Bill’s Security Blog

Howdy folks!

Episode 195 of PaulDotCom Security Weekly prompted me to revisit an old favorite, netcat (many netcat versions exist). On the episode, Ed Skoudis provided an excellent technical segment on using netcat and netcat-like relays.

The write-up at PDC is very well done, but I thought I’d work my way through the examples, and try to illustrate with more text and some graphics. If you are following the notes on PDC, be advised I am using the term pivot synonymously with relay…

The goal of this post is to reinforce my own understanding of netcat by providing an informative introduction, and help readers who may not have familiarity with netcat develop an understanding of the possibilities the tool introduces.

Background

The simple netcat session consists of two steps:

1. On one host, create a netcat listener on a specified port – sometimes referred to as the server
2. On another host, create a netcat connection to the listener created in Step 1, sometimes referred to as the client

Once established, a netcat session provides bi-directional communication. Data going in one end, comes out the other. The session does not discriminate between ‘client’ and ’server.’ The only differentiator is that the listener is created first.

A fairly contrived networking example is provided below to illustrate netcat in use.

The version of netcat used in these examples is provided with BackTrack 4, and is slightly different than the version provided with some flavors of *Nix. But the basics are the same.  If you are using Ubuntu - the -p when creating the listener is optional.  Other than that, these command should work as written.

Example 1: Simple Netcat Session

Image 1: Simple Netcat Session

In this example, Host A and Host B want to communicate. Following the process described above, Host B creates a listener in Step 1, and Host A connects to that listener in Step 2.

A slightly more complicate example is provided in Example 2.

Example 2: Partial Pivot

Image 2: Partial Pivot

In Example 2, Hosts A and B can communicate, and B and C can communicate, but A and C cannot, directly.

If A wants to send data to C, we must pivot through B.  We must use B as a relay between A and C.

This requires two netcat sessions. One between B and C, and another between A and B. Naturally, then, we need to set up two listeners (servers) and two talkers (clients).

The first session is established between B and C. This is done in Step 1 and the second part of Step 2.
Step 1) > nc -l -p 3333
Step 2.2) > nc 10.1.0.3 3333

The second session is created between A and B. This is done in the first part of Step 2 and in Step 3:
Step 2.1) > nc -l -p 2222
Step 3) > nc 10.1.0.2 2222

The key to making this pivot work, is that we must connect the output of the second session (between Host A and B) to the input of the first session (between Host B and C). This can be seen in the diagram’s Step 2. Host B issues the command to establish the listener for the communication with Host A using a pipe to send the output to the connection is it making to Host C.
> nc -l -p 2222 | nc 10.1.0.3 3333
This basically says, “listen for data coming in on 2222 and pipe it to port 3333 on host 10.1.0.3.

Perfect. Now all data sent to stdin on Host A will be sent through the pivot at Host B and to stdout on Host C.

The problem, however, is that Host A cannot see the results of whatever he sends through to C.

The challenge is that Host A’s output to B is being piped into a netcat session with C. Data coming back from C appears on the stdout of Host B! Host A never gets to see what is going on.

To remedy this, we must pipe the stdout coming from Host C to Host B to a place A can see it. If Host B has write access to a publicly accessible source (e.g., ftp server, wwwroot, etc) then problem solved. Or, we can create a third netcat session back from B to A!

Example 3: Two-way Pivot

Image 3: Two-way Pivot

This example extends the second example by simply providing one more netcat session back from stdin on B (coming from C) to Host A.

The stinky part is that Host A now has two terminal windows open:

1. A session for sending the data through the pivot at B to C, and
2. A session for receiving the results coming from C back through the pivot at B.

What we do gain, however, is that though Hosts A and C cannot talk directly, they can relay their communications through an intermediary set of hosts to accomplish the same task.

This method can be simplified.

As Ed pointed out in his Technical Segment, a shell redirect through a named pipe works quite well.

Example 4: Two-Way Pivot Using Named Pipe

Image 3: Two-Way Pivot Using Named Pipe

In Example 3, the relay, Host B, creates a named pipe, and then funnels the netcat input/output through the named pipe.

