Western Digital WD Sentinel DX4000 Small Office Storage Server Offers a Lot of Bang for your Buck!

Looking for an affordable way to backup your files or even entire computer? How about allowing access to those files via the web? Then check this out…

WD Sentinel™ Small Office Storage Server – Connect. Protect. Collaborate.

WD Sentinel is easy to install and provides secure centralized storage, complete data protection, and remote file access for your employees while in the office or from anywhere with a network connection. Featuring hardware and software from industry leaders it delivers a reliable, secure, and easy-to-manage storage server designed specifically for small office environments.

Easy-to set up. Easy to manage.
Designed to be up and running in minutes. WD Sentinel comes with everything you need to centralize your business files. Once it’s set up, it intelligently manages drive and network status, reducing maintenance time so you can focus on your business.

WD Sentinel - Easy to set up.

Enterprise-class data protection for your small business.
Built-on proven technologies from industry leaders, WD Sentinel small office server offers your business a complete data protection solution for your peace of mind.

WD Sentinel - Data protection

Built-in remote access.
Enhance your business efficiency and productivity by enabling anytime, anywhere access to your business information. Your employees and trusted partners have secure access to your company files without the complexity and expense of a VPN solution.

WD Sentinel - Remote access

Plug-and-play installation – The easy set up process allows the small business owner or IT consultant to integrate WD Sentinel into your office network like a pro. The administration dashboard quickly guides the user through the set up process including adding users, setting up user access, creating public or private shares, and scheduling backups.

Easy maintenance – Replacing one of the pre-installed drives or adding an additional drive is as easy as changing a light bulb. Just open the door and swap out the drives. WD Sentinel does the rest. It seamlessly migrates the server to the appropriate RAID level and automatically expands the server’s storage capacity. Connected users can still access critical business data while the drive is being integrated. No data loss. No down time.

Secure remote access – WD Sentinel is perfect for businesses with employees working in satellite or home offices because you have the security of knowing all your business files are safely stored in one place and remote employees can access them from any computer with an Internet connection. WD Sentinel also performs automatic daily backups so all of the files on all the computers in the network are backed up and protected.

LCD Display panel readily offers critical information – The LCD display panel on the front of the device allows the user to monitor the system status and critical alerts.

Realtime system status through the administration dashboard – View realtime updates for drive, RAID, and network status through WD Sentinel’s dashboard, which includes easy-to-use task wizards to help the user set backup schedules, administer user accounts, and manage public and private shares.

A total solution with industry-leading technology partners – We combined hardware and software from industry leaders to deliver a reliable, secure and easy-to-manage storage server designed specifically for small office environments. WD Sentinel features:

  • WD enterprise-class hard drives – Equipped with WD’s enterprise class desktop hard drives that feature WD GreenPower Technology™ for low power consumption, cool, quiet operation, and reliable performance.
  • Intel® Atom® processor – Built with the latest Intel Atom dual core processor inside, WD Sentinel DX4000 can easily handle a small business’s day-to-day computing and file storage demands.
  • Windows® Storage Server 2008 R2 Essentials – WD Sentinel DX4000 uses the tested Microsoft Windows Storage Server 2008 R2 Essentials operating system to provide the cost effective, reliable, and scalable storage solution a small business needs to quickly and efficiently organize, protect, and share critical business data using the familiar Windows user experience.

Leading-edge performance – With dual Gigabit Ethernet connectivity, WD Sentinel DX4000 delivers read speeds up to 100 MBps through the Gigabit Ethernet interface. That’s four times faster than most network drives in this category today. For maximum flexibility there is also a SuperSpeed USB 3.0 port that offers connectivity for additional storage devices and up to 5Gb/s transfer rates.

Compatible with multiple operating systems – WD Sentinel includes the Connector software for Windows XP, Windows Vista®, Windows 7, Mac OS® X Leopard® and Mac OS® Snow Leopard®. Support for major network file-system protocols enables cross-platform compatibility and file sharing among Windows, Mac and Unix/Linux operating systems.

Stream digital media anywhere in the network – With the built-in DLNA media server, connected employees can access any shared media libraries on the network rather than maintaining copies on their individual computers. Companies can also stream digital content like videos, music, or digital signage for employees, vendors or clients using remote web access.

