RSS
 

Archive for 2011

How to Detect and Block UltraSurf

18 Nov

Ultrasurf sets up a local proxy on the user’s computer, and then configures Internet Explorer’s proxy settings to run all Internet requests through that local proxy. It works automatically with Internet Explorer; however, the user can also use Firefox or any other browser that supports a proxy configuration by manually changing the browser’s proxy settings. The default port is 9666

The user can then browse any Internet site normally using IE. All traffic funnels through the local Ultrasurf proxy. Since the traffic between Ultrasurf and IE is entirely on the localhost, it never goes to the network and can’t be blocked by a network device.

Ultrasurf then sets up an encrypted connection with a remote server in its network of proxy servers

The connection to the remote proxy server is made over port 443, which is the standard HTTPS port
UltraSurf can discover its proxy servers by the following ways

1-A cache file of proxy server IPs stored in the user’s local temp directory from a previous execution

2-DNS requests to external DNS servers, which return encoded IPs of proxy servers.

3-A document on Google Docs containing a rapidly updated, signed and encrypted list of active proxy servers

4- static list of proxy server IPs built into the program

5-Once Ultrasurf discovers a proxy server in its network, it can retrieve IP addresses of other proxy servers directly from that server

by using the last link i tried to capture packet coming from UltraSurf using wireshark on port 443 to see which server they are connecting to on port 443 i found three major servers with the following range 204.107.140.0/24 , 65.49.0.0/17, 72.0.0.0/8 so i made an address-list and added these address to them

firewall address-list rules

 ip firewall address-list
  add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers
  add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers


then using these address list we can match on users who are trying to connecting to these proxy servers on 443 and so we can catch all the traffic that is coming from UltraSurfUsers to these destinations on port 443


  ip firewall mangle
  add action=add-src-to-address-list address-list=UltraSurfUsers \
  address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\
  no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp




Firewall Filter rules


after discovering who is using ultrasurf on your network , now you can block any traffic from those UltraSurfUsers destined to 443


  ip firewall filter
  add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\
  443 protocol=tcp src-address-list=UltraSurfUsers




notice that all these last rules are only applied to Mikrotik ROS 3.30


 




						
 

					

	
					

						

							No Comments
							
Posted  in Mikrotik, Tips & Trick

						

						
 

					

				

				
							

					
Step By Step Installing Asterisk, FreePBX, Trixbox CentOS

					

						

							01
							Sep
						

					

	
					

						


The first step is to add the Asterisk yum repositories to your CentOS or RedHat system.


This is done by creating an entry in the yum configuration directory (/etc/yum.repos.d by default).


Use the text editor of your choice to create a new file named “CentOS-Asterisk.repo” in the “/etc/yum.repos.d” folder.


Add the following text to the file:


[asterisk-tested]


name=CentOS-$releasever – Asterisk – Tested


baseurl=http://packages.asterisk.org/centos/$releasever/tested/$basearch/


enabled=0


gpgcheck=0


#gpgkey=http://packages.asterisk.org/RPM-GPG-KEY-Digium


 


[asterisk-current]


name=CentOS-$releasever – Asterisk – Current


baseurl=http://packages.asterisk.org/centos/$releasever/current/$basearch/


enabled=1


gpgcheck=0


#gpgkey=http://packages.asterisk.org/RPM-GPG-KEY-Digium


Save the new file and create another named “CentOS-Digium.repo” and insert the following text:


[digium-tested]


name=CentOS-$releasever – Digium – Tested


baseurl=http://packages.digium.com/centos/$releasever/tested/$basearch/


enabled=0


gpgcheck=0


#gpgkey=http://packages.digium.com/RPM-GPG-KEY-Digium


[digium-current]


name=CentOS-$releasever – Digium – Current


baseurl=http://packages.digium.com/centos/$releasever/current/$basearch/


enabled=1


gpgcheck=0


#gpgkey=http://packages.digium.com/RPM-GPG-KEY-Digium


At this point your system has been updated to use the Asterisk and Digium repositories in addition to the base CentOS repositories. You are now ready to install Asterisk.


