Wisedigs

The service might be missing. Throw the following in an elevated command prompt:

sc create wscsvc type= share start= delayed-auto error= normal binPath= "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" depend= RpcSc/WinMgmt obj= "NT AUTHORITY\LocalService" DisplayName= "Security Center"

sc sdset wscsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

If you want to build your own custom firmware for the Belkin N1 router this guide will explain how to do it for the F5D8232-4 v2. The others should be similar. I will explain this using the Debian distro. The reason for this is the cross compiling tools used by belkin are Debian only executables. You can create your own cross-compiling tools for Cygwin, Ubuntu, Suse, etc if you prefer them over Debian (or you happen to have a box setup) and then use this guide to assist you through the rest of the process.

Cygwin is not recommended as it is very slow and you will spend many minutes twiddling your thumb while it compiles.
Read the rest of this entry »

I try to find logical arguments for both sides of a story. Sometimes I find myself in no man’s land because at times that is best. Other times I find myself partial to one side. Then as time goes on that changes to being heavily biased or the complete opposite.

The story of Apple. Truly a company that has done wonders. Not in it’s technological advances, certainly many before have accomplished something very similar, but in it’s tactics in increasing market share and hijacking customers and building a huge fan-base. No one even comes close to the strides Apple has made there. Their strategy wasn’t very complex at all:

• give the users something nice to look at
• give the users choices, but not too many choices
• give the users freedom, but not too much freedom
• give the users belief that they have the best, then release something better

Few can blame Apple for this. How many companies have this much control over so many people? None. When you are in a position like this, what do you do? You milk it for all it’s worth. As a smart business man you realize that what goes up must come down. In Apple’s position you want to make enemies. Enemies unwittingly produce allies. Not any sort of allies. The sort of strong, strongly opinionated ones that believe they have their own reasons for their decisions, unlike the others.

Ethically speaking, you can argue Apple’s tactics are disgusting. Things like purposely disabling features to await a future release of a product. Or handicapping older hardware to highlight advantages of owning the latest model. Or cutting corners during the manufacturing process to maximize profits. Or have the confidence that you can charge customers whatever you desire, knowing that they will buy in regardless.

How many people would buy the exact same laptop twice, or three times? What if you were to release a laptop without video output or a DVD drive, and then release one later on that has video output, then one yet again with both? Given enough time, the dedicated consumers will eventually buy all three.

Eventually users will catch on. How long will it take? Who knows. People can’t be stupid forever.. or can they.

If you are looking for a solution, head to the end of this article.

With the coming of Vista Microsoft decided it was time for them to rewrite the networking layer in the Windows operating system. Like it or not, what networking started out as being in the days of Windows 3.11 has changed drastically. Unfortunately, the new implementation is not perfect and that is easily justifiable.

Rather than explore the boring details we will jump to those that are responsible for millions of gray hair strands all over the IT world. The first being Receive Window Auto-Tuning. In previous versions of Windows, the TCP Receive Window (RWIN) was a constant you set it once and live with it regardless of your connection speed fluctuations. Now you are asking, what the heck is RWIN? In one sentence, it is the amount of packet data that can be transmitted to the receiver without waiting for acknowledgment. If you aren’t familiar with TCP, every packet sent must be acknowledged by the receiver. As packets are acknowledged they are removed from the receive window and new packets are loaded and transmitted.

An example to explain RWIN and its impact on bandwidth: Imagine the receiver is far away and I need to send him a 1000KB file. Let’s say RWIN is 10KB, and I, being the sender, can transmit 10KB in 10ms. It takes the receiver 20ms to receive 10KB. I initiate the sending and it takes me 10ms to saturate the receive window. Now I am waiting for the receiver to acknowledge. Total time spent by the sender waiting is 30ms! And the process repeats until the entire file is transmitted. We can improve this it seems. Let us set RWIN to 30KB. Now it takes me 30ms to transmit 30KB. By the time I have sent the last packet, I am receiving acknowledgments for the first packets. I can continue transmitting constantly without delay until I am done!

