Archive for May, 2006

Registry Settings Which Affect Access To Your Server

May 31, 2006

Windows NT based operating systems (NT, 2000, XP, Server 2003) use Access Control Lists (ACLs) to meter access to files and folders which are NTFS based. If your server uses NTFS (as most do), you should know how to create and modify ACLs, to allow or prevent access to specific files and folders.

Besides the NTFS ACLs, though, there are registry based settings that can affect the ability of your server to be seen, or accessed, by clients on the network. These settings work in addition to, or in spite of, the ACLs.

  • The Hidden setting will explicitly instruct the browser to not enumerate your server.
  • The restrictanonymous setting will affect the ability of your server to be enumerated by the browser, and the ability for it to be accessed by clients using the Guest account.
  • The RestrictNullSessAccess setting will affect the ability of specific shares to be accessed by clients using the Guest account.

If you are experiencing problems with visibility of, or access to, your server, and more obvious settings or personal firewalls are not the problem, check these registry settings.


RestrictNullSessAccess and Your Server

May 31, 2006

The separately discussed restrictanonymous setting will interfere with file sharing, in your Windows Network, by preventing your server from being enumerated (“seen”) by the browser. There are other settings, though, that can interfere with Windows Networking, in other ways.

The ability to allow / prevent unauthenticated clients, to access named shares, is one such setting. If your server provides share access thru Guest, whether in Simple File Sharing, or in Advanced File Sharing with Guest-only access, access to some or all shares can be blocked by this setting.

The RestrictNullSessAccess setting, which is a value in the registry key [HKLM\System\CurrentControlSet\Services\LanManServer\Parameters], was originally part of Windows NT, and before the concept of Guest authentication in Windows 2000 and XP. The default / undefined value is “0”, which says “Do NOT restrict share access to unauthenticated (Guest) clients”.

If set to “1”, however, you can designate specific shares (and named pipes) which will override the setting and allow access. The registry value NullSessionShares, in the above key, will then contain a list of shares that may be accessed by unauthenticated (Guest) clients.

This setting, if incorrectly made, will override any ACL entries which authorise Guest access. If your server depends upon Guest authentication, and this setting is in place, you will have problems with providing access to any, or all shares on the server.

Attribution:Information about this setting was provided by Mike Brown. Thanks, Mike!

Checking and Reducing StartUp Time On Your Computer

May 30, 2006

Windows XP is a lot more stable than any previous operating system. With a computer running Windows 2000, and before that Windows NT, if you ran a lot of tasks on it, you learned from experience to restart the computer regularly. Improved system stability reduces that need. This is good, because even with the advanced startup procedures in Windows XP, which make it startup faster than any previous operating system, it still takes too long. So I keep my main computers on 7 x 24.

But what if you can’t keep your computer on 7 x 24? What can you do then? Well, no computer will start instantaneously, but you can reduce startup time substantially. One of the best ways to reduce startup time is to remove unnecessary tasks.

Now some folks will advise you to get rid of unneeded services. They advise you to take a look at a mirror of Black Viper (the god of NT services analysis). You can turn off a lot of services that aren’t needed, and save some startup time.

Many folks, though, will note that their computers started out fast, when they were new, and gradually got slower. Now that’s not a services problem – you don’t accumulate services as you use your computer. There are a very finite amount of services, as Black Viper’s website will show.

The problem here is unnecessary user programs, loaded to start automatically. When your computer starts up, and takes a long time to load the desktop, it’s starting programs that you loaded onto your computer. In many cases, these programs are ones that you didn’t intentionally set to load at startup.

You can start with education and research. Autoruns, MSConfig, and StartUp Control Panel will all show you what programs are set to load at startup. And, if you like, you can even use malware anaylsis programs, like HijackFree and HijackThis, to identify autostart entries.

All of the 5 tools identified above – Autoruns, HijackFree, HijackThis, MSConfig, Startup Control Panel – will list some amount of programs that start automatically. They’ll all differ in what they show, and how they show it. But they all have one common failing – none of them show which tasks take the longer amount of time to start.

