J Wolfgang Goerlich's thoughts on Information Security
Preventing Hosts and LMHosts Tampering

By wolfgang. 18 December 2007 09:08

Some forms of malware and some attackers will modify the DNS resolution file (hosts) and the Windows resolution file (lmhosts). Basically, this would allow someone to enter www.jwgoerlich.us into their browser but be redirected to the attacker's IP address. A simple way to prevent this tactic is to turn off the hosts and lmhosts files.

You can find the files by looking in the registry.

Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
Value: DataBasePath
Data:%SystemRoot%\system32\drivers\etc

Browse to the folder specified, and right-click, set permissions. The service account (NT AUTHORITY\NETWORK SERVICE) must have read access to the folder in order to parse the files and process the name-address mappings. Set explicit permissions and deny access to the service account (NT AUTHORITY\NETWORK SERVICE). Reboot.

From then on, regardless of who modifies the hosts and lmhosts file, the DNS and Windows resolution will be protected.

Tags:

Security | Systems Engineering

Tip: Cygwin for Gzips (.gz) and Tarballs (.tar)

By wolfgang. 4 December 2007 10:35

I find the Windows shareware and nagware tools for Gzip and Tarball files lacking. Some of it is adding unnecessary clutter to my OS. Part of it is compatibility with 64-bit Windows Server 2003. I also do not want to pay for a feature that I rarely use. Since I run Cygwin, it is easy enough to drop into the Bash shell to unzip and untar.

 

Copy the file to the Cygwin home folder (C:\cygwin\home\Administrator). Then start Cygwin and run the commands to unzip and untar.

 

$ gzip –d file.tar.gz

$ tar –xvf file.tar

 

The expanded files will then be in a folder called C:\cygwin\home\Administrator\file.

 

Tags:

Systems Engineering

    Log in