To start the installation, execute the following at the Linux command line:


[root@localhost~]# yum install asterisk16 asterisk16-configs asterisk16-voicemail dahdi-linux


Congratulations, you now have a CentOS or RedHat system with a complete version of Asterisk installed. Test out your new install by starting Asterisk:


[root@localhost yum.repos.d]# asterisk -vvvgci


 


 Read the rest of this entry »




						
 

					

	
					

						

							No Comments
							
Posted  in Linux, Tips & Trick

						

						
 

					

				

				
							

					
Linux Load Balance

					

						

							18
							Jun
						

					

	
					

						


This is my little script for linux, you can free to modified.


#!/bin/sh

# Load Balance Script By: Andrie Johanes 04/01/2007 10:23 AM

# Free for distributed or modification


Name=balance


TABLE1=”speedy1″

TABLE2=”speedy2″


GW_ISP1=”192.168.10.1″

GW_ISP2=”192.168.20.1″


IP_ISP1=”192.168.10.2″

IP_ISP2=”192.168.20.2″


LAN=”192.168.15.0/24″


MARK_ISP1=”0xa”

MARK_ISP2=”0xb”


STOP() {

# DEL ROUTING DEFAULT TIAP TABLE

ip ro del default via $GW_ISP1 table $TABLE1

ip ro del default via $GW_ISP2 table $TABLE2


# DEL RULE ISP 1

ip ru del to $GW_ISP1 table $TABLE1

ip ru del from $IP_ISP1/32 table $TABLE1


# DEL RULE ISP 2

ip ru del to $GW_ISP2 table $TABLE2

ip ru del from $IP_ISP2/32 table $TABLE2


# DEL RULE DEFAULT TABLE UTAMA KERNEL

ip ru del from $GW_ISP1 table main

ip ru del to $IP_ISP1/32 table main


ip ru del from $GW_ISP2 table main

ip ru del to $IP_ISP2/32 table main


ip ru del to $LAN table main


# DEL PACKET MARK

ip ru del fwmark $MARK_ISP1 table $TABLE1

ip ru del fwmark $MARK_ISP2 table $TABLE2


ip ro flush cache


# STOP ROUTING LOAD BALANCE

ip ro del default nexthop via $GW_ISP1 weight 10 nexthop via $GW_ISP2 weight 10


ip ro add default via $GW_ISP1

}


START() {

# ADD ROUTING DEFAULT TIAP TABLE

ip ro add default via $GW_ISP1 table $TABLE1

ip ro add default via $GW_ISP2 table $TABLE2


# ADD RULE ISP 1

ip ru add to $GW_ISP1 table $TABLE1

ip ru add from $IP_ISP1/32 table $TABLE1


# ADD RULE ISP 2

ip ru add to $GW_ISP2 table $TABLE2

ip ru add from $IP_ISP2/32 table $TABLE2


# ADD RULE DEFAULT TABLE UTAMA KERNEL

ip ru add from $GW_ISP1 table main

ip ru add to $IP_ISP1/32 table main


ip ru add from $GW_ISP2 table main

ip ru add to $IP_ISP2/32 table main


ip ru add to $LAN table main


# ADD PACKET MARK

ip ru add fwmark $MARK_ISP1 table $TABLE1

ip ru add fwmark $MARK_ISP2 table $TABLE2


ip ro flush cache


ip ro del default


# START ROUTING LOAD BALANCE

ip ro add default nexthop via $GW_ISP1 weight 10 nexthop via $GW_ISP2 weight 10

}


case $1 in

start)

START

echo “Load Balance Start”

;;

stop)

STOP

echo “Load Balance Stop”

;;

restart)

STOP

START

echo “Load Balance Restart”

;;

*)

echo “*Usage /etc/init.d/$Name (start|stop|restart)”


esac

exit 0




						
 

					

	
					

						

							No Comments
							
Posted  in Hardware

						

						
 

					

				

				
							

					
Event ID 10 is logged in the Application log after you install Windows Vista Service Pack 1, Windows 2008, Windows 7 or Windows Server 2008 R2

					

						

							19
							May
						

					

	
					

						


After you install Windows Vista Service Pack 1 (SP1), Windows Server  2008, Windows 7 or Windows Server 2008 R2, the following WMI error is  logged in the Application log:


Log Name:      Application

Source:        Microsoft-Windows-WMI

Date:          1/18/2008 2:37:27 PM

Event ID:      10

Task Category: None

Level:         Error

Keywords:      Classic

Description: Event filter with query “SELECT * FROM __InstanceModificationEvent  WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND  TargetInstance.LoadPercentage > 99″ could not be reactivated in  namespace “//./root/CIMV2″ because of error 0×80041003. Events cannot be  delivered through this filter until the problem is corrected.


