvantage of this scan technique is that the attacker cannot spoof his identity as spoofing would require sending a correct sequence number as well as setting the appropriate return flags to setup data connection. Moreover, most stately IDS and firewall detect and log this scan, exposing both the attempt and the attacker’s IP. The advantage is fast accurate scan that require no additional privilege.

2. Half Open Scan : Half open scan is similar to Open or vanilla scan. The only difference is that it does not establishes a complete connection with the host so it becomes little bit typical for victim firewall to detect it but it still detectable as for receiving ICMP echos a connection has to be established between your PC and victim. 

How Half Open Scan works?

In half-open scan, a complete TCP connection is not established. Instead as soon as the server acknowledge with a SYN+ACK response, the client tears down the connection by sending RST flag. This way, the attacker detect an open port and not establish full connection.
However, some good IDS and firewall like zone alarm can detect a SYN packet from the void and prevent half open scan. Besides, this scan require attacker to make a customer IP packet, which in turn requires the access to SOCK_RAW (getprotbyname(‘raw’) under most system) or /dev/bpf (Berkeley packet filter), /dev/nit (Sun network interface tap). This requires admin privilege access. 3. Strobe Scan – In strobe scan, hackers try to scan only a selected number of port connections.(usually under 20) and rest of the working is similar to open scan. The only difference is that its light weight scan where hackers scan specific ports on the host and analyze the results. A strobe does a narrower scan, only looking for those services the attacker knows how to exploit. Almost 90% of crackers uses this technique as its fastest and accurate.

Drawback: Limited scan may not produce expected results but its too fast. Free Port scanner works on strobe scan technique only. It only scan the internet and web application services ports.

4. Stealth Scan – In this type of scanning technique, scanning is done in stealth manner, which aims to prevent the “request for connection” being logged.

Initially half open scans were considered stealth, however as IDS software evolved, these scan were easily logged. Now, stealth scan refers to the type of scan where packets are flagged with a particular set of flags other than SYN, or a combination of flags, no flag set, with all flag set, appearing as normal traffic, using fragmented packet or avoiding filtering devices by any other means. All these techniques resort to inverse mapping to determine open ports.

Different type of Stealth scans:

• SYN|ACK Scan
  Client sends a SYN+ACK flag to the target. For a closed port, server will reply a RST response while an open port will not reply. This is because the TCP protocol requires a SYN flag to initiate the connection. This scan may generate certain amount of false positives. For instance, packets dropped by filtering devices, network traffic, timeouts etc can give a wrong inference of an open port while the port may or may not be open. However this is a fast scan that avoid three-way handshake.
• FIN Scan
  Similar to SNY|ACK scan, instead a FIN flag is sent to the target. The closed ports are required to reply to the probe packet with RST, while open ports must ignore the packet in question. This scan attempt to exploit vulnerabilities in BSD code. Since most OS are based on BSD or derived from BSD, this was a scan that can return good result. However, most OS applied patches to correct the problem, still there remains a possibility that the attacker may come across one where these patches have not be applied.
• ACK Scan
  The scan take advantage of the IP routing function to deduce the state of the port from the TTL value. This is based on the fact that IP function is a routing function. Therefore TTL value will be decremented by on by an interface when the IP packet passes through it.
• NULL Scan
  In NULL scan, the packet is sent without any flag set. This takes advantage of RFC 793 as the RFC does not specify how the system should respond. Most UNIX and UNIX related system respond with a RST (if the port is open) to close the connection. However, Microsoft’s implementation does not abide with this standard and reacts differently to such scan. An attacker can use this to differentiate between a Windows machine and others by collaborating with other scan results. For example, if -sF, -sX or -sN scan shows all ports are closed, but a SYN (-sS) scan shows ports are opened, the attacker can infer that he is scanning a windows machine. This is not an exclusive property though, as this behavior is also shown by Cisco, BSDI, HP/UX, MVS and IRIX. Also note that the reserved bits (RES1, RES2) do not affect the result of any scan. Therefore this scan will work only with UNIX and related systems.
• Xmas Scan
  In Xmas scan, all flags are set. All the available flags in the TCP header are set (ACK, FIN, RST, SYN, URG, PSH) to give the scan an ornamental look. This scan will work on UNIX and related systems and cause the kernel to drop the packet if the receiving port is open.