Comprehensive data protection.

  1. Pre-configured with WD’s reliable and durable enterprise-class drives
  2. RAID level 1/5 for protection and speed
  3. Automatic backup and restore
  4. Dual Ethernet ports provide redundancy
  5. Optional backup power supply for increased uptime
  6. Optional off-site disaster recovery protection

Guardian for Small Business support– Western Digital offers standard customer support and warranty to all WD Sentinel owners. WD Guardian Services provide additional support and warranty options for small business customers. Choose from various technical support plans and extended warranty services that work best for your business.

Ideal for

  • Creating a secure small office network for up to 25 computers
  • Protecting your critical business data with comprehensive data protection – WD drives, RAID, automatic backup, dual Ethernet ports, optional power supply and optional disaster recovery
  • Setting up automatic backups for up to 25 computers
  • Restoring files to their previous location in the event of a system failure
  • Providing secure remote access to satellite offices and employees who work remotely
  • Offering cross platform file sharing with Windows®, Mac®, and Linux operating systems
  • Connecting and powering through your USB interface

What’s in the box
Small Office Storage Server, RJ45 Ethernet cable, AC Adapter with power cord, Quick Install Guide.

Compatibility
WD Sentinel includes the Connector software for Windows XP, Windows Vista®, Windows 7, Mac OS® X Leopard® and Mac OS® Snow Leopard®. Support for major network file-system protocols enables cross-platform compatibility and file sharing among Windows, Mac and Unix/Linux operating systems.

Where to get it
Homeland Secure IT is happy to be able to provide you or your business with this awesome appliance for your network! We can combine it with offsite cloud based backup like Servosity or even MozyPro for a complete backup and disaster recovery solution. Please call us at 864.990.4748 or email info@homelandsecureit.com for more information.
1

Catch some live music & a hockey game all in one night with Dockside Band & Greenville Road Warriors

Tomorrow night, February 9, 2012, my band, Dockside, will be opening for a hockey team!

I’ve played a lot of gigs, and opened for every style of band you can imagine, but never a hockey team…

There’s a first time for everything though, so we’re going with it and we are very excited to be playing before the Greenville Road Warriors vs the Kalamazoo Wings.

We will start up at 6pm and play until the game starts, then during the two 18 minute intermissions.

This is the perfect kid-friendly venue to catch Dockside, or maybe a nice date-night adventure… Inexpensive night out!

We will be performing two of our original songs, which will appear on our forthcoming CD.

See you there!

Smile, You’re on Candid Camera! TRENDnet Security Camera Feeds Exploited

It's not paranoia if they really ARE watching you!

TRENDnet announced that upwards of 50,000 cameras, comprised of 26 vulnerable models have been identified which are vulnerable to the threat of being used for reverse surveillance.

An article on BBC.co.uk indicates that as 7 of the 26 vulnerable models have patches to faulty code already released and the owners would be notified of the available updates. The scary thing is, only about 5% of these cameras are registered, leaving tens of thousands of potential owners vulnerable.

If you are using one of these cameras in your home or business, it would be a smart move to search out the updated firmware immediately to insure your privacy remains intact.

Here is a list of the affected cameras and links to firmware updates where available.

As a TRENDnet partner, we are here to help!  If you require assistance with this or any other security related issue in the Greenville / Upstate SC area, please do not hesitate to call us at 864.990.4748 or email info@homelandsecureit.com

Are you sticking to that new year’s resolution to backup your computer or server data?

 

You were lucky enough to make it through 2011 without a catastrophic failure of a hard drive, data corruption, loss of a notebook computer, etc, but will 2012 be so kind?

If you are like so many people and businesses we work with, you are NOT backing up your data. Maybe it is too much trouble, or too expensive.

Just remember, the most expensive backup is the one you didn’t perform….

Let us help you plan a backup strategy for your company, or even your personal data. Whether it is a single notebook, or a fleet of them, a single server, or 50 virtualized servers, we have a solution for you that will fit in your budget, be easy to maintain and more importantly, easy to recover in the event you do lose data.