Host B issues the following two items on the command line:
> mknod bp p
> nc -l -p 2222 0<bp | nc 10.1.0.3 3333 1>bp

To analyze, let me label each part of this set of commands:
A) mknod bp p
B) nc -l -p 2222 0<bp
C) nc 10.1.0.3 3333 1>bp
D) B | C

A) mknod bp p
In step A, Host B creates a named pipe of type FIFO (p). A FIFO pipe works just like a FIFO queue – First In, First Out. This means that the first data arriving in the pipe will be the first data taken out of the pipe. This will allow us to create a writer and a reader attached to the queue. If you envision this as a line at a bank, the reader will be the bank teller, taking folks out of the queue, and the door to the bank acts as the writer, adding folks to the queue.

B) nc -l -p 2222 0<bp
In step B, the host creates a listener bound to port 2222, and uses input redirection to dump anything from the named pipe (bp) into the netcat session. When a client actually connects to this netcat session, the input will be written to stdout on Host B.

C) nc 10.1.0.3 3333 1>bp
In step C, the host creates a netcat session to host 10.1.0.3, where the output (stdout) arriving from the listener at the far end will be written into the named pipe (because of 1>bp).

What we can see now, is that the netcat listener in Step B is the reader from the FIFO queue, and the netcat session created in Step C is the writer to the queue. Perfect.

D) B | C
The final command D ties the two components together. Without using the pipe operator, the stdout arriving from Host A is still written to stdout on Host B. By using the pipe, we push stdout arriving from A into the netcat session created to Host C, just as we’ve done several times in these examples.

To illustrate the full data flow, then. Once both sets of netcat sessions are established as illustrated in Example 4, data flows through the system as follows. Data entered at Host A is sent over the netcat session to Host B where it is redirected through a pipe ( “|” ) into the netcat session Host B has created with Host C. As data comes back from Host C, it arrives at Host B, is written into the named pipe using output redirection (1>bp), where it is picked up by the netcat session Host B has with Host A because of input redirection (0<bp)

Conclusion

Skoudis goes into several deeper examples in the PDC Episode 195 show notes, and I encourage folks to read. It seems that your imagination, and the combination of your user access rights and a forgiving firewall rule-set are the only things limiting you!

The goals of this post are to:

• Strengthen my knowledge by educating;
• Assist those who may not have much exposure to netcat; and
• Help spark interest in the countless possibilities introduced!

I help you found it useful.

Bill

Background

I’m playing with one of the De-ICE pen-testing CD’s, and I came across a file that was encrypted.

The problem is, I don’t know:

• The cipher used to encrypt the file
• The password used
• Whether or not the file was Base64 encoded

Discovery

By poking around the box, I was able to determine that OpenSSL was installed.  OpenSSL will reveal the encryption commands it supports by typing:

# openssl -help

So I know the set of algorithms that could have been used to encrypt the file.

I also have a candidate set of passwords that I believe were used to encrypt the file.  These were uncovered during the pen test.

I need to figure out if the file was Base64 encoded and the cipher used.

# file encrypted_file.enc
encrypted_file.enc: data

The file is not Base64 encoded or it would be type text.  I tested this by encrypting two files, one with Base64 and one without.  The Base64 file returned type text, the other type data.

To test for the algorithm used, I tried encrypting a file and decrypting with both correct and incorrect passwords.  Only clean decryptions (where the correct password was used) result in plain text (”ASCII text”) when using the “file” command.  Decrypting a file with the wrong password results in a file with file type “data,” or something else.

This will make scripting of a solution easy.

The challenge for me is that I don’t know much about shell scripting.  Fortunately, there is a sweet resource over at the LDP - the Advanced Bash-Scripting Guide by Mendel Cooper.  It was a huge help.

What I know now:

• Candidate passwords
• Candidate encryption algorithms
• The file was not Base64 encoded

What I don’t know:

• The combination of password/algorithm used to encrypt the file.

What I want:

• The decrypted file
• The password and algorithm used to encrypt the file

Scripting a Solution

Result: decrypt.sh
Given a set of candidate encryption algorithms and candidate passwords, the script will:

• Try all combinations of password/algorithm
• Save the decrypted results in the specified directory
• Save decrypted files wiith a file name of the type <password>_<algorithm>.txt
• Run the “file” command at the end, looking for any that have type ASCII text

If the algorithm is successful, at least one file with type ASCII text will have be a valid decryption of the original file.