When you click the Details tab in the error message and select the XML view, you receive the following error message:






Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
    <EventID Qualifiers="49152">10</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2008-01-18T22:37:27.000Z" />
    <EventRecordID>187</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>adsd-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>//./root/CIMV2</Data>
    <Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 99</Data>
    <Data>0x80041003</Data>
  </EventData>
</Event>






This problem occurs if the WMI filter is accessed without sufficient permission.




To resolve this problem, run a script to stop the Event ID 10 messages. To run this script, follow these steps:


    

  1. In a text editor, such as Notepad, create a new text document named Test.vbs.
    2. 

  2. Paste the following code into Test.vbs:

    

    

    strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")

For each obj2 in obj2set
                WScript.echo "Deleting the object"
                WScript.echo obj2.GetObjectText_
                obj2.Delete_
next

For each obj3 in obj3set
                WScript.echo "Deleting the object"
                WScript.echo obj3.GetObjectText_
                obj3.Delete_
next

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_
    

    

    

    3. 

  3. After you run this script, the Event  ID 10 messages stop appearing in the Application log. However, you have  to manually clear any previous Event ID 10 messages.

    Note Make sure that you only delete the appropriate Event ID 10 messages.  There may be other pertinent Event ID 10 messages that you do not want  to delete.
    4. 



Or


strComputer = “.”


Set objWMIService = GetObject(“winmgmts:” _

& “{impersonationLevel=impersonate}!\\” _

& strComputer & “\root\subscription”)


Set obj1 = objWMIService.ExecQuery(“select * from __eventfilter where name=’BVTFilter’ and query=’SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “”Win32_Processor”" AND TargetInstance.LoadPercentage > 99′”)


For Each obj1elem in obj1


set obj2set = obj1elem.Associators_(“__FilterToConsumerBinding”)


set obj3set = obj1elem.References_(“__FilterToConsumerBinding”)


For each obj2 in obj2set


WScript.echo “Deleting the object”


WScript.echo obj2.GetObjectText_


obj2.Delete_


next


For each obj3 in obj3set


WScript.echo “Deleting the object”


WScript.echo obj3.GetObjectText_


obj3.Delete_


next


WScript.echo “Deleting the object”


WScript.echo obj1elem.GetObjectText_


obj1elem.Delete_


Next


 






						
 

					

	
					

						

							No Comments
							
Posted  in Tips & Trick, Windows

						

						
 

					

				

				
							

					
Multiproxy Switch for Firefox 4

					

						

							13
							Apr
						

					

	
					

						


as one of my most loved addon the  Multiproxy Switch does not install on Firefox 4 i changed the install package to get it running:


    

  1. Download the multiproxy_switch_1.33.xpi
    2. 

  2. Rename the File with .zip extension
    3. 

  3. Open the install.rdf with an editor
    4. 

  4. in line 20, just change it to”<em:maxVersion>4.0.*</em:maxVersion>”
    5. 

  5.  Rename it back to .xpi extension
    6. 

  6. Double click and open with Firefox 4, install it. DONE!
    7. 





						
 

					

	
					

						

							No Comments
							
Posted  in Website, Windows

						

						
 

					

				

				
							

					
Task Manager Greyed Out Windows 7

					

						

							03
							Mar
						

					

	
					

						




Some time ago I received an email from a reader curious why their Task Manager option was grayed out on the taskbar right-click menu. After a bit of research his problem was solved, and now I’m sharing the solution with everybody.


There is a registry key that will disable Task Manager, although it’s not always clear how or why it was set to disable. In many cases the problem is related to spyware, so you should also scan your computer.


