Combating rootkit with rootkit

While I totally agree with the concept of combacting rootkit with rootkit when it comes to the new generation of spyware, etc. (remember Sony’s need for control fiasco), but my concern is there are many lazy programmers (yours truly included) out there and most companies are in a hurry to ship a product out the door without testing as thoroughly as one should, which means when dealing at the Kernel level for most end-users it could be a experience of more BSOD’s.

More DOS Pings

Here are a few more DOS pings from last night, I think these are poor souls who don’t know they have infected machines (or lets hope so). There is one (218.201.43.148) from China belonging to someone called Ming Chen in Chongqing, might have to drop his/her ISP an email.

inetnum: 218.201.40.1 – 218.201.43.254
netname: CQ-CHONGQINGYIDONG
country: CN
descr: Chong Qing Yi Dong IDC Yong HU
descr: 40-43 Duan Qi Yong

person: ming chen
nic-hdl: MC285-AP
e-mail: chenming@cq.chinamobile.com
address: NO.300, L building, 6th street, keyuan, high-tech, industrial zone, Chongqing,400041
phone: +86-13983247186
fax-no: +86-13594249044
country: cn
changed: weichenguang@chinamobile.com 20040625

Firewall log:
Tue Dec 20 05:27:18 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:27:18 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:27:18 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:33:39 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:33:59 2005 1 Blocked by DoS protection 66.235.167.62
Tue Dec 20 05:36:42 2005 1 Blocked by DoS protection 221.203.145.54
Tue Dec 20 05:40:00 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:46:22 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:46:22 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:46:22 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:46:22 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:47:07 2005 1 Blocked by DoS protection 221.1.204.251
Tue Dec 20 05:51:20 2005 1 Blocked by DoS protection 202.96.87.41
Tue Dec 20 05:52:44 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:52:44 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:52:44 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:52:44 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 05:59:05 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:04:25 2005 1 Blocked by DoS protection 58.18.64.162
Tue Dec 20 06:04:25 2005 1 Blocked by DoS protection 58.18.64.162
Tue Dec 20 06:05:28 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:05:28 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:09:37 2005 1 Blocked by DoS protection 221.203.145.54
Tue Dec 20 06:11:48 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:11:48 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:18:09 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:18:09 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:18:09 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:18:09 2005 1 Blocked by DoS protection 218.201.43.148
Tue Dec 20 06:19:15 2005 1 Blocked by DoS protection 82.49.110.167
Tue Dec 20 06:28:17 2005 1 Blocked by DoS protection 202.96.87.41
Tue Dec 20 06:30:40 2005 1 Blocked by DoS protection 213.142.181.48

Belkin Pre-N Wireless Router Rocks!

Well it has been a week+ and the Belkin Pre-N Wireless Router I got has been humming away merrily, no issues so far – zilch, nada, nothing, null, unlike the Linksys piece-of-crap-good-for-nothing-junk! Awesome! Have been very happy. I would highly recommend it. The first thing I did was update the firmware (it also has an auto-update feature, but more on that some other time). And once it was configured and up and running, did not need anything else.

I cannot comment on the speed or the range, because I live in a flat, and the area is not wide enough for me to test. The only thing I can say is, earlier I would get a signal strength of 4/5 and now I get 5/5, and as you can see that is a very scientific observation ;). From a speed point of view, again all the device I use to connect to this use 802.11g, and work like a dream. Don’t have any Pre-N wifi cards (and don’t plan to get any in the near future), so again cannot comment on that.

A few of you have requested screen shots of its admin pages, will be doing that over the next few days and uploading here. Ping me if you have any questions on this.