5. FTP Bounce Scan – The ability to hide their tracks is important task for hackers. And in port scanning this is achieved using FTP bounce scan technique.

FTP bounce scanning takes advantage of a vulnerability of the FTP protocol itself. This scan takes advantage of the FTP servers with read/write access. The advantage of this scan can be both anonymity and accessibility. Suppose the target network allows FTP data transfer from only its recognized partners. An attacker might discover a service business partner who has a FTP service running with a world-writable directory that any anonymous user can drop files into and read them back from. It could even be the ISP hosting services on its FTP server. The attacker, who has a FTP server and able to run in passive mode, logs in anonymously to the legitimate server and issues instructions for scanning or accessing the target server through a series of FTP commands. He may choose to make this into a batch file and execute it from the legitimate server to avoid detection.
If a connection is established as a means of active data transfer processing (DTP), the client knows a port is open, with a 150 and 226 response issued by the server. If the transfer fails a 425 error will be generated with a refused build data message. The PASV listener connection can be opened on any machine that grants a file write access to the attacker and used to bounce the scan attack for anonymity. It does not even have to be an FTP server, any utility that will listen on a known TCP port and read raw data from it into a file will do.
Often these scan are executed as batch files padded with junk so that the TCP windows are full and the connection stay alive long enough for the attacker to execute this commands. Fingerprinting the OS scan help determine the TCP window size and allow the attacker to pad this commands for further access accordingly.
This scan is hard to trace, permits access to local network and evades firewalls. However, most FTP servers have patched this vulnerability by adopting countermeasures such as preventing third party connection and disallowing listing of restricted ports. Another measure adopted has been restrict write access. 6. Fragmented Packets Scans : FPS is an attempt to bypass rules in some routers. This approach is evolved from the need to avoid false positive arising from other scans due to packet filtering device. For any transmission, a minimally allowable fragmented TCP header must contain a destination and source port for the first packet (8 octet, 64 bit), the initialized flags in the next, which allows the remote host to reassemble the packet upon receipt through an internet protocol module that identifies the fragmented packets by the field equivalent values of source, destination, protocol and identification.
The scan works by splitting the TCP header into small fragments and transmitting it over the network. However, there is a possibility that IP reassembly on the server-side may result in unpredictable and abnormal results – such as fragmentation of the data in the IP header. Some hosts may be incapable of parsing and reassembling the fragmented packets and thus may cause crashes, reboots or even network device monitoring dumps.
Some firewalls may have rulesets that block IP fragmentation queues in the kernel (like the CONFIG_IP_ALWAYS_DEFRAG option in the Linux kernel) – though this is not widely implemented due to the adverse affect on performance. Since several intrusion detection systems use signature-based mechanisms to signify scanning attempts based on IP and/or the TCP header, fragmentation is often able to evade this type of packet filtering and detection. There is a high possibility of causing network problems on the target network.

7. UDP Scan : As the name suggest its a one way scan as UDP is a FIRE AND GO portocol. Port scanning usually means scanning for TCP ports, which are connection-oriented and therefore give good feedback to the attacker. UDP responds in a different manner. In order to find UDP ports, the attacker generally sends empty UDP datagrams. If the port is listening, the service should send back an error message or ignore the incoming datagram. If the port is closed, then most operating systems send back an “ICMP Port Unreachable” message. Thus, you can find out if a port is NOT open, and by exclusion determine which ports are open. Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners of this sort must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives). Also, this scanning technique is slow because of compensation for machines that implement the suggestions of RFC 1812 and limit ICMP error message rate. For example, a kernal may limit destination unreachable message generation to 80 per 4 seconds, with a 1/4 second penalty if that is exceeded.
Some people think UDP scanning is pointless – not so. Sometimes for example, Rpcbind can be found hiding on an undocumented UDP port somewhere above 32770. So it doesn’t matter that port 111 is blocked by the firewall. But can you find which of the more than 30,000 high ports it is listening on? With a UDP scanner you can. 

