Netstat

I have been researching info on a utility called netstat. There is surprisingly not much said about it, other than the multiple options that it support. Netstat is short for network statistics. It is a command line program. It actually comprises of many tools rolled into one. The main and default usage is to show active TCP/IP network connections. It includes incoming and outgoing connections. It will tell you the local and remote IP addresses, the port, the protocol, state of the connection, and optionally the program that opened the connection.

Netstat can show both TCP and UDP traffic. It can show the routing table. It also can show statistics for network protocols like Ethernet. The program was written by Fred Baumgarten. It is widely available on operating systems like UNIX, Windows, and Macintosh. The netstat program is allegedly replaced by the ss program on Linux machines.

One thing that might require some explaining is the state of the connection that the program displays. Here are the types of states and a description of each:
  • listening - waiting for reply from host
  • established - connection has been made
  • close_wait - the foreign host closed the connection, but you are still waiting for data
  • time_wait - you closed the connection, but it is still in a waiting state
The netstate program might show weird results if the underlying socket is changing. A good way to see what is going on is to repeatedly run netstat, possibly from a scripting program. I had mentioned that netstat can show the program that opened the connection. You can do that with the "netstat -b" option. However on Windows that requires elevated privileges.

The Mighty Nmap

Today let's talk about nmap. The name stands for network mapper. It was written by Gordon Lyon and published in Phrack Magazine in 1997. The source code was provided at the time. It is a free program. The software is open sourced. The program was originally written in the C programming language and later ported to C++. Initially it was available on UNIX/Linux machines. But it has since been made available on Windows, Mac, and other platforms.

Nmap is a security scanner. It can do a ping scan and find hosts. It can determine the operating system on the host. It can scan for ports on a machine. When it is doing port scanning, it sorts the ports into there main categories:
  1. open - a program is listening on the port and will respond
  2. closed - there is no program listening on the port
  3. filtered - no reply from host
You can use nmap to audit your firewall security. You can also use it to inventory machines on your network. As an aside, nmap can spoof the source IP address you are running it from. There are many modes of scanning it supports. You can scan a single host, a range of IP addresses, or even the whole subnet.

There was a GUI version released called NmapFE. It has been replaced by Zenmap. There is a Windows GUI version called NMapWin. There is also a suite around nmap to include the following:
  • Zenmap - the GUI version of nmap
  • Ncat - redirect sockets
  • Ndiff - compare different nmap scans
  • Nping - packet generator
Nmap uses raw IP packets for its scanning. You can ask nmap to output in XML format as an option. Nmap can be used for Black Hat purposes. When performing nefarious scans, you can tell nmap to scan slowly to avoid detection. In some jurisdictions, it is illegal to run nmap scans on machines that are not your own. Nmap has a mailing list called Nmap-hackers. LOL.

Remote Desktop with GoToMyPC

It seems like it is a small world in the remote desktop arena. Today I want to look at and talk about GoToMyPC. It is a solution developed by ExpertCity in 1998. It behaves like the pioneer PCAnywhere. Originally it required you to have a Windows machine on both ends. But now you can access a host machine running Windows or Mac. And the machine you use for remote control could even be an iPad, iPhone, Android phone, or Kindle device.

There are still some function like chatting that require Windows on both ends. But all versions support cutting and pasting text from the control machine to and from the host machine. You can drag and drop files between the machines. You can print to a machine either on the host side or the control side.

Here is some funny business. ExpertCity, the company that originally created GoToMyPC, was acquired by Citrix Systems in 2004. But Citrix Systems spun the product off later. In 2016, LogMeIn acquired GoToMyPC.

There are three tiers to the pricing for the product. The personal edition costs you $12 per month and is for a single user. The pro package is $23 per month and supports 2 computers and 2+ users. Finally the corporate edition which costs an undisclosed amount of money per year. Luckily there is a trial version, which I might take advantage of myself.

Here is how GoToMyPC works under the hood. You set up the computer that will be the host. That computer has a server that is always in contact with Citrix Systems servers. When you need to do remote control, your computer connects with the Citrix System server. That server already has a link to your host. To the firewalls and such it seems like this is a connection initiated by the host system.

All the communications are done using 128-bit AES encryption. Other platforms choose 256-bit encryption. Speaking of the competitors, TeamViewer is a free option. Strangely enough, parent company LogMeIn has a competing product too. Who knew you had so many choices to do remote desktop?

Remote Desktop by LogMeIn

Right now I am starting to research solutions that provide a remote desktop style functionality. You are off somewhere in the world. And you need to take control of a computer somewhere else. What tool(s) do you use? One such solution is provided by LogMeIn.

LogMeIn is a company founded in 2003. It was previously named 3am Labs. They have a lot of offerings, one of which gives you access to remote computers. They use a proprietary protocol to do remote desktop. The communications run on SSL over TCP/UDP. The computers involved get SSL certificates. You can control computers remotely with their software program or via a web interface.

The LogMeIn solution is a commercial one. LogMeIn is a publicly traded company. They filed for an IPO back in 2009 and are traded on the NASDAQ stock exchange. They are located in Boston, MA. However the have data centers across the USA plus another one in Europe. the company is big. They did $1B of revenue this past year. The company is worth $5B.

