The command syntax is netstat [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval] A brief description of the switches is given in Table I below. Note that switches for Netstat use the dash symbol “-” rather than the slash “/”.

Netstat usefulness

It is a command-line tool, which is very useful to check the behaviour of your network. It allows you to check all aspects of TCP/IP. It also tells you what all connections your machine is making presently. You can also check if any virus, malware or other unwanted script is making connection to other harmful sources and stealing your information through this command.

Some examples of usage of netstat command for non-professional users are:

Checking connections

TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an

This command displays protocol, the local address, the remote address, and the connection state along with port.

Table II. Description of various connection states

How to check for unwanted or risky connections?

If u doubt that there are unwanted malwares on ur system trying to establish risky connections. You can find out which programs are making connections with the outside world, we can use the command

netstat -b

Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create a written record of the connections that are made over some period of time. The command can then be written

netstat -b 5 >> C:\connections.txt

Note that as written, this command will run with five-second intervals until stopped by entering “Ctrl+c“, which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. Note that the Process ID (PID) is given. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections.

Prime reason for my love towards kasper is that it does not require you to be a software buff or security expert to use it. All you got to do is just install kasper on ur machine and it pretty much keeps covering you against all kinds of threats with the help of simple instructions and walkthroughs.

Kaspersky Internet Security 2010 contains all the usual protections found in its rivals with the exception of data backup provision. So you’ll find antivirus protection for files, email, web browsing, applications and processes.

You also get a bi-directional firewall, anti-DOS protection, anti-spam as well as anti-phishing and banner ad blocking. So, no surprises – a pretty comprehensive set of security tools.

So what’s the new version of Kaspersky Internet Security 2010 got over its predecessor? Changes are fairly subtle but worthwhile.

The already quite well developed user interface has been given a lick of paint (still green paint though) and remains easy to use for such a complex product. Other changes include antivirus protection for instant messaging (IM) sessions and a URL Advisor to combat phishing and dodgy websites, plus a ‘quiet’ gaming profile.

The major new feature in Kaspersky Internet Security 2010 is Safe Run, which lets you run suspect apps or links in a virtualised ‘sandbox’, thus isolating it from the OS. It automatically added Internet Explorer to the sandbox, a fairly logical choice.

To run the ‘sandboxed’ IE in Kaspersky Internet Security 2010 you have to click on its icon in KIS2010 and the virtualised version is denoted by a ghostly green outline to its window. While this is an interesting development, offering good protection against zero-day threats, it did whack CPU utilisation for a six, making our none-too-fast PC even slower. We also experienced a number of lock-ups of the PC using this software.

Kaspersky Internet Security 2010′s anti-spam provision is a bit better too. Spam by default prompts you to deal with messages as they arrive rather than silently and automatically deal with them, as you might find in rival IS packages.

System requirements

Windows Vista 32/64-bit, Windows XP 32/64-bit, Intel Pentium 800MHz, 512MB RAM, 50MB free HD space, CD-ROM, mouse, Internet connection, Internet Explorer 6 or higher

Final Words

Features-wise Kaspersky 2010 is a definite step-up from its predecessor. It’s always had a strong feature list but it trod lightly on our clunkier system, having little impact on performance – providing you discount the high CPU use in the Safe Run ‘sandbox’ mode. Kaspersky Internet Security 2010′s detection rates have been higher in the past but it remains a top five security bundle.

Price**

Well Now the  most interesting part. Kaspersky Internet Security 2010 is amazingly cheap at  Rs 325 for single user license and  Rs. 525 for 3 user license.

** this is approximate price at lamington Mumbai. actual price may differ.

Read more about KIS 2010 :

http://news.cnet.com/8301-13505_3-10452498-16.html?part=rss&subj=news&tag=2547-1_3-0-20

ipconfig

Ipconfig is a Console Command which can be issued to the Command Line Interpreter (or command prompt) to display the network settings currently assigned to any or all network adapters in the machine. This command can be utilised to verify a network connection as well as to verify your network settings.

www.computerhope.com/ipconfig.htm

For Windows 95,98,ME use winipcfg
http://support.microsoft.com/default.aspx?scid=kb;en-us;141698

netstat

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx

tracert

The tracert command is used to visually see a network packet being sent and received and the amount of hops required for that packet to get to its destination.