If you are going to figure out which tasks you should not allow to autostart, you have to know which tasks cause the long autostart times. There are two tools that I use for this purpose. Microsoft produced Bootvis long ago, and in typical Microsoft tradition stopped distributing it. But you can get it from MajorGeeks or SoftPedia, or others (just Google on “download bootvis” for a list).

My favourite tool, for this purpose, is Process Explorer. One of the metrics, under View – Select Columns, on the Process Performance tab, is Start Time. By sorting on Start Time, you can get a neat log of the startup sequence of each system and user task. You can even export the log to a text file. Exporting the log to a text file makes the final step in this process a lot easier.

If everybody using a particular computer is experiencing slow startup, look for common tasks. Simply eyeballing a Bootvis or Process Explorer log should give you some candidates for removal. If everybody in the domain is experiencing slow startup, look at the domain setup too.

If some users complain, but other don’t, then do some relational analysis. Compare two users on one computer (with problems noted), and then on another computer (no problems noted). With a total of 4 test cases, you should easily find the offending programs, and banish them from startup. Comparing the Bootvis or Process Explorer logs will make this task a lot easier.

If I Was A Hacker

May 24, 2006

If I was a bad guy, and I probed a range of addresses, with a bogus connection attempt, I’d expect any one of 4 possible returns from each of the addresses probed.

  1. “Address unreachable” from the upstream gateway.
  2. “Connection refused” from the router or firewall.
  3. Reply from target, from an unstealthed computer or router.
  4. No response, from a stealthed computer or router.

If I were a true hacker (not a cracker or script kiddie), I think I’d prioritise my hack attempts based upon those results.

  1. “Address unreachable” = You can’t hack what doesn’t exist.
  2. “Connection refused” = Interesting, but there’s so many responding that way.
  3. Reply from target = Boring.
  4. No response (stealth) = Now we’re talking. A true challenge. Thinks he’s invisible, eh?

I’d go after #4, then #2 and #3, in that order. Security By Obscurity = No Security.

Rename Your Blog? I Don’t Think So!

May 19, 2006

I said earlier DO NOT Delete Your Blog. I will now add to that advice.

DO NOT Rename Your Blog.

At least, do not rename your blog using the simple Dashboard procedure

  • Settings
  • Publishing
  • Type in new name for “Blog*Spot Address”

as suggested by Blogger For Dummies.

Why? Redirect Trouble

  • We know the bad guys are actively hijacking deleted blogs, to recycle the search engine visibility that they have gathered.
  • From the problems discovered to date, it’s pretty certain that they are using automated techniques – not just searching by hand.
  • It’s pretty likely that any computers being used for the searching are hijacked, ie bots.
  • The reliablity of individual bots is pretty low. Bots are Lossy. At any time, a botted computer might be:
    • Cleaned up by the legal owner.
    • Disconnected from the network.
    • Turned off.
    • Lose Internet service.
  • Blog hijacks, and Spam Blogs (“splogs”) are big business. The bad guys have access to bot armies, counted by the thousands.
  • It takes not too much imagination to see two (or more) bots finding an “abandoned” blog (deleted, or being renamed), and simultaneously try to hijack it. I’d be surprised if there wasn’t even some competition by the bad guys, just as the hackers compete to build up the largest bot armies.
  • What might happen if two (or more) bots try to hijack a blog simultaneously? Well, I’d be extremely surprised if there is any queing or non-lockup mechanism built into bot code. Why should the bad guys care about problems? Their object is just to hijack blogs. In WiFi networking, it’s called a collision. In this case, it’s a corrupted blog.
  • See A Blogger Security Problem?, for some possible real cases.

Prove me wrong. Please.

Adding A Google Sitemap To Your Blog

May 15, 2006

By adding a Google sitemap to your blog, you can more easily submit your site to the Google search engine spider. You get better coverage by the spider, than by submitting your blog thru the former procedure. You’ll also get detailed statistics about how Google sends traffic your way, and how the Google spider sees your blog.