The company initially tried to undercut Citrix's solution. But last year they actually merged with Citrix Online. They do a lot more than just remote desktop. They have software for backups and virtual meetings. They provide support and service (VPN). One of their new toys is a Platform as a Service for the Internet of Things. How is that for a buzzword-filled offering?

I wish I could just give LogMeIn a test drive. Maybe there is an option to check out their solution without having to shell out some big bucks. Next up I want to look into competitors in remote desktop such as GoToMyPC and GoToAccess.

Janus VM

I continue to research products that help protect your Internet activity. Next up is Janus VM. This one is not as much a newly developed product from scratch. It is a bundling of some other existing products. In fact, it is an open source VMware image. It is built on top of Linux 2.6.14 (Ubuntu). The image contains products such as TOR plus OpenVPN plus Squid plus Privoxy. TOR will hide your IP address and route your traffic anonymous through the TOR network. Squid/Privoxy filters out stuff that might be going in and out of your computer.

Janus VM can help protect you when you must use an unsecure WiFi connection. It can also protect you against man in the middle attacks. Then you can surf the Internet privately. A nice thing about it is that it is easy to setup on Windows platforms. It prevents all kinds of annoyances like advertisements, banners, and popups. Originally it was released to work on Windows XP/2000/2003 as well as Linux.

Since it relies on TOR, your IP address will be masked. Your TCP traffic gets encrypted. Also DNS requests will be encrypted. Unfortunately other protocols such as UDP and ICMP are not. another downside is that development on the product ceased in 2010. TOR has since been updated, but the latest versions of TOR are not incorporated into Janus VM.

You need a Virtual Machine to use Janus VM. The install file is 20MB large. On Windows, you can run a batch file to set it up. You should choose the anonymous privacy configuration. The product is free but they ask for a donation. It is not necessarily fast. But it might help you get past firewalls that block traffic to certain sites. Some competing products are Whonix and Qubes.

Hotspot Shield

I am thinking about signing up for Hotspot Shield protection. It is a software application and service provided by AnchorFree. They are a US-based company working out of California. Essentially they provide a VPN service through their worldwide servers. They will secure your network communications.

Hotspot Shield was first released for Windows and Macintosh back in 2008. They expanded to the iOS and Android mobile markets in 2012. The main features are free. But you may be subjected to ads, a slower connection, and might not be able to use Netflix. There are paid plans that bill monthly ($13) or lifetime ($139). Be warned that the monthly plan might cause you to be nagged to subscribe for the lifetime plan.

The security they provide is, like any VPN, encrypted data. They also hide your IP address from sites you visit. Those sites see AnchorFree's server IP addresses. Of course, using TOR would be a better move to remain anonymous. AnchorFree does have some extras like warning you about malware or arriving at phishing sites.

Although they used to use industry standards such as IKEv2, I hear that AnchorFree has moved to a proprietary protocol called Catapult Hydra. Nobody else uses proprietary protocols for important things like VPNs any more. I wonder what the heck AnchorFree is doing here.

There are plugins for popular browsers like Chrome or Firefox. You can set up your system to automatically connect through the VPN when you are on unsafe WiFi. That sounds really handy. AnchorFree boasts 500M downloads of their product. Strangely enough, I hear that many people actually get speed improvement when going through the VPN. Weird.

AnchorFree claims it does not do logging of your network traffic. But they have a highly suspicious Terms of Service contract that implies otherwise. More like they will not hold onto your info after your session ends. Or they will not store uniquely identifying information about you. That is at best sketchy.

One downside to the AnchorFree plan is their service. You cannot get real time support. You got to submit a ticket, and they will get back to you at some time in the future. Might be an hour. Might be a day. People have classified Hotspot Shield as a no frills or entry level service. So you pretty much get what you pay for. Being the frugal person that I am, might just need to stick with the free plan.

TOR

I have heard about TOR for some time. The acronym stands for The Onion Router. It is free software that is written in C, python, and JavaScript. The software lets you engage in anonymous communication. It does this by sending your network communication through a network of relays. These relays are chosen randomly. The relays are manned by volunteers. At each hop, your traffic is encrypted at the application (TCP Stream) layer.

TOR was developed by guys from the Naval Research Lab. Onion Routing in general was developed by DARPA. The point is that these were born out of the government. Funded initially by them too. TOR is not backed by a non-profit corporation. There are millions of users of TOR. It is mostly used to give privacy to Instant Messaging, Chat, and web browsing.

Some machines out there only accept TOR connections. These are called Hidden Services. You can use Tor2Web, which allows you to access TOR from a normal browser without setting up a TOR network connection. Or you could opt for the dedicated TOR Browser. It is a modified version of FireFox that starts TOR background processes automatically. Some downsides of this browser are that it blocks Flash and Quicktime.

Using TOR slows you network access. You do get a circuit established through the TOR network for your use. The circuit lasts for about 10 minutes. It also can paint a target on your back, as inquiring minds can know that you are using TOR. The EFF recommends that you use TOR. It is like a replacement for everyday VPNs. TOR is limited to TCP Streaming data.