Users with Microsoft Windows 2000 and Windows XP who need additional information network latency and network loss should also consider using the pathping command.

www.computerhope.com/tracert.htm

ping

Helps in determining TCP/IP Networks IP address as well as determine issues with the network and assists in resolving them.

www.computerhope.com/pinghlp.htm

pathping

Provides information about network latency and network loss at intermediate hops between a source and destination. Pathping sends multiple Echo Request messages to each router between a source and destination over a period of time and then computes results based on the packets returned from each router.

www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/pathping.mspx?mfr=true

telnet

Telnet is software that allows users to remotely access another computer such as a server, network device, or other computer. With telnet users can connect to a device or computer, manage a network device, setup a device, transfer files, etc.

www.computerhope.com/software/telnet.htm#03

ftp

FTP is short for File Transfer Protocol, this page contains additional information about the FTP command and help using that command in Unix and MS-DOS (Windows).

www.computerhope.com/software/ftp.htm

route

The function and syntax of the Windows ROUTE command is similar to the UNIX or Linux route command. Use the command to manually configure the routes in the routing table.

www.computerhope.com/routehlp.htm

arp

Displays, adds, and removes arp information from network devices.

www.computerhope.com/arphlp.htm

nslookup

Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before using this tool, you should be familiar with how DNS works. The Nslookup command-line tool is available only if you have installed the TCP/IP protocol.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nslookup.mspx

nbtstat

MS-DOS utility that displays protocol statistics and current TCP/IP connections using NBT.

www.computerhope.com/nbtstat.htm

netsh
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netsh.mspx

One common way of using netsh is to reset the TCP/IP in Windows 2k/XP

Type this in Run or DOS Window – “netsh int ip reset”

In Windows XP you can run a graphical diagnostics by typing “netsh diag gui” into the run dialogue box. (This may take a little time to startup)

getmac

DOS command used to show both local and remote MAC addresses. When run with no parameters (ie. getmac) it displays MAC addresses for the local system. When run with the /s parameter (eg. getmac /s \\foo) it displays MAC addresses for the remote computer. When the /v parameter is used, it also displays the associated connection name and network adapter name.

Included with Windows XP, Windows 2003 Server, and Windows 2000 Resource Kit. Can be downloaded for the Windows 2000 here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/getmac-o.asp

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/getmac.mspx

Find All Active/Used IP Addresses on Your Network

There is a really neat way that you can quite easily find all active/used IP Addresses on your network without the need for any third party applications or worse, pinging each IP Address individually.

Open the Command Prompt and type in the following:

FOR /L %i IN (1,1,254) DO ping -n 1 192.168.10.%i | FIND /i “Reply”>>c:\ipaddresses.txt

Change 192.168.10 to match you own network.

]]> http://www.imrozbaig.com/common-networking-commands/feed/ 1 http://www.imrozbaig.com/difference-between-virus-trojan-and-worm/ http://www.imrozbaig.com/difference-between-virus-trojan-and-worm/#comments Mon, 06 Apr 2009 19:40:52 +0000 imroz http://imrozbaig.com/?p=369 The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often damaging effects.

What Is a Virus?

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. 

People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.

What Is a Worm?

A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver’s address book, and the manifest continues on down the line.

Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
 

What Is a Trojan horse?

A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.  Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source.  When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

What Are Blended Threats?

Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.

To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn’t just launch a DoS attack – it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.

Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time – basically it can cause damage within several areas of your network at one time.

Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.

Combating Viruses, Worms and Trojan Horses

The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. You should also install a firewall as well.
A firewall is a system that prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.

For individual home users, the most popular firewall choice is a software firewall.  A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.

It is important to remember that on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network.

Tips

1. Do not put sensitive information in your profile. Even if you make your profile private, there is no need to write down your sensitive personal information in your profile. There are numerous ways to find a fault in the privacy set by these social networking sites and then your information can be in the wrong hands. Better to be safe than sorry.
2. Do not click on any suspicious link. You never know what these links can lead to. From remote installation of a keylogger that can record your keystrokes to send you a DoS attack, every thing is possible through a seemingly harmless link. So don’t click on it unless absolutely sure.
3. Do not Download any file Unless You are Sure. Do not download a file (esp. a .exe or .zip file) unless you are sure about the content. Make sure that you have good anti-virus and anti-spyware software to guard you against any kind of attack, if happens. Do not trust a suspicious downloadble file even if it comes from a friend. He may never know that he has sent it.
4. Do not Run a Javascript in your Browser. A javascript can do a hell lot of things which are not funny. Usally people play with javascripts to make visual changes but believe me, without going into the details of cookie stealing and various such techniques, Javascript can harm you even before you will ever know.
5. Do Not Keep a Weak Password. Make sure that your password is strong enough. Do not use only numbers or only letters. Use both as a combination in random. A weak password which is easily tracable is the easiest way to hack your profile. I don’t prefer to have even personal information inside a password. Your close friends can get a way out with the things they know. Read this article which can help you in many ways.
6. Do not Install Third party applications Unless Fully sure. Live without some cool features but don’t download widgets or tools (say for Facebook or Myspace or Twitter) you are not sure of and doesn’t come from the parent site itself.
7. Beware of user-generated spam. Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people’s comment threads, for instance, and chime in with links that, if clicked on, will install malware. So beware of that too.
8. Keep Yourself Updated with Latest Security Software. A real time anti-virus scanner is very important to have if you are using internet, along with a good anti-spyware and firewall software. They can be your friends in more ways than you can think of. And yes, juice them well with regular updates.Read these articles if you are in search of good free Windows software
   • Article-1
   • Article-2

Prior to the introduction of the internet, the need for antivirus security was practically non-existent. Thanks to the fact that anyone can get in touch with anyone in the world that has a computer no matter where they are the transmission of viruses which can cause serious issues to your computer and cause not only problems with your software but also cause your hardware to become unusable has been on the rise. As a result, it has become increasingly necessary to make use of antivirus security applications in order to protect your data and your system from the damage that can be caused by the wide range of viruses.

