New Features in Nmap
0 comments Wednesday, August 27, 2008

In Fyodor’s talk at Blackhat he talked about the research he’s been doing, and the ways that research has helped him to improve Nmap with lot many enhancements. Let's have a look at the most interesting one.

Abstract:

One of Fyodor’s main focuses was improving Nmap’s speed through improved
efficiency. One of the best ways to do this is to allow for scans of fewer
ports, but this requires that you choose those ports carefully so as to miss as
little as possible. So what he did, through trial and error and tons of scans,
was figure out the most frequently open ports on the Internet.

Here they are for each protocol:

TCP

  1. 80
  2. 23
  3. 22
  4. 443
  5. 3389
  6. 445
  7. 139
  8. 21
  9. 135
  10. 25

UDP

  1. 137
  2. 161
  3. 1434
  4. 123
  5. 138
  6. 445
  7. 135
  8. 67
  9. 139
  10. 53

Ok, so now that we know what the top 10 ports are, wouldn’t it be cool to be
able to scan based on them? And what if we wanted to scan the top 50? Or the top
100?


Fyodor has built this in with the --top-ports option. It’s
wicked nice, and you invoke it like this:

nmap –top-ports 100 $target

And of course, 100 is just an arbitrary number, so you could just as easily
do this:

nmap –top-ports 3000 $target

As you increase this number you obviously gain more and more accuracy, but
because the ports are organized according to the most commonly found on the
Internet, you can scan relatively few and still have good chances of finding
everything open.


Stats from his presentation on TCP port efficiency using --top-ports:

–top-ports 10: 48%
–top-ports 50: 65%
–top-ports 100: 73%
–top-ports 250: 83%
–top-ports 500: 89%
–top-ports 1000: 93%
–top-ports 2000: 96%
–top-ports 3764: 100%

This means for just curiosity scans I can go with --top-ports
1000 and get roughly 93% accuracy in a fraction of the time.

read about more options here.


tags: ,

ByRohit Srivastwa
at10:22 PM

0 comments
Horrible flight from Delhi to Jaipur
3 comments Tuesday, August 26, 2008

As promised in http://twitter.com/rohit11/statuses/895182069 here is the report of my flight experience from Delhi to Jaipur.

The day started nicely where my driver brought me from Connaught place to airport in flat 14 minutes. Though the roads were clear at 6 in the morning, but still 14 minutes is too less for this distance. It was fun.

I reached airport, and after all the formalities and waiting we started boarding. The bus at the boarding gate took us to a deserted bay where only small planes, helicopters and airforce cargo planes were standing.

There we got to know that we are about to fly in an ATR-42-320 50 seater plane. Its not that I haven't flew in an ATR but this was a bit scary. The first glimpse of it made me feel that I’m going for skydiving or an air force exercise. It was due to the look of front gate also with that strappy net guard.
Here is a view from my window the flight standing next is a similar one (ATR-42-320)
And this is the strappy net thing which made me feel like skydiving. And yes thats the elder aunt standing outside the cockpit.

When I grabbed my seat I noticed that the hook of table tray is broken the tray is fixed like this under the seat cover. This reminded me of the movie "final destination" :(. Even the news paper kept in the seat pocket was 2 days old.


When I looked out at the fan on both the side, I noticed the right fan was revolving faster than the left one. First I thought it’s just my fear. But later it turned out to be an actual problem (maybe)
I saw this girl standing outside when we were boarding but later on she turned out to be some instructor or ground crew member without a uniform or proper props. She was signaling the pilot to start and take a turn as if she was signaling a truck and guiding the parking of it.

Anyway we reached the runway and were about to start the taxi when the pilot announced that due to some technical problem they are returning to the bay. Now this added to my scare. Pilot explained that they are seeing some warning signal for the left fan (see I was right) and they are going to check whether it’s an issue or just a false alarm.

When we reached the bay, this truck sign babe turned out to be some flight engineer or whatever. She came in, checked the status and went out. And we started our way back to runway without a word from the pilot. Fan speed was still uneven. Now along with me other co-passengers were scared and someone yelled to know the status. The pilot said that the situation is "under control" and we are going to take off now.

