LogParser, Event Logs, and Vista

LogParser is one of my absolute favorite tools, particularly for doing incident response.  I use it a lot to extract and order data into a timeline (hmmm…that’s a good topic for a future post). When I moved to Vista, I found one annoyance, though.  The log file format in Vista has changed from *.evt to…

3

Rating Music (iTunes Edition)

I have a large collection of music, all of which is (finally) in iTunes.  I’d like to rate all of it but it’s somewhat cumbersome to flip back and forth from whatever app I’m in to iTunes in order to click on the little star icons while I’m listening to music. I was thinking about…

0

Detecting ARP Spoofing Attacks

After investigating an ARP spoofing incident recently, I started thinking of how we could easily ferret out this sort of information when responding to a potential incident. In this particular case, there were two important parts of the attack: ARP spoofing forced all traffic bound for the default gateway to be funneled through the infected…

3

Microlending

I commute about 90 minutes a day, total, on an average day.  I spend most of the commute listening to some combination of local talk radio (WBT 1100), NPR, Fox, and the BBC World Service.  I think of it as a sort of yin-yang radio diet. Yesterday afternoon, Marketplace on NPR had a fascinating segment…

0

ARP Cache Poisoning Incident

I recently worked on an interesting incident response with several of my colleagues.  The problem, as defined by the customer, is that the following code is being injected into some websites (both external and internal to his environment) that his users are surfing: <iframe src=http://<redacted>/ 123.htm width=0 height=0></iframe>  The page referenced (123.htm) includes a link…

4

Reboot

  I started blogging on MSDN back in 2004 with the best of intentions.  I was working with the Engineering Services team as ‘the network guy’ and I was involved in a lot of interesting cases working with our customers on deep networking issues, so I felt I had something to offer to the world…

0