Last chance to download these from MSDN

As part of the settlement with Sun, all the products containing MSJVM will be discontinued from MSDN Subscriber download in late December (which means any day now). Here is the list of products you won’t be able to download after this:

  • Microsoft Application Center 2000
  • Microsoft BizTalk Server 2000
  • Microsoft Commerce Server 2000
  • Microsoft Commerce Server 2000 Resource Kit
  • Microsoft DCOM for Windows 95 v1.1
  • Microsoft Embedded Visual Tools 3.0 (2002 Edition)
  • Microsoft Exchange Server 5.5 & 2000
  • Microsoft FrontPage 2000 Server Extensions
  • Microsoft Handheld PC 2000 SDK
  • Microsoft Infrared Communications for Windows 95 DDK
  • Microsoft ISA Server 2000
  • Microsoft Plus! 98
  • Microsoft Site Server 3.0
  • Microsoft Small Business Server 2000
  • Microsoft SNA Server 4.0 Service Packs 3 & Service Pack 4
  • Microsoft System Management Server 2.0
  • Microsoft Visual C++ (Alpha Systems)
  • Microsoft Visual FoxPro 6.0
  • Microsoft Visual SourceSafe 6.0c & 6.0d
  • Microsoft Visual Studio 6.0
  • Microsoft Windows 2000
  • Microsoft Windows 2000 DDK
  • Microsoft Windows 98
  • Microsoft Windows 98 DDK
  • Microsoft Windows CE SDKs & DDKs
  • Microsoft Windows CE Toolkit for Visual C++ 6.0
  • Microsoft Windows ME
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 DDK
  • System Stress for Microsoft Windows NT 4.0 & Windows 2000

If you don’t have these on already, I would suggest downloading them and keeping them now. More information on this can be found here.

Stupid Media Player Blogging Plugin

This is the not the first time this has happened, but in case you were seeing a few of my previous posts, no I am not listening to the same song by Bon Jovi (in a loop), but the media player blogging plug has bugs! It for some reason is stuck on that – does not matter even if I have Media Player even open or not. So its turned off for now, don’t have the time to find a fix. If someone out there knows a solution let me know. (BTW, I am running Media Player 10).

Why ServiceModel?

If anyone knows I would love to know what the reasoning was behind calling the Indigo (now WCF) namespace as System.ServiceModel? Why Model, why not just Service (though it might get confusing with the Windows Services), or something else? To me its not very intuitive, I am use to it now, so its almost like second nature, but would still be good to know why.

[Listening to: I Am – Bon Jovi – Have A Nice Day (03:54)]

System.Transactions and Timeout

Cross posting from All about Interop; System.Transactions has two timeout values that you can specify in configuration files. The default timeout for System.Transactions transactions is 1 minute.  You can set it in either app config, web config, or machine config.  (You can also set the timeout for a particular transaction programmatically within the application, by using one of the appropriate constructors for TransactionScope or CommittableTransaction).  Setting the default timeout to 30 seconds in config code looks like the following.

<configuration>
 <system.transactions>
  <defaultSettings timeout=”00:00:30″ />
 </system.transactions>
</configuration>

For System.Transactions there is also a maximum transaction timeout. It is designed to be used by the System Administrator to limit transaction timeouts. If this setting is not specified, it defaults to 10 minutes.  It cannot be overridden in code.   If the app.config timeout or the timeout specified in the constructors above exceed the maximum timeout in the machine.config, the timeout is adjusted down to the maximum timeout value. That can be specified only in machine config.  To change that you would specify the maxTimeout property of the machine settings section.  For example, this specifies 30 seconds:

<configuration>
 <system.transactions>
   <machineSettings maxTimeout=”00:00:30″ />
 </system.transactions>
</configuration>

So, for example if your app.config setting specifies a defaultSettings timeout of zero, which implies (with a screwy sort of logic) infinite timeout, or if your application code specifies a zero timeout in one of the constructors, then the actual timeout of the transaction will not be infinite – it will be bound to the setting for machineSettings maxTimeout.

For any high-throughput transactional server, The default maxTimeout setting is probably not right for you.  You’re going to want to set this pretty low.

This is for any transaction managed by DTC – that would include transactions involving SQL Server, Oracle, MQ, DB2, and so on.  If your transactions are timing out after 10 minutes and you want to know why, check these settings.

[Listening to: I Am – Bon Jovi – Have A Nice Day (03:54)]

Google Extensions for Firefox

More news on Google, they have released two new extensions for Firefox, one is called Google Safe Browsing which detects any phishing and spoofing sites, and the other is for Blogger Web Comments – so you can see what others are saying about the page you are on, and even blog directly to your blog (running on blogger of course).