The file worked like a charm to decrypt the file I found.

The Code

#! /bin/bash

SUPPORTED_ALGS=(aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40)
PASSWORD_LIST=(passwd password test)
OUTPUT_DIRECTORY="/root/1_100/decrypt_output/"
ENCRYPTED_FILE="/root/1_100/encrypted_file.csv.enc"

echo "Num algorithms=${#SUPPORTED_ALGS[*]}"
echo "Num passwords=${#PASSWORD_LIST[*]}"

for password in ${PASSWORD_LIST[*]}
do
    for alg in ${SUPPORTED_ALGS[*]}
    do
        OUTFILE="${OUTPUT_DIRECTORY}${password}_${alg}.txt"

        openssl enc -d -in $ENCRYPTED_FILE -pass pass:${password} -out $OUTFILE -${alg}
    done
done

echo "Candidate files:"
file ${OUTPUT_DIRECTORY}* | grep ASCII

exit

So, I got my hands on a handy, used Dell Latitude 620 with 2GB ram for next-to-nothing.

I’m looking for something to do with it…

How about, set up a penetration testing platform complete with: safe, internal-only networking; hosts as attackers; hosts as targets; and do the whole thing for $0.00. And, how about doing the entire thing on a single piece of hardware? Sweet.

Purpose
The purpose of this exercise is to establish a safe environment to perform penetration testing on different target hosts and applications.

A single computer with host-only networking will be used to avoid sending attacks across the network where other hosts may reside.

Goals

• Establish the lab with no additional hardware or software investment.
• Ensure that the box does not leak attacks over the network.
• Provide an easy-to-maintain platform where new attackers and targets can be added or modified over time.

Basics: Establishing the virtual environment

The lab-in-a-box comprises a used Dell Latitude D620 with 2 GB ram, and 80GB hard disk space. Not a bleeding edge host, but more than adequate for this endeavor.

Software used:

• Host OS – Ubuntu Linux 9.04, Jaunty Jackalope
• Virtualization – Sun VirtualBox
• Attacker – BackTrack 4 pre-release
• Target – De-ICE Lab CD 1

Step 1. Download and install the Host OS

Download and install Ubuntu on the host. Get it up-and-running, patched, and configured to your tastes.

Step 2. Download and install VirtualBox

Virtual box can be downloaded from: http://www.virtualbox.org/

I’m using Ubuntu, there are a few kernel modules you may need depending on the version of Ubuntu  you are working with.  If you are using a different OS, do a little research.  The VirtualBox site has pretty good info on installing.

Step 3. Download the BackTrack and De-ICE ISO images

BackTrack can be found at Remote Exploit.
The De-ICE images can be found at De-ICE.net.

Step 4. Create the hosts in VirtualBox

Follow the installation instructions on the BackTrack site.

The De-ICE image is a bootable image, so you don’t need to create a big hard disk for this. I created a simple 1GB disk for it, and have the VM configured to mount the De-ICE ISO on boot. Pretty simple.

Step 5. Set up host networking

When I set up the VM’s, they had bridged networking. This means that each VM connects to the local network through the host computer. It is as though they are separate hosts on the network, and each receives an IP address via DHCP if so configured.

The problem is that two virtual machines on the same host will still communicate with one another over the LAN – and that could mean trouble.

The image below shows, in the upper-left hand corner, my BT4 VM doing an Nmap scan of my De-ICE VM in the upper right-hand corner. The window at the bottom is my host (physical box) doing a tcpdump.

Data Traveling Across Lan

As you can see from the host tcpump, the network traffic from BT4 is traveling across the net. That’s a big problem in fat-finger space.

I don’t want to be in the coffee shop and inadvertently fat finger a target and end up in the joint.

The solution, set the virtual machines to use a local-only network. In VirtualBox, this is called “Internal Networking.”

VirtualBox supports two types of local only networking. One is called “Host Only.” With this configuration, the host can still interface with the VMs, but the VMs cannot communicate off the host. This is pretty good. But I’m going for maximal safety. That is where “Internal Only” comes in. In this configuration, the virtual machines are assigned to a named network that is created by VirtualBox. Hosts on that virtual network can communicate with other VMs on that network, but not with hosts outside that network. Even your physical box (host) cannot communicate with the VMs…

Shut down and set both the network interfaces on the BT4 and De-ICE VMs to Internal Networking as shown in the screen shot below.

