MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
February
Sun Mon Tue Wed Thu Fri Sat
         
13
 
2008
Months
Feb


Wed, Feb 13, 2008 10:53 pm

Configuring SNMP on a Netopia R7220-T Router

To configure SNMP on a Netopia R7220-T router, take the following steps:

  1. From the main menu, select System Configuration.
  2. 
                               Netopia R7220-T v4.6.2
    
    
                         Easy Setup...
    
                         WAN Configuration...
    
                         System Configuration...
    
                         Utilities & Diagnostics...
    
                         Statistics & Logs...
    
                         Quick Menus...
    
                         Quick View...
    
    
    
    
    
    Return/Enter displays options for the system.
    You always start from this main screen.

    From the System Configuration menu, select SNMP (Simple Network Management Protocol)....

    
                                  System Configuration
    
    
                         Network Protocols Setup...
                         Filter Sets...
                         IP Address Serving...
    
                         Date and Time...
    
                         Console Configuration...
    
                         SNMP (Simple Network Management Protocol)...
    
                         Security...
    
                         Upgrade Feature Set...
    
    
    
                         Logging...
    
    Return/Enter to set up basic SNMP options (Community Strings, Traps, etc.).

    From the SNMP Setup window, specify the desired SNMMP configuration.

    
                                      SNMP Setup
    
    
             System Name:
             System Location:
             System Contact:
    
    
             Read-Only Community String:        public
             Read/Write Community String:
    
             Authentication Traps Enable:       Off
    
             IP Trap Receivers...
    
    
    
    
    
    
    
    
    Configure optional SNMP parameters from here.

    You can put in whatever name you would like to use for the router in the System Name field, e.g. Netopia Router and then hit Enter to advance to the next field, where you can specify the location, e.g. 1020 Maple Street. Hit Enter to fill in the System Contact field. The default read-only community string is public. To prevent others from accessing information from the router, you can provide another community string. You can provide a read/write community string as well, if you like. If you want authentication traps sent to another device, enable authentication traps and specify IP trap receivers. Otherwise, you can leave these as is.

    You can return to the main menu, if you wish, by hitting the Escape key until to back up through the menus.

    If you want a free program to monitor the router via SNMP from a Windows system, try PRTG Traffic Grapher. It is fairly straight-forward to set up and can even install its own webserver on the system on which you install it. If you already have webserver software running on the system on which you install it using port 80, PRTG will automatically set up its own webserver at port 8080. Or you can choose a different port, if you prefer. You can specify userids and passwords granted access to the webserver, where the PRTG graphs are displayed.

    [/hardware/network/router/netopia] permanent link

Wed, Feb 13, 2008 9:25 pm

FTP Attacks from 221.130.187.49 and 202.57.128.159

The system became unresponsive for a time. I ran kripp and found two systems conducting FTP brute-force password guessing attempts.

ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: poiuyt [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]

ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: 123go [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 000000 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Airhead [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: oracle [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Braves [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: library [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Sparky [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: linux [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: angela [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: unix [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: brandy [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: amanda [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: cindy [F]

I blocked the 221.130.187.49 system with route add 221.130.187.49 reject . I then checked DShield to learn if it has been observed attacking other systems. The DShield report for 221.130.187.49 showed it was first reported engaged in hostile activity on 2008-02-11 and the last reported incident was today 2008-02-13. The IP address is a Chinese address. When I checked the IP Details for the ports the system was attacking, I found it was listed only for port 21 attacks, i.e. FTP attacks.

It was also listed at myNetWatchman. The Incident Detail report for that IP address at myNetWatchman showed the system had been attacking other systems on port 21 and port 22 (SSH) as well from February 5, 2008 onwards.

I then checked the second system attacking, which was 202.57.128.159.sta.isp-thailand.com. The IP address for it is 202.57.128.159. Note: a reverse lookup on 202.57.128.159 yields a Fully Qualified Domain Name (FQDN) of 202.57.128.159.sta.isp-thailand.com, but a forward lookup on 202.57.128.159.sta.isp-thailand.com does not yield an IP address.