[Listening to: I Am – Bon Jovi – Have A Nice Day (03:54)]

Xbox 360 copy protection cracks

BBC is reporting that the copy protection on the XBOX 360 has been cracked by a group called the Team PI Coders. It is not quite at the stage where its usable, but this is definitely the starting point. Today you can get just some of the information, and cannot run the dumps, but the day you can, then it might be worthwhile investing on one. 🙂 My biggest rant is the fact that I have a US XBOX, why can’t I play those games in a UK XBOX?

[Listening to: I Am – Bon Jovi – Have A Nice Day (03:54)]

Wiress Router – Firewall Log

If you have been following my Wireless blues here, you would know its been 48 hours (or so) and the new Wireless router is still going strong (touch wood) without any issues so far. This is what I had in the log so far (which is quite interesting when compared to Linksys as if I did have a similar log internally then I do not know how to get to it).

Firewall log:

Wed Dec 14 22:04:49 2005 1 Blocked by DoS protection 87.248.104.124
Wed Dec 14 22:04:50 2005 1 Blocked by DoS protection 87.248.104.124
Wed Dec 14 22:04:50 2005 1 Blocked by DoS protection 87.248.104.124
Wed Dec 14 22:04:51 2005 1 Blocked by DoS protection 87.248.104.124
Wed Dec 14 22:04:51 2005 1 Blocked by DoS protection 87.248.104.124
Wed Dec 14 22:06:07 2005 1 Blocked by DoS protection 218.66.104.186
Wed Dec 14 22:06:54 2005 1 Blocked by DoS protection 218.76.83.176
Wed Dec 14 22:20:52 2005 1 Blocked by DoS protection 202.96.87.41
Wed Dec 14 22:20:52 2005 1 Blocked by DoS protection 202.96.87.41
Wed Dec 14 22:21:15 2005 1 Blocked by DoS protection 218.66.104.206
Wed Dec 14 22:27:05 2005 1 Blocked by DoS protection 66.235.5.225
Wed Dec 14 22:30:54 2005 1 Blocked by DoS protection 58.18.64.162
Wed Dec 14 22:31:15 2005 1 Blocked by DoS protection 24.144.28.48
Wed Dec 14 22:31:18 2005 1 Blocked by DoS protection 24.144.28.48
Wed Dec 14 22:44:13 2005 1 Blocked by DoS protection 222.122.21.56
Wed Dec 14 22:45:08 2005 1 Blocked by DoS protection 213.218.235.243
Wed Dec 14 22:52:10 2005 1 Blocked by DoS protection 218.66.104.186
Wed Dec 14 22:53:12 2005 1 Blocked by DoS protection 24.71.230.241
Wed Dec 14 22:53:15 2005 1 Blocked by DoS protection 24.71.230.241
Wed Dec 14 22:54:02 2005 1 Blocked by DoS protection 71.99.18.100
Wed Dec 14 22:54:05 2005 1 Blocked by DoS protection 71.99.18.100
Wed Dec 14 22:54:37 2005 1 Blocked by DoS protection 218.65.102.111
Wed Dec 14 22:58:06 2005 1 Blocked by DoS protection 64.4.12.201
Wed Dec 14 22:58:06 2005 1 Blocked by DoS protection 64.4.12.201
Wed Dec 14 22:58:07 2005 1 Blocked by DoS protection 64.4.12.201
Wed Dec 14 22:58:08 2005 1 Blocked by DoS protection 64.4.12.201
Wed Dec 14 22:58:09 2005 1 Blocked by DoS protection 64.4.12.201
Wed Dec 14 22:58:12 2005 1 Blocked by DoS protection 82.155.102.141
Wed Dec 14 22:58:15 2005 1 Blocked by DoS protection 82.155.102.141
Wed Dec 14 23:00:56 2005 1 Blocked by DoS protection 220.189.245.98
Wed Dec 14 23:02:32 2005 1 Blocked by DoS protection 218.66.104.206
Wed Dec 14 23:14:10 2005 1 Blocked by DoS protection 58.18.64.162