The above example illustrates the importance of an appropriately configured RWIN. In an ideal world, the PC should keep track of multiple RWIN values. This is because every network is loaded differently, with varying capabilities and latencies. A proper networking implementation should keep track of all the paths it has been to and keep track of the ideal RWIN values for each. Of course this solution is not ideal (given infinite resources, the impossible becomes possible) and we have to resort to a single possible value for RWIN at any given time.

Windows XP’s implementation of RWIN was quite primitive. With Vista and 7, Microsoft have introduced an auto-tuning layer for optimizing RWIN based on delay and transmission quality and probably 100,000 other variables. The good? Terrific for large high-latency WANs and local area networks. The bad? There is a “setting period” for autotuning. Beyond this setting period it remains somewhat permanent, until something drastically changes or traffic increases to one particular destination. This leads to strange behaviour at times, with data transmitting very quickly and poorly. To explain this one needs to examine the network packets with autotuning enabled/disabled (this is explained later).

Open up a command shell (Start > Run > cmd or Windows Key+R > cmd) and let’s take a look at your TCP settings:

C:\>netsh int tcp show global

netsh is the network shell, it contains almost every network setting one can imagine. The parameter we are interested in is “Receive Window Auto-Tuning Level”. It is probably set to “normal”. You can experiment with four possible values:

• normal
• highlyrestricted
• experimental
• disabled

To set it to one of the above values:

C:\>netsh int tcp set global autotuning=disabled

Check the globals again to make sure it has set. If you see a message at the bottom with something about heuristics it means the value is being overridden. To disable heuristics:

C:\>netsh int tcp set global heuristics=disabled

Upon modifying any TCP settings, a restart is required.

So when does this setting really matter? For the average user, it is probably just fine as it is. But if you use your PC as a server this might impact you significantly. The best way to determine what is best for your computer is to test systematically. And to really see autotuning at work, get a copy of Wireshark (PortableApp version recommended) and monitor those packets. Ideally you want to test local transfers and WAN transfers with access to both sender and receiver.

Everything in this article also applies to Windows Server 2008 and 2008 R2.

First time (in a long time) coming across a machine infected so badly that it took several hours to repair. The usual routine is download your favourite antivirus, update, scan, done. Then windows update, done.

It wasn’t so easy in this case. All antivirus websites were blocked. I checked the obvious: hosts file, proxy, tcp/ip dns settings, network protocols, nothing. Still could not get to any antivirus website. Everyone one of them blocked, no man left behind.

To add to the fun, the computer was randomly locking up. Windows would freeze, but the mouse and keyboard would continue to function. At first I thought it was the CPU overheating. The CPU heatsink was clogged with crap from here to china, and the owner was obviously a very heavy smoker. Cleaned the heatsink, slapped on some Arctic MX-2, reinstall and now I was ready to continue the battle.

After I don’t know how many hours I decided maybe I should stop trying to get past the DNS issue and focus on the real issue. Then I got the idea to test for rootkits. Downloaded Rootkit Revealer, it showed a few things, among of which was UACd.sys. From the name it sounded fishy, and when I looked it up and it was none other than a rootkit.

After a bit of googling, Combofix to the rescue. Detected the rootkit, and it claimed to have cleaned it after several reboots. Open firefox, same thing. Cannot hit any of the antivirus websites. Checked with Rootkit Revealer, at least the UACd trojan was gone.

I decided I need to get around this DNS issue, I recalled the name of McAfee‘s standalone scanner: Mcafee Stinger. Googled it, found the file on a mirror not blocked by the virus, download, run. Within a few seconds, this pops up: Conficker.c!mem detected. It didn’t take much googling after that to find out this PC had all the symptoms mentioned in the Conficker advisory articles. Now I needed to get rid of it. Remember I couldn’t access any AV sites or Microsoft’s website among others, so this wasn’t going to be easy.