The disadvantage to the attacker is that UDP is a connectionless protocol and unlike TCP does not retransmit packet if they are lost or dropped on the network. Moreover, it is easily detected and unreliable (false positive). Linux kernel limit ICMP error message rates with destination unreachable set to 80 per 4 seconds, thereafter implmenting a 1/4 second penalty if the count is exceeded. This makes the scan slow and moreover the scan requires root access. However it avoids TCP based IDS and can scan non-TCP ports.
Some more advanced techniques:

1. TCP SCTP Scan: SCTP is a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. It is mostly being used for SS7/SIGTRAN related services but has the potential to be used for other applications as well. SCTP INIT scan is the SCTP equivalent of a TCP SYN scan. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. Like SYN scan, INIT scan is relatively unobtrusive and stealthy, since it never completes SCTP associations. It also allows clear, reliable differentiation between the open, closed, and filtered states.

2. SCTP COOKIE ECHO scan : It is more advanced SCTP scan. It takes advantage of the fact that SCTP implementations should silently drop packets containing COOKIE ECHO chunks on open ports, but send an ABORT if the port is closed. The advantage of this scan type is that it is not as obvious a port scan than an INIT scan. Also, there may be non-stateful firewall rulesets blocking INIT chunks, but not COOKIE ECHO chunks. Don’t be fooled into thinking that this will make a port scan invisible; a good IDS will be able to detect SCTP COOKIE ECHO scans too. The downside is that SCTP COOKIE ECHO scans cannot differentiate between open and filtered ports, leaving you with the state open|filtered in both cases.

That’s all for today friends, i hope now you all will be able to understand how scanning actually works and you might have chosen your favorite technique.

Note my point: Lots of features provided doesn’t matter, what matters is accuracy and smart results. Now this statement may make you think to change the scan method.

REFERENCES:

1. Wikipedia(Port scanning)

2. NMAP ORG(Port Scanning Techniques & Chapter 15: NMAP reference Guide)

3. Power Security Tools( Chapter 2: Network scanning)

4. Hackers Beware : Defending your Network (Chapter 3: Information Gathering)

5. Examining Port scan methods White paper by Deathy

6. Maximum Security: A hacker’s Guide to protect your Internet (chapter 9 Scanners).

I know, this is too advanced article and you all must be having lots of questions and queries regarding each scans. Go ahead and ask in form of comments. I will try to clear all your queries.

10 best step guide to prevent SQL injection

How to block websites without any software

Steps to block any website using Host file:

1. Open the hosts file with notepad. Its located at C:WindowsSystem32Driversetc
Note: This is location in windows XP, vista and Windows 7.
2. Now go to the end of host file and press enter for new line.
3. In the new line type 127.0.0.1 and then leave one space and then type the website name that you want to block.
Suppose i want to block Facebook.com. For blocking Facebook i will type below text into hosts file and save it.

127.0.0.1  http://www.facebook.com

4. That’s all now try to open http://www.facebook.com in your web browser it will not open.

Why it will not open?

The reason is quite simple by adding facebook.com in front of 127.0.0.1 , you have restricted the host name not to translate host name into IP address. For system to connect to any website, it must that first its host name is converted to numerical value called IP address. So we have restricted our network to translate the IP address of the facebook. 

Drawback of this technique:

If you try to connect to Facebook using Facebook’s IP address that you can easily find by searching on Google that means in place of http://www.facebook.com you will type its IP address in address bar then website will open.


I hope you all like it…. If you have any queries ask me in form of comments.

How to find keylogger or any spyware in PC

What is Keylogger and How it actually works?

Keylogger as the name suggests somethings that logs keystrokes. Yup its right, keylogger is a password hacking tool which is used to steal victims passwords, logging the keystrokes pressed by victim and also some advanced keyloggers are even used to retrieve stored confidential data. Based on internet scope keyloggers are of two types:

1. Physical Keylogger: These keyloggers are installed if hacker has physical access to your system. User has to install this type of keylogger manually on your PC or system. These types of keyloggers are hard to find but i will show you today how to find that also.