VirtualBox Internal Networking Setting

Note the default internal network name (in the screen shot it is “intnet”) as you will need this when configuring the VirtualBox DHCP server…

Next, we will set up the DHCP Server for the internal network. You may not need to do this step, but I’m following the instructions for the De-ICE CD which specifies that the DHCP server should be on 192.168.1.1 and have a lower DHCP lease range of 192.168.1.2. I set the upper range at 2.254 to accommodate other De-ICE CDs.

Using a terminal on the host, run the following command (all on one line):

VBoxManage dhcpserver add --netname intnet --ip 192.168.1.1 --netmask 255.255.0.0 --lowerip 192.168.1.2 --upperip 192.168.2.254 --enable

Sweet. All is well and good. Boot up the two images.

I performed two tests to make sure there was no data leakage.

First, I ran a similar test as I had above – running tcpdump on the host while running Nmap from the BT4 VM targeting the De-ICE VM.

Second, I disabled the host’s network connection and performed the same test.

In both cases the two VMs could talk to one another, but no data leakage, as shown in the screen shot below.

Internal Networking Enabled

Step 6. Have fun!

You are good-to-go. Fire up those virtual machines and have some fun!

A weekly snapshot of what’s been talked about in the IT Security realm over the past week.

Attacks

Adobe Flash ads launching clipboard hijack attack - From the ZDNet Zero Day blog:

Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.

We’ve all got Flash.  Keep it patched, though I haven’ t yet heard if there is a patch available for this attack vector.

Bypassing .NET’s ValidateRequest security feature

The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent classic web input validation attacks such as HTML injection and XSS (Cross-site Scripting).

This paper introduces script injection payloads that bypass ASP .NET web validation filters and also details the trial-and-error procedure that was followed to reverse-engineer such filters by analyzing .NET debug errors.

We have a lot of .NET here, and my team is studying this paper.

Breaking News
From the Scottish Sunday Herald, “Revealed: 8 million victims in the world’s biggest cyber heist”

EXCLUSIVE: Sunday Herald uncovers theft of data from every guest in 1300 Best Western Hotels in past 12 months
By Iain S Bruce

AN INTERNATIONAL criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western’s 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment.

This raises (again) some important issues for the IT and corporate space.  How much data should you keep about your clients, and for how long?

Now matter how good your defense-in-depth, someone will get through.  What will you allow them to find?

I’ll blog more on this later.

Older News
Students from MIT that were going to do a talk at DefCon were stopped by a court order.

Their research showed how to subvert the Massachusetts Bay Transit Authority payment card system.

As a part of court filings, their full research was included.  Court documents are public domain, so, MBTA essentially released what they were trying to hide.

On the 19th, a judge lifted the restraining order, so the students are free to talk.

Will be interesting to see what happens.

I think this is the second time in the past few months where ‘private’ information was included in court filings and hence into the public domain.

Tools

Grendel-Scan - released at DefCon, this is a sophisticated, automated, Open Source web application penetration testing tool.

It appears to rival commercial tools.

I’ll be playing with this soon, I hope.

Countermeasures

Reduce attack surface!
Why allow access to anything by anyone who doesn’t absolutely need it.

Cyber Warfare
Some discussions resulting from the attacks of Georgian IT infrastructure by Russian hackers during the past few weeks.

Conclusion seems to be: we don’t have a real definition of what cyber war is, so it isn’t really warfare.

In my mind, true cyber warfare is using attacks against IT infrastructure as a force multiplier, or as a means of applying coercive pressure to an enemy of the state.

I do not think that the attackers have to be state sponsored.

Some would debate whether or not a DDOS is an act of warfare.  I say it is if it is intended to achieve: apply a coercive pressure to an enemy of the state.

A DDOS against a critical communications network, or safety critical control system would certainly qualify.  A DDOS against a n00b’s website, perhaps not.

On the Horizon

With elections right around the corner, I’m sure we will see the debate over electronic voting heat up.

Bill

This afternoon I tuned-in to a presentation by Tripwire regarding the upcoming release of a NERC CIP policy compliance module that’s due out September 16 for their Tripwire Enterprise product.