Why is task manager grayed out?


image


Manual Registry Hack


Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


 image


On the right-hand side is a 32-bit REG_DWORD value named DisableTaskMgr with one of two values:


    

  • 1 – Disable task manager
    • 

  • 0 – Enable task manager
    • 



Just double-click and change the value, or even delete the key. The change should take place immediately.






						
 

					

	
					

						

							No Comments
							
Posted  in Tips & Trick, Windows

						

						
 

					

				

				
							

					
Test Quality Keyboard

					

						

							24
							Jan
						

					

	
					

						


So want to  see as  good quality  keyboard you  all,  how:


1. Press and  hold both  the SHIFT key on  the keyboard

2. While still  holding the  shift key is, try  to write the following sentence: “A QUICK  BROWN FOX JUMPS OVER  THE LAZY DOG”.

3. You  see who  came out text  on your  screen.




						
 

					

	
					

						

							No Comments
							
Posted  in Tips & Trick, Windows

						

						
 

					

				

				
							

					
Installing Xampp and WordPress

					

						

							05
							Jan
						

					

	
					

						




T U T O R I A L     S E R I E S


Installing Xampp and WordPress




Why ??

One reason is that you can do a lot of developing (playing around) much  quicker as there is no need to use ftp. An added bonus is that no-one  can see when you make some strange mistakes.

You can also install plugins, upgrade to the latest nightly and  virtually anything else confident in the knowledge that if it goes  wrong, there is no impact on your actual site.


It is also very very easy.


This is written for Windows XP Home. It works for XP Pro, but only if you stop IIS.


First go and download XAMPP Lite from http://www.apachefriends.org/en/xampp.html. You can choose a larger package if you need, but for WordPress, the Lite package is fine.

You can choose one of two download packages – the ZIP or the EXE. If you  are unsure, choose the EXE as this will install itself. (The EXE is  also smaller).

Move the downloaded EXE file to the root of the drive. In my case, this is C:\




Double-click the file and the extract dialog will appear:

Click extract – and wait a few moments while it does it’s job.

You will then have the xampplite directory at root:




Now you need to start Xampp.

Open the xampplite folder.

You should be seeing a screen with these files (among others) on:




Click “setup_xampp.bat”




Once you have the success message, you can click “xampp-control.exe”




Now click both indicated buttons to get xampp working in the way we need



You’ll know it’s working when you see this






Now you need to see it all properly.

In your browser, enter the address http://localhost/xampp/splash.php






After you have clicked your language and entered the program, click phpMyAdmin.






Copy exactly what is in this image and press Create.




That is xampp completely sorted out for now.


Download and unzip WordPress.

Open the file wp-config-sample.php

These are the exact details you need for Xampp to work because the  default user in phpmyadmin is called ‘root’ and there is no password.


define(‘DB_NAME’, ‘wordpress’);     // The name of the database

define(‘DB_USER’, ‘root’);     // Your MySQL username

define(‘DB_PASSWORD’, ”); // …and password

define(‘DB_HOST’, ‘localhost’);     // 99% chance you won’t need to change this value


Copy those details into your wp-config file, and save it as wp-config.php


Now you need to copy the files to the right place.

Click the Start button, followed by My Computer >  Main drive > Xampplite > htdocs

Copy the whole WordPress folder into this directory.


In your browser, go to http://localhost/wordpress/wp-admin/install.php and everything from there should run smoothly !


NOTES:


    

  • You do not need to use the inbuilt editor to change any WP files.  Just open them directly in your text editor, make your changes and then  save. As there is no uploading to do, it makes things much much faster –  and you can do this without an internet connection too.
    • 

  • If you want to use permalinks, you will need to make a change inside another file:
    
Click the Start button, followed by My Computer >  Main drive > Xampplite > apache > Conf and find the file httpd.conf. Open that in a text editor. Use the search facility in the editor to find “rewrite”. The line you need looks like this:
    

    #LoadModule rewrite_module modules/mod_rewrite.so
    

    You need to take away the hash sign so it looks like this
    

    LoadModule rewrite_module modules/mod_rewrite.so
    

    Now just save the file.
    • 







						
 

					

	
					

						

							No Comments
							
Posted  in Website