2. Remote Keylogger: Remote keyloggers are new generation keyboard hook hacking software’s which does not require a physical access to the system that means they can be installed remotely. These usually comes into your PC through torrents, porn websites, hacking tools(software’s like Facebook hack tool, Gmail hack tool, Hotmail hacker) and cracks, keygens and patches. As most users usually ignore these files as antivirus usually shows virus in these files. So hackers exploit this loophole and attach their keyloggers and keyboard hook programs with such things like keygens, patches, cracks and torrents etc.

Remote keyloggers logs the data into a file and send these logs to hackers FTP or his email. So friends, always try to avoid above mentioned things as far as possible.

How to detect or find keylogger or any spyware in your system:

1. Download the Forensic investigation tool OPENFILESVIEW and Install it.

2. Now open openfilesview and you will see a complete list of all processes and temporary files currently being used by your system or PC along with their full path from which they have been running.
 3. Now in above snapshot you can clearly identify the keylogger and system files. Check the Program name and then check its corresponding location in full path. Also you can verify with time at which keylogger file has  been created.

4. Now we have find the location of Keylogger or spyware. Go to that location and open the File with bintext or any binary debugger and search for @ or ftp in that. This will help you to get the email ID or FTP address at which keylogger is sending logs. 

You can also use Wireshark and capture the packets for 20-30 minutes and filter ftp and smtp packets. By this methods you can will get email and password of hacker. I will explain this in my coming tutorials.

I hope you all found this article helpful and get a little deeper knowledge of computer forensics. If you like my article or have any queries please comment.

How to Protect your PC from keyloggers

What is Keylogger?

Keylogger is basically a software tool which clones your key strokes pressed and writes them into log files. Some smart or simply say advanced keyloggers are retrieves the saved passwords in web browsers and other windows applications. Hackers use keyloggers to hack users email account passwords and other passwords and monitor their day to day activity.

How the Keylogger Works?

Lets explain this in very simple way, Whenever you press any key on your keyboard or laptop your machine generates a simple key code which depends on the keyboard format you are using. That key code tell your operating system that you have pressed a particular key. Now what keylogger does it save your key stroke into a file. Now further processing depends upon type of Keyloggers. Basically there are two types of keyloggers:

1. Physical keylogger

2. Remote Keylogger

The above processing is same for both physical and remote keyloggers. The difference lies in how they are gonna use a log file. 

Physical keyloggers requires physical access to a victim’s system, so that hacker can install it manually. He may be your friend, brother, sister or some close one who actually has physical access to your PC or laptop. Now for getting logs also he has to manually access your PC to check logs. But nowadays few good physical keyloggers are there which sends logs on email address. So nowadays we only need one time Physical access and that’s just to install Keylogger and configure an email address to send logs.

Remote keyloggers are a bit different as there name suggest they can be installed from remote, means you don’t need any physical access. Remote keyloggers during configuration generates a server that we can send to victim and which does not need any installation. Remote keylogger maintains the records into log files and when victim connects to internet it send the logs to hacker’s email address or FTP account that he has putted during configuration time to receive logs. 

SOLUTION FOR KEYLOGGERS:

As we all know new keyloggers are always FUD (fully undetectable) so our antivirus doesn’t show any warning messages while infection. So the best method to protect yourself from keyloggers is that encrypt your key strokes by using key scramblers. What a keylogger does is that it monitors key strokes, so when we encrypt our key strokes, Hacker will still receive logs but that garbage as our keys are encrypted and hence he doesn’t get anything and victim will remain safe from his keylogger. 

Let’s understand it with example. Suppose you have typed.

What key scrambler will do? It will Encrypt your each key pressed into some garbage code and keylogger will get this as something like:

sT@ad9;8in=P

So friends what scrambler has done is that it has encrypted your keystrokes and saved you from getting prey to hackers. Secure and protect yourself from keyloggers as you cannot avoid them what you can just do is fool them by encrypting your keystrokes.

DOWNLOAD KEY SCRAMBLER PRO

If you like my article please comment or simply you can say thanks. I will really appreciate your input.

If you have any queries and doubts let me know in form of comments..

Thanks for your time ..