NOTE: This article started out as a link to the Blogger-Tricks Adding Google sitemap to your blog. I think the instructions here will be just a bit clearer though.

  1. If you don’t have a Google account yet, you’ll need one. GMail is free, and Google Groups is a vital resource for problem research. Anytime there is a problem with your blog, you should be posting into Google – Blogger Help.
  2. Sign in to your Google account.
  3. Go to Google Sitemaps My sites.
  4. In the Add Site box, enter the URL to your blog, and hit OK.
  5. You will get a message:

    Your site has been added to your account. Verify your ownership to view detailed statistics and errors for it.

  6. Click the link for “Verify” under “Site Verified?”.
  7. This will take you to Verify site ownership.
  8. In the Choose verification method… pull down list, select Add a META tag.
  9. This will generate your site verification META tag. Highlight and Copy the text from the box.
  10. In a separate window, edit the template for your blog. Paste into the template, in the heading section, as in this example:
      (meta name="description" content=".......")(/meta)
      (meta name="keywords" content=".......")(/meta)
      (META name="verify-v1" content="......." /)
      (style type="text/css")
  11. Save Template Changes, then Republish.
  12. Go back to Verify site ownership, check I’ve added the META tag in the home page…, and hit Verify.
  13. This will take you to Summary. Part of the display will include:

    Potential indexing problems:

    Some of your pages are partially indexed. [?]

    We do not know about all the pages of your site. Submit a Sitemap to tell us more about your site.

    Select the link Submit a Sitemap.

  14. This will take you to Add Sitemap.
  15. In a separate window, go to Settings for your blog. Under Site Feed, copy the Site Feed URL.
  16. Go back to Add Sitemap. In the Choose type… pull down list, select Add General Web Sitemap.
  17. Now check the following entries:
    • I’ve created a Sitemap in a supported format.
    • I’ve uploaded my Sitemap to the highest-level directory to which I have access.
    • My Sitemap URL is:

    Into the box for Sitemap URL, paste the Site Feed URL copied immediately above, and hit Add Web Sitemap.

You are now done with the initial add process.

Whenever you make changes to your blog, use the form below.

Enter the blog feed URL (from step 15), and hit Ping Google Sitemaps.

Using Public WiFi Networks

May 12, 2006

Setting up and using WiFi, as an alternative to Ethernet in your home, is a tricky project. Wifi will never be a true alternative to Ethernet.

There are things that you can’t control, as a domestic WiFi LAN owner.

  • Noise on the channel (analogue interference).
  • Neighbors sharing the WiFi spectrum (digital interference).

When you take your portable computer to the local coffeeshop, you are still subject to the problems of a domestic WiFi LAN. You have additional problems too, issues that you (as a mere customer) can’t control.

  • Security used by the hotspot, to control access, and to keep the customers safe.
  • Other customers at the hotspot (digital interference).
  • The Internet service used by the hotspot.

These issues all apply after you are connected to the hotspot.

Security Issues – and the Initial Connection
Initial hotspot connection is a big issue. And authentication / encryption is a part of the connection problem.

  • Authentication identifies you to the hotspot Access Point, letting only those who have legitimate access use the network. Authentication prevents unauthorised active use of the network.
  • Encryption encodes the network activity between your computer and the access point, so no hackers can snoop on your activity. Encryption prevents unauthorised passive use of the network.
  • WEP, which is the original standard for WiFi security, only provided encryption, with a static encryption key. The hackers figured out how to break the key, so WEP was dismissed as insecure.
  • WPA / WPA2 has several versions of authentication and encryption. You will probably use the simplest in your home WiFi LAN: WPA-PSK with TKIP. PSK is a pre-shared key, similar to the key used in WEP, but more complex. TKIP is an encryption protocol which starts off by using the pre-shared key, but changes the encryption key regularly, to keep hackers from breaking the key. By preventing unauthorised access (by using authentication), and snooping (by using encryption), a WiFi LAN is safer.
  • At most big hotspot chains, like T-Mobile, they have dismissed using WPA (or even WEP), because it’s a pain to setup and to manage. If you setup a home LAN, you will (should) use WPA or better, because you control the LAN, and because you need to keep YOUR LAN (with maybe some non-WiFi computers even) secure. But how can you do that, if you don’t control or can’t meet the customers and their computers?
    • Not every Starbucks customer, with a laptop, is capable of setting up a WPA client, without help.
    • Very few hotspots have anybody on staff, even remotely proficient in setting up WPA security, and available during store hours.

