Negative Pings

I had a computer today that was having intermittent network issues. I tried a ping as a normal troubleshooting step and was surprised to receive negative ping times.

At first I was excited about the time travel possibilities but soon realized that there must be a glitch in the Windows XP machine I was working on. That's when I found several sites in Google discussing the problem. It seems that AMD dual core processors have an issue with timing between the cores.

There is a patch available, so I guess my time travel fantasies are still unfulfilled.

Microsoft DNS Vulnerability - Exploited!

If you didn't apply the registry hack on your Microsoft DNS servers yet (CERT VU#555920, Microsoft Security Bulletin #935964), now would be a good time. There is known exploit available and in use. Apparently, the Rinbot worm is now using the exploit and it's been added to Metasploit. I'd expect to see attacks pick up rather than decrease at this point.

For the blissfully unaware, the exploit uses a buffer overrun to elevate privileges. Being a DNS attack, this can allow DNS poisoning, pharming, and DOS. Since most people put the DNS server on their domain controller, an attacker who compromises your DNS server is able to compromise your Active Directory. At that point, you are looking at a very bad situation and a minimum of one very long night.

Microsoft DNS Vulnerability

UPDATE(2007-04-17): This vulnerability is currently being exploited in the wild.

Microsoft released a security bulletin (#935964) last night advising changes to Windows Server 2000 and Windows 2003 Servers running DNS.

It looks like they are recommending a registry hack to block an RPC exploit on DNS servers. Also, the bulletin states that they are working on a full fledged patch, so be looking forward to that.

Reversing an SSH Connection

Here's a way to SSH in to your server from outside your firewall. (The main site seems to have crumbled under the weight of the Digg effect, so here's the Google cached version.)

LogMeIn

Wow.

When I was looking up the links to do my last entry, I got to looking at the LogMeIn website a little closer. I found that they had a free version of their remote control program. As you recall, I was a little disappointed in GenControl because of its slow refresh. I was hoping that the LogMeIn product would be an improvement in that area.

Before I headed home for the day, I signed up on the LogMeIn website and ran a quick installation on my work computer (XP Pro, in case you wondered). My first opportunity at home found me on my laptop to see if the remote desktop experience was any better with LogMeIn. Let me tell you, I am not going back to GenControl!

Accessing my work computer from home was as simple as logging in to the LogMeIn site and choosing my work computer from the list of computers available to me (if you can call a single computer a list). LogMeIn recognized that I was using Firefox and recommended an extension to install. That one time install took all of 30 seconds (tops) and then I was accessing my work computer.

First, the refresh is many times faster than GenControl over Hamachi. You don't need the Hamachi client so you don't get that overhead. Also, you're not using VNC so there is improvement there. (VNC has never seemed particularly quick to me.)

After being pleasantly surprised by the speed, I was blown away by the features. I have a dual-monitor configuration at work. With GenControl, I could only see my primary monitor. That's easy enough to work around, but LogMeIn allows me to pan so that I can see both monitors. I can also use Y'z Dock and Dexpot remotely, neither of which worked with GenControl. LogMeIn allows me to set whether I want the remote computer to lock automatically when I disconnect, whether I want the remote screen to blank while I am connected and whether I want the remote keyboard and mouse to lock while I'm connected. I was also able to magnify the screen or shrink it.

Like with their Hamachi product, LogMeIn sells versions of their remote control software. I assume that you get more features than the Free version offers but I haven't looked into those yet. Right now, Free fits my budget and does exactly the job I need. Thank you LogMeIn.

Hamachi & GenControl - Work From Home!

I really don't want this to turn into solely a review blog. That said... Here's one more review for y'all!

Where I work, they have outsourced the administration of the WAN. Someone else is controlling the firewall, routers, etc. that connect all our buildings. I can have them make changes for me, and wait for them to get done -- or have my requests rejected due to some policy I didn't know about. Or I can take matters into my own hands.

Hamachi
Hamachi (recently purchased by LogMeIn uses P2P technology to create a secure VPN tunnel between computers. It features:

• NAT traversal


• Block ciphers and chaining modes


• Diffie-Hellman key exchange


• Public key encryption


• Message authentication codes

They are presenting it as a way to share files with friends, play LAN games over the Internet, and even IM through a secure network. I use it in conjunction with GenControl. (More on GenControl in a bit.)

Hamachi is not open source, but it is free. There is also a "Premium" version available for a cost which gives you more administrative control over your network and allows you to remove the security overhead if you cannot have any lag (i.e. gaming).

GenControl
GenControl remotely installs VNC on any computer where you have administrative access. It then removes VNC when you end the session. It's an open source offering from Gensortium. Using it with Hamachi, I can access my computer at work from home.

The problem with GenControl is that the screen refreshes are awful darn slow. Otherwise, this is a great system for patching my servers in the middle of the night without having to drive in to the office to do it!