I had used Tripwire back in it’s open source days.  Back then it was all host-based integrity checking.  And that was a Long time ago.  I kind of long for those days.  The product was simple and reliable.  Host based integrity checking, IMHO is still a cornerstone of good security, and I have yet to find a suitable small-footprint replacement.

I must admit that I fell out of touch with the product after it went closed-source and they started building a business around it.

Well, the little script that was has turned into a rather mature, end-to-end, device agnostic policy auditing and compliance solution.  Tripwire can audit firewall configurations, router configs, hosts, you name it.

Their Enterprise product is modular, allowing you to install pre-built policy checks for tons of stuff (PCI, CIS, FISMA, COBIT, SOX, ISO 27001, FDCC), or build custom checks.

The purpose of this particular presentation was to learn about a new policy compliance module geared toward evaluating compliance with NERC CIPs.

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards are given, essentially, force of law by the Federal Energy Regulatory Commission (FERC).

I don’t want my reader’s eyes to glaze over, as frequently happens when discussing the myriad of regulatory bodies in the energy space, so I’ll break it down for you:

$1,000,000 per day, per infraction for failure to be in compliance with NERC CIPs.

Let me see if I can explain that in plain English:

$1,000,000 per day, per infraction for failure to be in compliance with NERC CIPs.

The Tripwire policy module focuses on compliance for the technical CIP’s (CIPs 002 to 009, with a focus on 003, 003-6, 005, 007).

Tripwire has a matrix mapping their compliance and auditing checks against the specific NERC CIP requirements, and provides a holistic approach to auditing and assessment.

One nice feature is that where non-compliance is detected, remediation recommendations are presented that can then be attached to a change order so that technicians can implement the recommendations.

The Tripwire people also discussed their products ability to maintain the required auditing and compliance documentation for the minimum required one year.

Concerns

It wouldn’t be one of my posts if I didn’t express some concerns :)

I have two:

1) Does the Tripwire product require an installation on the devices to be audited.

Though I’m not a control system guy, I have heard that some of these devices are extremely ‘fragile’.  Certainly no one wants to install a security module that decreases the availability or integrity of a control system device.

I also get nervous because, in some cases, making any modification to a control device can trigger a rather nightmarish change control process that has serious cost and can have serious regulatory implications.

2) Does the Tripwire system generate a great deal of network load while checks are run.

Again, the worry here is that, from what I’ve read, some control networks are extremely sensitive to latency and load.

Spikes in network traffic or device load can have negative consequences.

Special consideration must be given when considering implementing an automated, scheduled auditing system.

Competitors?

Tripwire is a household name in the IT security space, but are there other solutions out there?

Certainly.

Whereas Tripwire is coming from the IT security space, Digital Bond is a control system security research and consulting outfit that, well, specializes in control system security.

Our friends over at Digital Bond have been developing the Bandolier product.

At the moment, the focus of the product seems to be heavily weighted on the assessment side.  Nevertheless, there is documentation on how to use Bandolier to test for compliance with the NERC CIP’s.

I expect that as the Bandolier product matures, automated CIP compliance reports may be generated from the product.

Conclusions

I first got interested in control system/criticil infrastructure protection when I began hearing reports of what I perceived to be complete failures of security surrounding SCADA and other control systems.

The more I research, though, I see that there is a lot of work being done in this relatively small space.

And I read more and more about vendors coming to the table.

One neat trend I’m seeing… Vendors who build control system hardware are coming to security outfits with their wares asking for help on how to make them more secure.

Now that’s good stuff right there.

Bill

Updated 20080627:

More vendors joining the automated NERC CIP compliance front:
Nexant, Promia to Offer Compliant Cyber Security to Energy Firms

Processingtalk.com posted an article describing new passive monitoring module for the Tofino security product.

Sounds pretty neat.

When it discovers a new device, it prompts the system administrator to either accept its deductions and insert the new device into the network inventory diagram, or flag the device as a potential intruder.
…
It also guides the user through creating appropriate firewall rules to allow or block messages, based on what it has learned about the network traffic.

Technical complexities such as IP addressing and TCP/UDP port numbers are managed behind the scenes, making the normally byzantine art of firewall configuration easy for the controls professional.