With most hotspot chains, the hotspot AP itself will be open. You connect to the hotspot, THEN you authenticate using your credit card (or maybe a token provided by the store running the hotspot). Using a hotspot provides challenges similar to, but not limited to, those involved when using a public computer.

To really understand the differences between WEP / WPA / WPA2, and open (with credit card / token), authentication, you have to start with some understanding of the OSI network model, and network layers.

  • WEP / WPA / WPA2 authentication and encryption occurs at layer 2, the Data Link layer. Data link authorisation / encryption occurs between your computer, and the hotspot Access Point, with a mere minimum of information transmitted in the clear (ie visible to any hackers). Based upon the WPA shared key and settings on your computer and on the Access Point, a lot of initial conversation takes place, between your computer and the access point, that you don’t see.
  • Open, followed by credit card / token, authorisation, involves a brief initial conversation, between your computer and the access point, that you don’t see (layer 2 again). This is followed by with some portions of the transaction transmitted in clear (unencrypted), and readable by any nearby hackers.
    • Initial connection to the hotspot AP is open to anybody. This eliminates the need for setting up WEP / WPA authentication for each WiFi customer.
    • Once a (Layer 2) connection between the AP and a client computer is established, you the customer see a “Please Login” screen in your browser, and can either enter a credit card number (if connectivity is open to everybody paying), or a token (if connectivity is sold by the store running the hotspot). Generally, the browser will use an encrypted protocol between the browser and the hotspot; if so, you will see the familiar padlock icon in your browser. This allows you to use your credit card with some degree of security (but still be careful).
    • Since you have an open connection (with maybe the credit card transaction encrypted), any Internet use will be unencrypted. Whatever you do with your browser, or any other Internet traffic, is available for snooping by any nearby hackers.
  • Any Internet activity between your home LAN (or a public access point) and a distant Internet server, unless transmitted securely (with the padlock), is open to any Internet snooper. Traffic volume on the Internet is immense though, and merely snooping Internet traffic is likely to be a waste of time. With a properly setup home network, all WiFi traffic between your computer and the access point is encrypted; with a hotspot, this may not be the case. A hacker, snooping local traffic on an unprotected WiFi LAN, is much more likely to pick up relevant secrets from unwary customers.

Don’t be an unwary hotspot customer. As with using any public computer (and even if you carry your own computer with you), protect yourself when using any LAN that you don’t control.


Other Customers at the Hotspot

As discussed in my other articles, you have to share the bandwidth. If there are other customers at the hotspot, they will be accessing the Internet too. If they are just browsing the web, and you are doing likewise, you can likely share just fine.

If either you or another customer is using a hotspot to download large music or video files, the other customers may suffer from degraded service. As with any WiFi LAN, depending upon how the hotspot is setup, those with intense network activity (such as downloading large files) may cause unfairly degraded service for the other users.

  • Don’t go to a crowded hotspot and download large files during peak use periods.
  • Don’t be surprised when your network performance drops during peak use periods.


The Internet Service Provided By The Hotspot
As in your home, the quality of the Internet service provided, to any hotspot, may vary. Cable broadband based Internet service will vary depending upon time of day (and Internet access by the cable customers who are immediate neighbours to the hotspot). DSL based Internet service will vary depending upon the distance from the hotspot to the telephone connection office.

Issues like the WiFi channel used, which you would change at home to avoid interference by the neighbours, will be ones that you won’t be able to control. And service outages, that you can only report to your ISP from home, you won’t be able to report to the hotspot service provider. They will affect you, nonetheless.

If It’s Not One Thing, It’s Another

May 10, 2006

Today, Blogger seems to be up.

But try posting to Google Blogger Help.

