Friday, December 29, 2006

Detect Internet Explorer aka IE nag fun

A simple way to deliver content only to Internet Explorer is with the following code : 

<!--[if IE]>
HaHa you're using IE :P

Using this you can insert any code you want anywhere you want into a web page that only Internet Explorer will render.

Microsoft talks about this feature here.

Thursday, December 28, 2006

FireLog v1

This information is outdated. Please visit the official Firelog page.

Version 1.2
Released : Mar 22nd 2007

Firelog download

Firelog download backup

Firelog is a internet / firewall security "front end" developed for Puppy Linux.

Firelog v1 was released Dec 28th 2006
Firelog v1.1 was released Jan 4th 2007
Firelog v1.2 was released Mar 22 2007

The Puppy Linux forum thread for Firelog is here.

Click for full sized image !

Firelog screen menu shot

Please report all bugs to the Puppy Linux thread on Firelog

Thursday, December 14, 2006

UDP Port 25099 : Large BotNet !

Recently I was monitoring my networking traffic and noticed a lot of incoming connections from around the world on UDP port 25099. I asked the search engines about UDP port 25099 and found nothing.

Update : (3/7/2007) At some point since this post all traffic on UDP port 25099 has stopped. I imagine the botnet updated its client list and removed me from it since my computer is no longer responding to its commands.

After a bit of investigation I've come to the following conclusion.

Last week my anti-virus program picked up on a trojan and removed it. However this trojan had been in place for a while since it was stored in some backup files. It would have been found sooner but my normal anti-virus program (AVG) didn't detect it.

That trojan made me part of a bot network which uses UDP port 25099 to communicate. The other bots have no idea I've removed the trojan and continue to try and communicate with me.

Judging by the packet data right now the botnet is just trying to stay synced, I can see commands in their packets like get_peers, find_node, announce_peer.

The traffic load is fairly impressive - I would average about 1 request per second from computers around the world who are apart of this botnet.

So if you see a lot of traffic coming in on UDP port 25099 run a comprehensive virus / trojan scan on your system to make sure you're not infected.

Note : You can use Ethereal to monitor your traffic.