If you check out the IP 87.248.104.124 that is particularly interesting as you can see below:

inetnum: 87.248.96.0 – 87.248.127.255
org: ORG-YE1-RIPE
netname: UK-YAHOO-20050817
descr: Yahoo! Europe
country: GB
admin-c: KW3969-RIPE
tech-c: KW3969-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: YAHOO-MNT
mnt-routes: YAHOO-MNT
mnt-domains: YAHOO-MNT
source: RIPE # Filtered

organisation: ORG-YE1-RIPE
org-name: Yahoo! Europe
org-type: LIR
address: 125 Shaftesbury Avenue
London
address: WC2H 8AD
address: London
address: United Kingdom
phone: +44 207 131 1495
fax-no: +44 207 131 1213
e-mail: kwoods@uk.yahoo-inc.com
e-mail: netblockadmin@yahoo-inc.com
e-mail: pdurkin@yahoo-inc.com
admin-c: KW3969-RIPE
admin-c: SCY3-RIPE
admin-c: NW503-RIPE
admin-c: NA1231-RIPE
mnt-ref: YAHOO-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

person: Kerry Woods
address: 125 Shaftesbury Avenue
address: London
address: WC2H 8AD
phone: +44 020 7131 1000
fax-no: +44 020 7131 1213
e-mail: kwoods@uk.yahoo-inc.com
nic-hdl: KW3969-RIPE
mnt-by: YAHOO-MNT
source: RIPE # Filtered

% Information related to ‘87.248.104.0/21AS15635’

route: 87.248.104.0/21
descr: Yahoo-EU-NET
origin: AS15635
mnt-by: YAHOO-MNT
source: RIPE # Filtered

Windows Embedded Source Tools for Bluetooth

This is not new, but I recently stumbled on it. If you are developing or wanting to develop for bluetooth developing for Bluetooth technology (exposing Bluetooth services, enumerating devices or services, and connecting to services) the Windows Embedded Source Tools for Bluetooth Technology program provides a Win32 API Wrapper that developers can expose in Visual Studio .NET or the .NET Compact Framework. The class library wrapper provided helps make development for Bluetooth Technology faster and easier by reducing the lines of code necessary to develop for Bluetooth Technology from hundreds to just a few and the components include:

  • Classes to create Bluetooth services
  • Classes to enumerate Bluetooth devices
  • Classes to connect to an existing Bluetooth device or service

The source code is also available for free, and there is a wiki where you can get some help. Of course, there are licence restrictions that you need to agree to.

[Listening to: Welcome To Wherever You Are – Bon Jovi – Have A Nice Day (03:47)]

VMware Player 1.0 is released

Now this is something cool that almost everyone will find very handy. If you are a developer, engineer, architect or just an enthusiast and want to play around with a few different configurations, the best way to do that is using a Virtual Machine. So if you got a hold of some beta’s or demo VM and to use it till now you had to have a licence for something along the lines of Virtual PC or VMWare Workstation. Not any more! With VMware Player, you can “play” (i.e. run) those virtual machines without buying a licence. You cannot create virtual machines using this, but you can open them and run them – perfect for the handsouts from the PDC you have been attending. Not to mention, VMware can also read your Virtual PC images, how sweet it that? So, whats your excuse for not getting this? If you are interested you can compare the various versions here and see how they stack up.

[Listening to: Have A Nice Day – Bon Jovi – Have A Nice Day (03:49)]

Update on Wireless

If you recall my previous posts about Wireless blues I have been having I did decide to get the Belkin Pre-N device. Well after a order screw up with Amazon where they delivered someone else order to me (with the correct address), I did finally get the device delivered yesterday and set it up last night. First impressions have been good so far; it seems to be working good although its only been 8 odd hours, but atleast it seems to be promising. I’ll post back here with an update this weekend – by then I would have ti up and running for about a week and can give some real world feedback. For those curious, I did upgrade the Firmware with the latest on their Web Site, and I am using only 802.11g devices to connect to this.

Whats next for Next Generation Apps?

eWeek has an interview with Don Box, where he talks about what is next from Microsoft in terms of the next-gen apps. He talks about what is most interesting in his space, between Indigo, WWF, LINQ, etc. Also what you should think of as an Enterprise Architect when designing your contracts – WSDL-First or Contract-First.