The latest post there is about 3 hours old now.

  • When trying to post a reply, I get an error bidding me to email
  • That gives me botmail.

    Thank you for taking the time to write us. If you have questions or feedback about Google Groups, please visit our Help Center, which will provide you with quicker answers to your questions. The Google Groups Help Center is located at After searching and browsing the Help Center, if you’d still like to contact us, please click on the contact link at the bottom of the Help Center, select the topic that best describes your question, and send us a message.


    The Google Team

  • I filled out a second form at, and got back more botmail.

    Thank you for your interest in Google Groups Beta. We’re actively developing this service and your feedback is important to us. This is just a note to let you know we’ve received your email, and you’ll hear from us soon.

    To further assist our users, we’ve created a Google Groups Help Center, where you can search or browse our available support information. If you haven’t already, please check out the Help Center at

    We’ll be updating the Help Center frequently based on feedback and new developments. Thanks again for your feedback and for using Google.

    The Google Team

  • I have to keep reminding myself this: Why do I do this?

Update, 5/10 23:00: Looks like Google – Blogger Help is back in business.

Update, 5/15 11:30: I JUST got an update from Google Help:

Google Help to me

Thank you for your note. We reviewed the “Blogger Help Group” and everything is working well. When posting to this group, please make sure to log in to your Google Account by clicking the “Sign in” link on the top right-hand corner of the page.

If we can assist you further, please let us know.

The Google Team

Identifying A DNS Problem In Your Internet Service

May 10, 2006

DNS, which lets you translate a host name or URL into an IP address, is a key process in Internet use. Sometimes, though, it doesn’t work. You try to browse to, and you get a cryptic

Firefox can’t find the server at


We can’t find “”

or worse, sometimes the classical

404 Not Found

Now the above 3 examples could have been caused by any of several scenarios.

  1. Host doesn’t exist.
  2. Host isn’t operational today.
  3. Your DNS (that translates into an IP address) isn’t working.
  4. Your MTU setting is causing a problem with accessing
  5. You don’t have Internet connectivity.

What to do now? Well, if your Internet connectivity is down, you’ve got a lot of work to do. But, if you can access any other web sites, or if you’re otherwise certain that your service is not the problem, then make sure that your DNS is working. To do this:

  • Find out the IP address of the web site. There are various web sites all over the Internet that will let you use their DNS servers, thru your browser. I use 2 web sites, consistently, and keep their URL and IP addresses available.
    1. All Net Tools, by IP address: .
    2. All Net Tools, by name: .
    3. DNS Stuff, by IP address: .
    4. DNS Stuff, by name: .

    I use either of those two web sites; in case one goes down I use the other. And, if I’m researching a DNS problem, I access either one by its IP address. Finally, given the possibility that one or the other might change its IP address, I can hopefully resolve its name, using the other website. So, I keep all 4 addresses handy.

    • For All Net Tools, I enter the web site URL into the “SmartWhois” window, and hit Enter or Go!.
    • For DNS Stuff, I enter the web site URL into the “DNS lookup” window, and hit Enter or Lookup.
  • Conduct a simple 4 step test. In this example, I’ll target, which uses (among many others) Feel free to use whatever web site, for your testing, that pleases you.
    • Clear all caches, to ensure consistency.
      • Clear DNS cache. From a command window, enter “ipconfig /flushdns”.
      • Clear the cache in your browser.
        • From Firefox, Tools – Options – Privacy – Cache – Clear Cache Now.
        • From Internet Explorer, Tools – Internet Options – Temporary Internet files – Delete Files.
    • From a command window:
      1. Ping
      2. Ping
      3. Note success / exact text of error messages.
    • From your browser:
      1. Browse
      2. Browse
      3. Note success / exact text of error messages.
  • Now, consider the results of the tests.
    • If you see a difference between both IP address accesses, as compared to both named accesses, you very likely have a DNS problem.
    • If you can ping (with a successful return), but not browse, with identical results for IP address and name, you may well have an MTU setting problem.
    • If you see a combination of results, you may need to research BOTH a DNS and MTU problem.