I found a few Conficker removal tools, all were useless. My guess is because of all the versions that exist of this virus: Conficker.A, Conficker.B, Conficker.C, and Conficker.D. Finally I found one on Symantec’s website, Symantec Conficker Removal Tool – D.exe (for some reason, they refer to it as W32.Downadup). Except I was viewing the article using Google’s cache, and the download link still resided on Symantec’s website.

I found a website called Megashare which actually lets me upload from a URL. I gave it the URL to Symantec‘s tool, uploaded it to their servers. Had to wait 10 seconds for “free” access, finally was able to download the file. When it ran, it had a simple interface with no information at all. I clicked scan and it began scanning every file on the PC.

As the tool was running, I kept clicking through some of the search results and came across one genius who had suggested that there is a way around the blocked DNS requests. The command was net stop dnscache. Conficker infected the dnscache service, by shutting it down you force every request to come directly from the DNS server, bypassing the dnscache layer. Lo and behold, sophos.com was accessible, microsoft.com and every other antivirus website.

Finally when Symantec’s Conficker Removal Tool completed successfully, it happily reported 11 infections cleaned successfully. Rebooted, everything appears to be working successfully. I started doing the routine things, downloading/updating AV, and installing Windows Updates. And by the way it wasn’t the CPU overheating causing Windows to hang, it was the Conficker virus.

Many lessons learned. Including the fact that I can survive a 48 hour period with less than 4 hours of sleep.

One might ask the following obvious questions:
1. You freaking n00b. Why didn’t you just format?
- I wanted a challenge, I hadn’t had one in a while.
2. How much time did this consume?
- You don’t want to know
3. Why didn’t you download the av files on a different PC, put them on a flash drive and run them on the infected PC?
- General rule is, when a PC is infected you don’t put rewritable storage on it because it can get infected too.
4. CD/DVD then?
- Too lazy to get up and grab my laptop.
5. Network share with readonly access?
- See response above.
6. Why not use a website like proxybrowsing.com?
- Similar to google cache. Usually they don’t let you download files through the proxy.
7. Is Conficker real?
- Some people say he hides in the shadows, others say he has eyes like Jay Leno. All we know is: he doesn’t like pandas.

Finally had a chance to install linux (Ubuntu 9.10) on a personal computer. After 15 years of the Windows GUI (Graphical User Interface).. I can say I am not as dissappointed as I thought I would be. That means it left a not unpleasant taste, which is a good thing.

The GUI is much snappier, and you don’t waste time waiting for silly effects plaguing today’s top Operating Systems (OSes). When you run, it runs. When you stop it stops. I love that! Package management is sweet, I don’t need to spend time googling my software when most of it can be had from the OS. Nobody beats linux in customizability, something everyone should know by now. I can even say they went over the top with the features, checkboxes, and textbox fields. This needs to improve for linux to recieve widespread support from the uneducated portion of users.

When you have been using Windows exclusively (mostly) for the majority of your IT life, you “feel” the OS and it becomes very predictable. With linux, I find this predictability instinct to be useless because I just can’t feel it. I don’t know what to expect or when to expect it. I don’t know where things will appear and what the most suitable response is. This is not a bad thing, it is just different.

The one thing I can feel is the hardware has the opportunity to breath. With windows you feel like your laptop is a stressed out over-the-hill single mom. With Ubuntu it’s like an athlete ready to run the telethon. Your harddrive isn’t forever reading/writing, your memory isn’t consumed by things you don’t understand, and your CPU fan isn’t running at max speed because your CPU patiently awaits the next gentle request.

Am I ready to ditch Windows? Not by a long shot. You have nice and you have usability and convenience. Linux is “nice”, but hugely impractical for someone that has many dependencies on silly programs. It’s not a great surprise that many corporations choose linux as their primary server OS. It is also not a great surprise that windows is the #1 preferred end-user platform in the world.

Thank you Linux for the alternate experience.