We have physical backup systems, such as tape based, removable disk cartridge (RDX), disk based and network based, including full backup servers which can mirror your mission critical data. We also provide multiple cloud based offsite storage solutions which we highly recommend, even if you already have on location, physical backups. Servosity, a local offering and MozyPro.

In addition, we are a Symantec partner and work closely with businesses who rely on Symantec’s Backup Exec and deduplication systems.

Using tape or removable disk storage and need a secure offsite storage provider who will help create a rotation? We can help with that. Our local partner provides a climate and magnetic controlled vault and delivery/pickup services.

End of life for tape or disk media? We partner with another local company, ShredDisk who will dispose of that media in a guaranteed unrecoverable manner.

Call us today at 864.990.4748 or email info@homelandsecureit.com and we will help you with your data situation!

SECURE IT ALERT: Something new for 2012 for Apple Mac OS X users – SECURITY UPDATES! Yippeee!

Secure IT Alert Header

Homeland Secure IT Alert

Secure IT Alert for Thursday, February 2, 2012

If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x  (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.

These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.

How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.

The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server.  Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.

A few examples:

Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.

Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.

QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.

The full update information can be found at http://support.apple.com/kb/HT5130

Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

20

Homeland Secure IT’s #LeapIntoIT Kindle Fire Giveaway will let one of our Upstate, SC friends get a new toy!

#LeapIntoIT Kindle Fire Giveaway

#LeapIntoIT Kindle Fire Giveaway

It’s that time again!  Time for us to have some fun, and help one of our Upstate, SC friends get something cool to play with.

We’ve given away stuff before, like Trend Micro anti-virus, a wireless IP security camera, a Cisco Flip Mino HD video camera, Microsoft Office 2010, and even a Microsoft X-BOX 360, but this is likely the most exciting thing yet, or at least the 2nd most exciting!

We decided that since it is a Leap Year, we will help one person leap into the tablet computer revolution by giving them one of the hottest little tablets out… The Amazon Kindle Fire!  It is far more than just an eBook Reader, it’s a smokin’ hot tablet too!  So hot, it’s on FIRE! =)

Let’s call it the “Leap Into IT” giveaway!  #LeapIntoIT

Who is eligible?

 

Anyone who can walk into the Homeland Secure IT office at 104 Mauldin Rd, STE E in Greenville, SC to retrieve the tablet in person. We will NOT SHIP IT. Also, you must not be prohibited by law from participating in any giveaway, and all that legal mumbo-jumbo. Let’s put an age restriction on it too.  You must not be older than, no wait, you must be at least 18 to participate.

Employees of Homeland Secure IT cannot play this silly game because they would never get any work done.

Past winners of Homeland Secure IT giveaways ARE eligible (Andrea, James, Hal, etc)

How do you get involved in this?

 

There is NO purchase necessary, but there are some things that you will want to do…

  • Pass through our initiation process – This is where you tattoo your forehead with the Homeland Secure IT logo. Okay, this is optional.
  • Sign up to this blog by hitting the SUBSCRIBE BUTTON over in the right-hand column. You can receive the daily blog posts in email first thing in the morning this way. And you can opt out later (after the contest is over) when you get tired of my yammering…
  • Sign up for our SUPER LOW traffic mailing lists HERE … We rarely send anything out, so you won’t be too annoyed. You can unsubscribe from either or both at anytime, AFTER the contest end date.
  • Go to our home page at www.HomelandSecureIT.com and hit the Google +1 button & Facebook “like” while you are there.
  • Go to our Google business places page and leave a review and rating (hopefully a good one)
  • Go to Merchant Circle and leave a review/rating
  • Go to Yelp and leave a review/rating
  • Go to Yahoo! and leave a review/rating
  • LIKE us on facebook HERE …     Follow us on Twitter HERE …
Please note: If leaving reviews or ratings somewhere, please only do so if you actually know something about us, we’ve done business together,  interact with us on social media, or personally know us.

 

Here is a list of ways to connect:  

http://www.homelandsecureit.com/connect.html

If you connect in a different manner and you feel it is important, email me, or tag me in a post so I can see what you have done and count that as well!

In review, it is up to you to determine how much, or how little you wish to get involved. The more ways you connect, the more chances to get this darn Kindle Fire!