Note: If the above tests aren’t conclusive, consider the ubiqitous LSP / Winsock corruption problem.

You Have To Share The WiFi Bandwidth

May 8, 2006

The most common networking medium today is Ethernet. The most popular Ethernet uses 4 wires, 2 for sending and 2 for receiving, to provide 100M full duplex bandwidth. The equivalent to 100M Ethernet is 802.11g WiFi, which provides 54M half duplex bandwidth.

If you have just 2 computers with Ethernet adapters, the simplest thing to do is to connect both with a cross-over cable. If you have 3 or more computers, you’ll likely get a switch or router, and connect each computer to that, one Ethernet cable / computer. With full duplex switched Ethernet, you’ll get a total of 200M bandwidth in each conversation between a pair of computers – 100M sending, and 100M receiving. As you add computers and Ethernet cables, the total bandwidth provided by your network grows. This is why we say that an Ethernet network is scalable.

Wifi, on the other hand, is not scalable. With your computers connected thru WiFi adapters, whether directly to each other (ad-hoc mode), or to a WiFi router (infrastructure mode), all computers must use the channel together. No matter how many computers you have – 2, 3, or more, your computers will have to share the channel. And if your neighbour has a WiFi LAN on that channel, your computers will have to share the channel with your neighbours WiFi LAN.

By saying “share the channel”, I am saying that, when your WiFi router is transmitting, no other computer or router within range of your router can transmit. Only one device – computer or router – can transmit over any channel at any time.

To share the channel, a WiFi device uses a strategy called Carrier Sense Multiple Access/Collision Aviodance (CSMA/CA). CSMA/CA, which is similar to a strategy previously used by classical (pre-switched) Ethernet, is not an efficient strategy.

  • Each WiFi component has to listen to the channel for some amount of time, before transmitting, to ensure that nothing else is currently transmitting. Precious portions of your 11M (54M, 128M) bandwidth are wasted, when listening.
  • Even with each WiFi component listening to the channel before transmitting, it’s always possible to have a collision, when two or more components pick the same time to start transmitting. When there’s a collision, both components will have to retransmit; more of your bandwidth is wasted, when retransmitting.

With Ethernet, if you use the proper equipment and design your network within limits (mainly, with each computer connected, by no more than 100 metres of Cat-5 or better cable, to the router or switch), you’re pretty much guaranteed 100M bandwidth. With WiFi and CSMA/CA, the general estimate is that you will get 1/3 – 1/2 of the stated bandwidth. And that only involves your computers and router, with your router managing the relationship. When your neighbour’s WiFi LAN becomes involved (and both routers have to manage a peer-peer relationship), your channel availability, and bandwidth, drops further.

There are 11 802.11b channels, each capable of providing up to 11M of bandwidth (the maximum again). Using 802.11g, we get 3 channels, each capable of providing up to 54M of bandwidth. Note that even with these 3 channel groups, and the “Empty” channel between each, total lack of interference between adjacent channel groups is not a certainty. Analogue noise, created by adjacent channel use, never drops to “0”, just to an acceptable level.

802.11b    802.11g
1 - 3      Bottom ("1")
4          Empty
5 - 7      Middle ("6")
8          Empty
9 - 11     Top    ("11")

Now, 802.11b and 802.11g are ratified standards. Each manufacturer of standard equipment designs it to perform in a predictable way, so if your WiFi router has to share the channel with a router made by another manufacturer, it will perform properly. But 802.11g doesn’t provide enough bandwidth, so the manufacturers are now working on a new standard, 802.11n. The new standard is not yet ratified by the various WiFi vendors, and this will limit its effectiveness.

As you increase the effective size (area / volume) of your WiFi neighbourhood, your WiFi components will be able to detect (“see”) more WiFi networks using any channel. Since only one WiFi device can transmit at any time, your WiFi network will spend more time waiting to use the channel. When simply waiting becomes unsuccessful, it will spend additional time recovering from collisions. More waiting / collisions = less effective bandwidth = slower file transfers. Pure and simple.