Do you have a tightly controlled network environment and want to know if there are additional devices on your network that don’t belong?  These rogue devices could be an unauthorized wireless access point or similar device that could cause you a lot of grief.  In the retail world it would be “a bad thing” if someone (either an employee or an intruder) wandered in to your store and plugged in a wireless access point.

So, how do you find such rogue devices?  You could ping sweep the network and portscan the results, but any hacker worth his salt will reject icmp packets anyway so that won’t do you much good.

So what else can you do?  Query your router and see every device that the router has talked to on the lan.  You’ll get the IP and Mac address of every device on the network.

You can get this data by using SNMP using the oid .1.3.6.1.2.1.4.22 and a command line tool called snmpwalk.

I wrote a script to do this for me, and I excluded the devices which I expect to be on the network.

First, make a text file named routers.txt which has the ip address of each router you want to query, one router per line.  Obviously you need to have snmp enabled on your routers and know the public community string and you need to download and install some tool to make the snmp query (I used snmpwalk from http://net-snmp.sourceforge.net) in to your system.  Then use the batch file below to get started.  Grab all the data from the routers, stick the results in a text file, then use findstr to eliminate the devices you know should be on the network – whatever’s left is a rogue device and should be investigated.  The first thing to do is use the MAC address to look up the manufacturer at http://standards.ieee.org/regauth/oui/index.shtml - maybe you’ll find the rogue device is a Dell laptop, or a JetDirect card – or maybe you’ll see it’s a Linksys device which could be an indication of a wireless access point.

Here’s the batch file:
for /f %%i in (routers.txt) do snmptable -c public -v 1 %%i .1.3.6.1.2.1.4.22 >> roguedevicescan.txt echo “Rogue Device Report – shows devices on network that are not in the standard defined range” > rogue_devices.txt

type roguedevicescan.txt | findstr /v /r “\.100\>” | findstr /v /r “\.101\>” | findstr /v /r “\.102\>” | findstr /v /r “\.103\>” | findstr /v /r “\.104\>” | findstr /v /r “\.105\>” | findstr /v /r 0\.106 >> rogue_devices.txt

I came across a new tool this week that I had never heard of: Hypertrace from AnalogX.

I was trying to traceroute to a router across the Internet and couldn’t reach the endpoint. The trace kept dying at a Shasta in the ISP’s infrastructure. With Hypertrace though, the tracert worked as expected. Check it out at http://www.analogx.com/contents/download/network.htm;and check out some of their other tools, too.

Many people still don’t understand ftp and how to use it. To make FTP usage easier for people you can embed the username and password in the URL (of course then it’s plain text, but if you’re sending it directly to someone they are going to know the password anyway).

This also comes in handy on those occasions when you need to use IE as your FTP client and it refuses to prompt your for a username and password.

Here’s the format: ftp://user:password@ftpserver.com

When you try to install a program that uses the Windows Installer in Microsoft Windows XP, the program does not install, and you may receive an error message that is similar to one of the following error messages :

* The Windows Installer service could not be accessed. Contact your support personnel to verify that the Windows Installer service is properly registered.
* The Windows Installer service failed to start. Contact your support personnel.
* Internal Error

To resolve this issue, use one or more of the following methods in the order that they are listed.

Method 1: Reregister the Windows Installer
1. Quit all Windows programs.
2. Click Start, click Run, type msiexec /unregister in the Open box
3. Click Start, click Run, type msiexec /regserver in the Open box
4. Restart your computer.

Method 2: Remove the Windows Installer files
1. Quit all Windows programs.
2. Execute msiexec /unregister in the Open box
3. In Windows Explorer, rename the following files in the %systemroot%\System32 folder: Msi.dll, Msihnd.dll, Msiexec.exe
4. Restart Windows XP.

Method 3: Restart Windows XP in Safe Mode
Restart Windows XP in Safe Mode, and then retry Method 1 and Method 2 in the order that they are listed.

For more information about how to restart Windows XP in Safe Mode, click the following article number to view the article in the Microsoft Knowledge Base: 316434 (http://support.microsoft.com/kb/316434/) How to perform advanced clean-boot troubleshooting in Windows XP

In earlier versions of Windows, the built-in administrator account is enabled by default. In Vista, it’s disabled. This is a better security practice. However, there are times when you might need to enable it (for instance, if you inadvertently removed administrative privileges from all user accounts and now can’t perform administrative tasks). Here’s how to enable it:

Click Start and type cmd in the Search box to find the cmd.exe program.
Right click cmd.exe and click Run As Administrator.
At the command prompt, type net users administrator /active:yes
Press Enter

Log off and now you can log back on with the Administrator account. When first activated, it will not have a password.
You should assign the Administrator account a password and/or deactivate it when you’ve finished using it. To deactivate it, repeat the steps above but type net users administrator /active:no