Emails are one of the most common ways that viruses are transmitted. What makes a virus a virus is that it is a small program usually only a few lines of code that create a particular situation within the operating system. In other words, it tells the computer to do something when you do something on the computer. It could be when you open a certain type of file, when you go online, or it may just be written to attack a particular part of the computer as soon as it is activated, usually by opening. In order to protect against this antivirus security applications were created to scan emails and detect these viruses.

Downloadable files and file sharing has also opened an entirely new realm of danger for those behind the development of antivirus security to consider. It is now possible to spread a virus along multiple routes. To assist with this antivirus security now offers the ability to scan files before the file is downloaded and shell scans, which allow you to scan a single folder or file rather than the entire computer.

This is to help prevent the spread of viruses, which can lay dormant within files and activate when the program is installed. Antivirus security is not foolproof in fact, there are many ways that a virus can still make it onto your computer bypassing your security and your attempts. However, it is considerably less likely if you have, your computer protected that you are going to miss a virus. Those that activate on installation are usually picked up during scheduled scans.

When using an antivirus security program it is important to make use of the routine scheduled scan feature. This will help to ensure that you can enjoy a worry free experience when it comes to your computer and viruses. This scan should be of your entire computer. Smaller scans of incoming emails, links you visit and any incoming file download, no matter what their source should also be scanned. These scans are usually separate and part of the spot scanning for the antivirus security application. Viruses come in all different sizes and types and can have an effect on a broad spectrum of functions in regards to your computer and no matter what the type or what effect it is suppose to have all viruses can have a negative and harmful effect on your computer.

Trojan

How to Get Rid of Trojan Virus

Before we can know how to get rid of trojan virus we need to specify exactly what it is and how it differs from a normal computer virus. A trojan horse virus is a form of malware (malicious software) that leaves your computer open to attack, and derives its name from the famous Greek legend of The Trojan Horse.

The Trojan Horse was used by the ancient Greeks to trick their way into the once impregnable city of the Trojans (Troy) and secretly send in soldiers to open the gates and allow the rest of the Greek army in to take over and conquer the city.

In the same way, computer trojan viruses disguise themselves as seemingly harmless pieces of software or desired files, but then “open the gates” to other forms of malicious software, spyware, keyloggers etc…leaving you open to anything from someone stealing your credit card information, to some basement-dwelling geek gaining remote access to your computer and files. So the trojan virus’ real damage is done in its ability to compromise your computer’s security and leave it open to other dangers.

So while a normal computer virus is lethal in itself and can “mutate” and infect other parts of your system, the trojan allows other digital nasties in through the back door. The good news is that this makes it easier to identify and get rid of trojan virus.

How did you get the trojan virus on your computer?

As mentioned above, the trojan virus is often disguised as a normal looking file, so maybe it was an mp3 music file, a patch for a game, an online video, or even a jpeg image file. Either way, it’s on your computer, so how do you get rid of trojan horse virus?

Here are the 5 things you need to do right now to get rid of trojan horse virus and avoid it returning:

1. Make sure your anti-virus software is up-to-date and includes all the latest patches and virus, spyware definitions. This will be your first port of call when trying to get rid of trojan virus.

2. Run a system and registry scan to identify the evil trojan virus and then zap it into oblivion to get rid of it. Since it resides within an unimportant file you can easily delete it to get rid of trojan virus – whereas other computer viruses are more tricky to get rid of and need to be “quarantined” to stop them infecting other files on your system.

3. If you know the name of the trojan horse virus then you can check online for information on how to get rid of the trojan virus in question. Microsoft has regular updates on it’s site about trojan viruses that affect Windows machines. Online forums also provide you a wealth of information about how to get rid of a trojan horse virus.

4. You could also try to get rid of the trojan virus manually. Check your Task Manager (press Ctrl +Alt +Del on Windows) to identify any programs that may be running in the background that shouldn’t be – i.e. they started without your knowledge. If you see any such program, make a note of it’s name, click its name to highlight it and click End Task. Open your Control Panel (click the Start menu) and use the Add/Remove programs to find the nasty blighter in question and get rid of it. Be careful with this though as you may end up wrongly deleting a file that is important to your system.

5. Overall you should take a look at your online habits and see how certain actions may compromise the security of your computer and your personal information. If you use Peer-2-Peer (P2P) file-sharing networks then take extra care on what you download, and make sure everything is run through your anti-virus / spyware scanning software first, to get rid of trojan virus that may be attempting to access your system.

How many of your personal details do you enter on your computer on a regular basis? For instance, do you bank online, or pay bills or a credit card? Perhaps you buy gifts and other purchases online? According to CNN, if you use the internet there is a 90% chance that your computer is infected with spyware. How can you be sure that your information is not being viewed by a third party right now?