I guess there’s been a history of typical IT security tools wreaking havoc on control systems:

In 2005, Sandia National Laboratories released a report describing a number of serious events from use of these tools, including this example: “A ping sweep was being performed to identify all hosts that were attached to the network, for inventory purposes, and it caused a system controlling the creation of integrated circuits in the fabrication plant to hang.

The outcome was the destruction of USD50K worth of wafers”.

A concern I’d have about a product like this is the need to assume that all the systems on the network are trusted at the time you are configuring the rule set.

Another is that caution must be used when such a device is operating in the presence of safety systems.

This system has the capacity to block communication, and in a safety system, that could be hazardous.

But all things considered - much of the control system infrastructure seems to be “tough to secure” without unacceptably high cost.

Bolt-on security is rarely effective, but if the system offsets sufficient risk, they may provide the needed security.

It’s also nice to see a product that doesn’t require the user to have in-depth knowledge of protocols and firewall configuration.

If the control systems people know the devices on their networks, what they do, and which devices should be communicating to which other devices, the Tofino product may be a big help.

If that’s not the case, then the product may be of little value, and simply help provide a false sense of security.

It would be good if Tofino creator Byres Security offered some kind of auditing process to verify that users are implementing the system correctly.

Bill

How NTFS and share perms work is fragile, and easy to screw up.

Here’s a great article by Derek Melber on how they play together, and some best practices:

http://www.windowsecurity.com/articles/Share-Permissions.html

Bill

Every now and again I stumble across a tools site that knocks my socks off.

Here’s one: DNSstuff.com - every kind of tool for testing network connectivity to your site/network, right at your fingertips, right when you need it.

Queries are run from off-site, so you can really get a view of your network from outside, in the cloud.

Some tools can be used freely, and there are different fee rates to use the more advanced features, but it’s well worth it.

They have a development tools area (where they beta test new tools) and there is lots of fun stuff there…  Here’s the description of a few that caught my eye!

VectorTrace

What is this tool?

VectorTrace is unique in that it allows for traceroutes to be performed simultaneously from multiple locations and that information displayed in context of each other. For example, on initial launch VectorTrace will trace from three discrete locations and display the route taken to the requested destination.

How do the results help me?

This will allow the user to understand critical common points in the path. This will help identify the most critical points with poor performance so that you can remedy that situation by working with the administrators of that point or giving you the information to choose a better location for the final destination. As the product matures we will offer options to present the data on a map and even automate and alert on the quality of the paths taken.

DNS Traversal

What is this tool?

This tool is essentially similar to the “dig” tool and is more advanced than our nslookup. When you change your name servers and need to verify your changes are being seen throughout the world the traversal tool looks at what each root server is returning. If any are not correct then all subsequent DNS servers that look up your domain from that root server are going to be getting incorrect information.

How do the results help me?

Displays which DNS servers the world thinks are responsible for your domain and what information they are returning.

Speed Test

What is this tool?

Speed test measures the performance of your Internet connection. If you are experiencing performance issues use this tool to get a good understanding of what it really is.

How do the results help me?

Measures speed of your connection - Download/Upload/Latency

Here’s a quick rundown of some of the tools available to you:

Some free tools:

WHOIS/IPWHOIS Lookup
Country IP Range Lookup
RFC Lookup
IP Information
Traceroute

Some paid tools:

DNS Timing
WHOIS/IPWHOIS Lookup - Advanced
Spam Database Lookup
Reverse DNS lookup - Advanced
Traceroute - Advanced
DNS Lookup - Advanced
Zone File Dump
Ping
ISP Cached DNS Lookup
Top Level Domain Lookup
Web Site HTTP Headers
SPF
ASN Information
ASN WHOIS
MAC Address
SSL Examination
Find Nearby IPs 

Enjoy!
Bill

Another note I’m putting here to remind myself of something…

I’ve been experimenting with whether or not I could replace my work computer with an Ubuntu box.

Naturally, the only piece of hardware available was a 5 year old laptop :(

Add this to the startup options to boot to console:

telinit 3

Works well if your X config is screwed up and you need command-line only access.

Bill

Yes, this tool is very old, but I always forget where to find them, or what the tool is called.

Who the heck will remember fciv.  Only Microsoft would come up with a name like that.

I’ll wait for fcivapvwsp2 to come out soon…

FCIV.exe

• Instructions
• Download