All my life when airhostess gives those safety instructions on emergency landing on water etc, I always thought when I'll get a chance to do that. But this time I was not at all in that mood. Here during the safety instruction the elderly aunt (hostess) said that we don't have automated oxygen support system, if anyone need it kindly contact us. I suppose they had spare oxygen cylinders :((

Anyway in the second time we were able take off from ground. I was still very much scared. The complete process made us one hour late than scheduled time. The whole journey we were flying in low altitude but that I suppose is dependant on the model of plane. That was good because we were able to see a lot of stuff down.
Then came the time on serving breakfast, the elderly aunt brought a basket of muffin and puffs. It was served in just a tissue paper, no plates, and no condiments nothing. And then water was served. The first thing I did in this case was checking the seal of bottle and packing date. Atleast that was all ok.

In the midair, a slightest of turbulence sent a shiver down my spine.

Anyway the flying time was just 50 minutes and we somehow landed at Jaipur airport.
LAND Ho!!!!
Don't ask me about the feeling when I landed my foot on earth. It was like completing an adventure sport with only scare and no fun. This was my flight, I clicked it with happiness of landing safely at Jaipur
Day before of my flight, one of my friend suggested me not to take a flight to Jaipur as the driving time is only 3 hours with wonderful roads, but I had already booked so ignored her suggestion. In the flight I was thinking, why I ignored her. I should have taken the road route, in any case it took me same time in the flight too.

ByRohit Srivastwa
at8:05 PM

3 comments
Olympic opening ceremony fireworks were faked & a BSOD during performance
2 comments Monday, August 11, 2008

Its been reported that some of the Olympic opening ceremoney fireworks were faked.
China is accused of faking it!!!! Why am I not surprised?????



Source:
http://sports.yahoo.com/olympics/beijing/blog/fourth_place_medal/post/Some-Opening-Ceremony-fireworks-were-faked?urn=oly,99745


If you watched the Opening Ceremony on Friday night, chances are you said
something like, "no way that's possible" at least once. It turns out you were
right.
The faked fireworks were actually set-off at the stadium, but because of
potential dangers in filming the display live from a helicopter, viewers at home
were shown a pre-recorded, computer-generated shot. It sounds dishonest, but I'm
not sure it's such a terrible thing.


http://news.sky.com/skynews/Home/World-News/Beijing-Olympics-Opening-Ceremony-Faked-Firework-Footprints-Added-For-TV/Article/200808215075291?lpos=World%2BNews_3&lid=ARTICLE_15075291_Beijing%2BOlympics%2BOpening%2BCeremony%2BFaked%3A%2BFirework%2BFootprints%2BAdded%2BFor%2BTV


The dupe was revealed by China's Beijing Times. Speaking to the paper, the
man responsible for the animation said he was pleased with the result.
"Seeing how it worked out, it was still a bit too bright compared to
the actual fireworks," Gao Xiaolong told the newspaper.
"But most of the audience thought it was filmed live - so that was mission accomplished."


Now something more interesting, there was a BLUE-SCREEN-OF-DEATH popularly known as BSOD.

This was at the moment when Li Ning was rounding the lip of the Bird's Nest during the amazing torch-lighting climax.
Even I noticed it on my television screen ;)

Source:
http://rivercoolcool.spaces.live.com/blog/cns!D6F05428A2B8CB48!1570.entry
http://gizmodo.com/5035456/blue-screen-of-death-strikes-birds-nest-during-opening-ceremonies-torch-lighting

ByRohit Srivastwa
at6:24 PM

2 comments
How to host a static website on Google AppEngine
4 comments Saturday, August 09, 2008

Here's a quick HOWTO on setting up your static website on Google AppEngine.
I promise to keep it very simple and easy to understand for my non-geeky friends

Registering an application:
Firstly register an application on Google AppEngine. It doesn’t matter what you call it, for this HOWTO lets name it mysamplesite.
You’ll need a regular gmail account to do this, hope you already have that (if not shame on you ;)).

Creating a local site and configuration file:
Create a local folder on your machine to for this project. Put a folder inside that containing all your web pages. It can be called anything, but the AppEngine examples always call it static. For our HOWTO lets call it home

Say if your project folder is at C:\MyWeb then this folder will be C:\MyWeb\home, and the main home page would probably be C:\MyWeb\home\index.html.
So now you have a local folder on your machine @ C:\MyWeb\home which holds your website.

