Micronet router, broadband router or ADSL router, supports customizable port forwarding through web-based administration interface. The default IP of Micronet router is 10.0.0.2. You should see a user/password dialog. If it is your first time, the username is admin and the password is epicrouter by default.

The port forwarding configuration is in Configuration / Virtual Server on the left menu. So you have to fill 5 textboxes and choose a radiobutton as follows.

1. ID
2. Public Port - Start

Symantec has been forced to fix a "flaw" in Norton SystemWorks which could possibly allow malware authors to hide files from users. While the feature is designed to prevent SystemWorkssoftware package's NProtect feature, weaknesses in the technology could be exploited by opportunistic developers of malicious software.

The hidden directory is also hidden from most antivirus scans, including Symantec's own. This allows malware/virus writers with knowledge of the directory can easily hide their files undetected. While no exploits have been made to this point, it did not take long for Sony's rootkit to become exploited and quickly spiral out of control in weeks past.

Users of 2005 and 2006 versions of SystemWorks and SystemWorks Premier are urged to run LiveUpdate to patch the flaw, which will then allow the directory to be seen and scanned by antivirus software. users from accidentally deleting files vital to the

 

Today, I have just found that one of my machine has been hacked by unknown intruder. That machine is Rocks 4.1 which is an extension of CentOS 4.2 Final. Actually, I didn"t know that it was hacked before notification from NOC. My NOC received the notification from eBay. I am one of the team to investigate this problem. Below steps are what I do.

1. My colleage found that there were many process named `(swapd)`. Unfortunately, the executable was removed.
2. So I looked for login record using `last`. I found one weird login namely `ftpd`.
3. As I remember, I have never started any ftp service on this machine! There was something wrong with user ftpd.
4. So I opened /etc/passwd and /etc/shadow to find more information about user ftpd.
5. Sadly, it was on the last line and enabled logging in. This must be some kind of backdoor.
6. Then I tried to find out more using netstat and ps. Nothing found! This is so strange because I couldn’t use netstat -p. It seemed netstat were replaced by rootkits.
7. So I didn’t believe anything I saw and started to verify common executable like netstat and ps using rpm -V.
8. Well, they were replaced by rootkits like I thought. So I downloaded all necessary executables from another machine.
9. Next step was to see what command user ftpd had done in .bash_history. Nothing.
10. So I backed to verify history of user root. Bingo! The intruder forgot to remove history of root.
11. In the history, I found commands for preparing eBay phishing in 4 steps!
12. Create .eBay directory in /var/www/html
13. Download http://www.pishat.com/ebay.tgz and extract it in .eBay
14. Download http://www.pishat.com/neptune.tar and extract it somewhere
15. Run install script

Once I had the ebay.tgz, I looked into the code and found that it was a kind of phishing against eBay! At the last step, the victim’s credit card information will be sent to . Are you hacked? Don’t worry too much. If you are already hacked, you are hacked. You can change nothing. For me, this machine is just for installation testing so I will just simply reinstall it again and again.

มันคือ SPF ย่อมาจากคำว่า Sender Policy Framework มันจะช่วยเหลือในการป้องกัน mail จำพวก phishing จาก mail server หรือ domain ที่เราทำการดูแลอยู่รายละเอียดสามารถหาอ่านได้จาก http://spf.pobox.com/

ตอนนี้ก็มีหลายองค์กร Implement เจ้าตัวนี้กันแล้วซึ่ง mail client บางตัวก็มีการ support แล้ว เช่น thunderbird ที่ผมใช้อยู่ เพียงแต่ต้องลง extension เพิ่มเติม คือ http://taubz.for.net/code/spf/