Detect conflicker in our LAN

Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free :-)

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.
[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.

Install OpenNMS on FreeBSD

Download

# cd /usr/ports/net-mgmt
# wget -c http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz

–2009-05-15 03:17:40–  http://www.geeklan.co.uk/files/opennms/opennms-164-freebsd-port.tgz
Resolving www.geeklan.co.uk… 93.97.185.103
Connecting to www.geeklan.co.uk|93.97.185.103|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 15093 (15K) [application/x-tar]
Saving to: `opennms-164-freebsd-port.tgz’

100%[=====================================================================================================>] 15,093      5.23K/s   in 2.8s

2009-05-15 03:17:45 (5.23 KB/s) – `opennms-164-freebsd-port.tgz’ saved [15093/15093]

Extract and delete

# tar xvzf opennms-164-freebsd-port.tgz && rm opennms-164-freebsd-port.tgz

x opennms/
x opennms/files/
x opennms/distinfo
x opennms/pkg-descr
x opennms/pkg-message
x opennms/pkg-plist
x opennms/Makefile
x opennms/files/opennms.in
x opennms/files/patch-maven-conf_settings.xml
x opennms/files/patch-pom.xml

Continue reading

Read chm file in opensuse

zypper camo into rescue when I need to read chm file in opensuse :

# zypper install chmsee

Reading installed packages…

The following NEW packages are going to be installed:
chmsee chmlib

Overall download size: 136.0 K. After the operation, additional 295.0 K will be used.
Continue? [YES/no]: y
Downloading package chmlib-0.39-101.9.i586 (1/2), 30.0 K (65.0 K unpacked)
Downloading: chmlib-0.39-101.9.i586.rpm [done (2.8 K/s)]
Installing: chmlib-0.39-101.9 [done]
Downloading package chmsee-1.0.1-1.13.i586 (2/2), 106.0 K (230.0 K unpacked)
Downloading: chmsee-1.0.1-1.13.i586.rpm [done (2.2 K/s)]
Installing: chmsee-1.0.1-1.13 [done]

chmsee, ready to serve me :-)

/usr/local/sbin/mysqlblasy.pl Can’t locate Archive/Zip.pm in @INC

# /usr/local/sbin/mysqlblasy.pl

Can’t locate Archive/Zip.pm in @INC (@INC contains:
/usr/local/lib/perl5/5.8.9/

BSDPAN
/usr/local/lib/perl5/site_perl/5.8.9/mach
/usr/local/lib/perl5/site_perl/5.8.9 /usr/local/lib/perl5/5.8.9/mach
/usr/local/lib/perl5/5.8.9 .) at /usr/local/sbin/mysqlblasy.pl line 1340.
BEGIN failed–compilation aborted at /usr/local/sbin/mysqlblasy.pl line 1340.
# cd /usr/ports/archivers/p5-Archive-Zip

# make install

# rehash

# /usr/local/sbin/mysqlblasy.pl
Can’t locate IO/Compress/Base/Common.pm in @INC (@INC contains:
/usr/local/lib/perl5/5.8.9/BSDPAN
/usr/local/lib/perl5/site_perl/5.8.9/mach
/usr/local/lib/perl5/site_perl/5.8.9 /usr/local/lib/perl5/5.8.9/mach
/usr/local/lib/perl5/5.8.9 .) at
/usr/local/lib/perl5/site_perl/5.8.9/Compress/Zlib.pm line 11.
BEGIN failed–compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.9/Compress/Zlib.pm line 11.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.8.9/Archive/Zip.pm line 11.
BEGIN failed–compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.9/Archive/Zip.pm line 11.
Compilation failed in require at /usr/local/sbin/mysqlblasy.pl line 1340.
BEGIN failed–compilation aborted at /usr/local/sbin/mysqlblasy.pl line 1340.
# /usr/ports/archivers/p5-IO-Compress-Base

# make install

===>  Installing for p5-IO-Compress-Base-2.015
===>   p5-IO-Compress-Base-2.015 depends on file: /usr/local/bin/perl5.8.9
– found
===>   Generating temporary packing list
===>  Checking if archivers/p5-IO-Compress-Base already installed
===>   p5-IO-Compress-Base-2.015 is already installed
You may wish to “make deinstall” and install this port again
by “make reinstall” to upgrade it properly.
If you really wish to overwrite the old port of
archivers/p5-IO-Compress-Base
without deleting it first, set the variable “FORCE_PKG_REGISTER”
in your environment or the “make install” command line.
*** Error code 1

Stop in /usr/ports/archivers/p5-IO-Compress-Base.

#make FORCE_PKG_REGISTER=1 install

# rehash

Install download manager for opensuse

Using zypper as front end tool for install download 4 x aka d4x.

# zypper install d4x
Reading installed packages…

The following NEW packages are going to be installed:
d4x-lang d4x

Overall download size: 1.2 M. After the operation, additional 2.8 M will be used.
Continue? [YES/no]: y
Downloading package d4x-2.5.7.1-70.144.i586 (1/2), 1.0 M (2.1 M unpacked)
Downloading: d4x-2.5.7.1-70.144.i586.rpm [done (29.3 K/s)]
Installing: d4x-2.5.7.1-70.144 [done]
Downloading package d4x-lang-2.5.7.1-70.144.i586 (2/2), 162.0 K (702.0 K unpacked)
Downloading: d4x-lang-2.5.7.1-70.144.i586.rpm [done (7.7 K/s)]
Installing: d4x-lang-2.5.7.1-70.144 [done]
#

Yup, my OpenSuse has d4x for sure 😉