I ran an nmap scan of it to see what operating system it was running. I got the following results:

# nmap -P0 -O 202.57.128.159

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 202.57.128.159.sta.isp-thailand.com (202.57.128.159):
(The 1588 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
80/tcp     open        http
111/tcp    open        sunrpc
135/tcp    filtered    loc-srv
137/tcp    filtered    netbios-ns
199/tcp    open        smux
443/tcp    open        https
445/tcp    filtered    microsoft-ds
3306/tcp   open        mysql
4444/tcp   filtered    krb524
8009/tcp   open        ajp13
8080/tcp   open        http-proxy
10000/tcp  open        snet-sensor-mgmt
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20

Nmap run completed -- 1 IP address (1 host up) scanned in 173 seconds

Visting http://202.57.128.159/ with a browser showed "Welcome to web4.thaibestserver.net".

When I checked DShield for any reports on hostile activity for that IP address, which is a Thai address, I found it was first reported engaged in hostile activity on 2008-02-08 with the most recent report dated 2008-02-09 (see IP Info (202.57.128.159)). The IP Details 202.57.128.159 report showed all of the incidents to be FTP attacks.

There was also an Incident Detail report for it at myNetWatchman, which also showed the system engaged in FTP attacks from February 6 onwards.

I blocked it with route add 202.57.128.159 reject. I also turned off the FTP service on the system, since it isn't needed at the moment.

[/security/attacks] permanent link

Wed, Feb 13, 2008 3:41 pm

PrimoPDF Producing Zero Byte Files

I installed PrimoPDF 3.0 on a system. PrimoPDF provides free PDF converter software that will allow you to "print" documents to a PDF file. After installing the software, I could print to PDF files without a problem from the administrator account from which I installed the software, but when I printed to a PDF file using the PrimoPDF "printer", I would receive the error message below:

Adobe Reader
Adobe Reader could not open 'http.pdf' because it is either not a supported file
type or because the file has been damaged (for example, it was sent as an
email attachment and wan't correctly decoded).

OK
 

When I checked the PDF files produced by PrimoPDF, I found they were always zero bytes in size. When the files were being produced I would hear an error beep.

An Error after converting posting at the PrimoPDF Forums, suggested giving the Users group on the system full control of the directory into which PrimoPDF is installed.

From the Windows Explorer, I right-clicked on the directory under Program Files into which I had installed PrimoPDF and chose Properties. I saw that the Users group had only read access, i.e. only the read & execute, list folder contents, and read permissions were granted to the Users group for that folder.

Note: you can use the cacls command to check permission from the command line, e.g. cacls "\program files\primopdf", if the installation directory was \program files\primopdf. You will see BUILTIN\Users:(OI)(CI)R. The R at the end indicates that the Users group on the system, to which all normal user accounts belong, has only read access to that directory.

If you are logged into an account that is a member of the Administrators group on the system, you can right-click on the directory and choose Properties to reset the security permissions. Click on the Security tab, then select the Users group under "group or user names", then grant Full Control.

Since I was logged into a normal user account at the time I encountered the problem and had a lot of windows open and didn't want to have to close all of them, logoff, logon as an administrator, logoff, logon to my user account again, and then reopen all of the applications and files I previously had open, I used the cacls command to reset the permissions. To use that method, you need to take the following steps, if you are currently logged into an unprivileged user account.

  1. Open a command prompt window as the Administrator. On Windows XP systems, you can do so by going to C:\WINDOWS\system32\ and right-clicking on cmd.exe while holding down the shift key (if you don't hold down the shift key at the same time, you won't see the "run as" option). Then select Run as. Click on The following user and put in Administrator, or some other account with administrator access, for the user name, and enter the appropriate password. Then hit Enter or click on OK. A command prompt window will open with Administrator credentials.
  2. Enter the command cacls "\program files\primopdf" /E /G Users:F to give all users of the system full control of the directory where you installed PrimoPDF, presuming that you installed it in \program files\primopdf. Granting full control of the directory means they can add or delete files in that directory. The Users group will still only have "read" access to the dll and exe files in the directory, though. The /E means "edit the existing Access Control List (ACL) rather than creating a new one and the /G grants access for the account or accounts specified as a parameter. The F at the end grants "full" access. You can enter cacls /? for help with the cacls command. You will see something like "processed dir: C:\program files\PrimoPDF", if the command is successfully executed.

[/os/windows/software/pdf] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo