Search This Blog

Thursday, September 17, 2009

Inssider WiFi tool

Nice little tool for Windows XP and Vista that will show RF interference for your WiFi.

http://www.metageek.net/products/inssider

And it's free.

Tuesday, September 1, 2009

TrendMicro

TrendMicro OfficeScan 8.0sp1 with latest engine and pattern can not detect this nasty worm:

http://www.threatexpert.com/report.aspx?md5=13c36740aae01c7417d7a55d23156075

Ticket has been raised at TM, but it may take some time before we get a cure... Housecall also does not detect it. Sad story.
Check if your FW detects calls home to 88.247.183.228 on port 8882

We are using AVG and other tools to clean up PCs.

Checkpoint fw monitor

a command line to capture packets in Checkpoint:

fw monitor -m i -e "accept [20:2,b]=445 or [22:2,b]=445;" -o monitor.cap -ci 10 -co 10

will save 10 packets on port 445 in the file monitor.cap.

You can upload it using tftp from Checkpoint to another server and analyse it with wireshark.

However my preference is to set switch monitoring of the port to another port and use Microsoft Network monitor 3.3 to capture packets.