Now create a text file called app.yaml in the project folder (C:\MyWeb\app.yaml) with the following contents (I hope you know that you have to change the mysamplesite entry to the name you registered):

application: mysamplesite
version: 1
runtime: python
api_version: 1
handlers:

- url: (.*)/
static_files: home\1/index.html
upload:
home/index.html

- url: /
static_dir: home

Creating the environment for upload:
The website and all related configuration is now ready for upload. Now you need to set up the enviroment for it. Don't worry I'll not ask you to do any coding, its simple "next-> next" kind of installation

# Download and install python from http://www.python.org/download/ and install it. (Simple "next->next" installation)
# Download and install Google AppEngine SDK from http://code.google.com/appengine/downloads.html (Nothing
to worry I promise)


Uploading the website:
Now its the time to upload your static website. All you have to do is run the following command from command prompt.
appcfg.py update C:\MyWeb

This will ask you for your email address. Enter the one you used for creation of application. Next it will ask for your gmail password, don't worry & type it too.
It will show some text and screen & BANG! your static website is up and running on Google AppEngine.

Now you can access your website by the url http://mysamplesite.appspot.com/ (change mysamplesite to your project name).

Explanation of app.yaml file:
The second handler specification (for url: /, handled by static_dir: home) means that AppEngine will serve the page home\folder\abc.xyz whenever a user requests http://mysamplesite.appspot.com/folder/abc.xyz. That’s 95% of a static web site. And the first handler specification (for url: (.*)/) says that any request to a URL ending with a slash should return the index.html page in that folder. So a request to http://mysamplesite.appspot.com/folder/ would return the file home\folder\index.html.

Changing the site name to your website name:
Obviously you don't want to show the world your website as mysamplesite.appspot.com. So now lets change the URL to your website name.
For this you need to have a Google Apps hosted domain. If you already haven't done that, go for it cause it will give you the following for free
a) email server: multiple email address with @yourdomain.com
b) Google docs
c) Calendar
d) Google talk
and much more... and all by your domain name.

Once you have the Google Apps account, go to https://www.google.com/a/cpanel/YOURDOMAIN.COM/SelectServices and enter your AppID (mysamplesite in our example)
Accept the terms and condition and create a name for your project.
Next you'll be asked to create a CNAME entry in your DNS. If you are new to this, read the documentation on the page and you'll be able to do it. Its not a rocket science anyway.
Once done you can access your new static website hosted on Google AppEngine by your own domain name.

That's easy, isn't it.

Benefits of site on Google AppEngine:
a) High end google servers
b) No worries of downtime
c) High availablity
d) No pain of maintaining the server settings if you have only static website
e) FREE !!! This can make your complete web presence for free. Blog @ Blogspot, Album @ Picasa, Website @ AppEngine, mail @ gmail ( or hosted google mail), presentations and files @ Docs. All you need to pay is cost of domain name(~$10).

tags:

ByRohit Srivastwa
at8:01 PM

4 comments
Fun with Google spreadsheet
3 comments Thursday, August 07, 2008

Many of you might have used Google docs and spreadsheet, but have you ever tried this "magic" trick ;)


Ok, open up a spreadsheet and enter "Google" in the top left cell, and enter "Yahoo" in the cell below. Now select both the cells you created. Hold down the Ctrl key, and drag the bottom right corner of the selection downwards over the other cells. See the fun when you release the key/mouse



A sample screenshot



You can try any combinations and have fun

Try combinations like:

a) file, edit....
b) batman, superman....
c) olympics, asian games....
d) abhishek, amitabh...
e) tom cruise, brad pitt...

Q: What's happening here?
A: Well, thats from a member of Google Labs called Google Sets. One of the oldest member of labs and still listed. This tool automatically expands a given set of items. And which is being used for fun/productivity in spreadsheet :)

Tell me if you find some more interesting sets of keywords

tags: ,

ByRohit Srivastwa
at9:38 AM

3 comments
Subscribe to: Posts (Atom)