How is the selection made?

 

Good question! We lay out a grid, with your each name written in it in the parking lot, and we then shoot a gerbil straight into the air, and in whatever grid the gerbil falls into, that’s our winner.

Okay, (maybe) it isn’t like that at all.  No, in fact it is not.

On February 29th, 2012, I’ll take every name/email address from our mailing lists, all the names of those who have reviewed us on Yelp, Google Places, Yahoo! & Merchant Circle, all the mentions on Facebook, Twitter, Linked-In, all the Likes and Follows on Twitter, Facebook, Linked-In, all the Google Plus +1s, and dump them into a spread sheet. Next I go to www.Random.Org and put the number of lines in my spreadsheet as the max number and generate a random number.

Whoever matches that number in the spreadsheet is contacted.

If they are out of the area and cannot get it in person, another number will be selected and the process repeated until we have a winner!

So, with that said… Let’s do this!   Leap Into IT!!!!

Handy List of Star Codes for Cisco SPA525G2 phones #VoIP #Cisco

Cisco SPA 525G2 with Sidecar

Cisco SPA525G2 with 32 button sidecar

One of the best selling phones for the small and medium business (SMB) market is the Cisco SPA525G2 phone. The entire series of SPA phones are affordable, reliable and well suited to SMB use, but the 525 G2 is the current big daddy with its color display, ability to play MP3s from a memory stick, sync to your cell phone via bluetooth, built-in bluetooth for wireless headset usage and so much more.

On every system we sell that includes the SPA 525, we get a few questions like, ‘How do you answer another extension?”, and of course we answer it, but, with such a long list of these “star codes”, I can’t remember them myself.

Cisco Star Codes for SPA525G2 Phones:

  • Call Return (*69)—Calls the last caller, regardless which extension.
  • Blind Transfer (*98)—Allows the user to transfer a call to another number  without waiting for the other party to pick up.
  • Call Back Act (*66)—Periodically redials the last busy number (every 30  seconds by default) until it rings or until the attempt expires (30 min by default), regardless which extension. Only one call back operation can be ordered at a time. A new order automatically cancels the previous order.
  • Call Back Deact (*86)—Cancels the last call back operation.
  • Call Forward All Act (*72)—Call forwards all inbound calls. Applies to primary extension only.
  • Call Forward All Deact (*73)—Cancels call forward all. Applies to primary extension only.
  • Call Forward Busy Act (*90)—Call forwards on busy. Applies to primary extension only.
  • Call Forward Busy Deact (*91)—Cancels call forward on busy. Applies to primary extension only.
  • Call Forward No Answer Act (*92)—Call forwards if no answer. Applies to primary extension only.
  • Call Forward No Answer Deact (*93)—Cancels call forward no answer. Applies to primary extension only.
  • CW Act (*56)—Enables call waiting. For example, if call waiting is turned off globally, this star code will turn on call waiting until the CW Deact code is entered.
  • CW Deact (*57)—Deactivates call waiting. For example, if call waiting is turned on globally, this star code deactivates call waiting until the CW Act code is entered.
  • CW Per Call Act (*71)—Enables call waiting for a single call. For example, if  call waiting is turned off globally, this star code will turn on call waiting for that call.
  • CW Per Call Deact (*70)—Deactivates call waiting for a single call. For example, if call waiting is turned on globally, this star code deactivates call waiting for that call.
  • Block CID Act (*67)—Blocks caller ID on all outbound calls. Applies to all extensions.
  • Block CID Deact (*68)—Deactivates caller ID blocking on outbound calls. Applies to all extensions.
  • Block CID Per Call (*81)—Blocks caller ID on the next outbound call (on the current call appearance only).
  • Block CID Per Call Deact (*82)—Deactivates caller ID blocking on the next outbound call (on the current call appearance only).
  • Block ANC Act—Blocks anonymous calls. Applies to all extensions.
  • Block ANC Deact—Deactivates anonymous call blocking. Applies to all  extensions.
  • DND Act (*78)—Activates Do Not Disturb. Applies to all extensions.
  • DND Deact (*79)—Deactivates Do Not Disturb. Applies to all extensions.
  • Secure All Call Act (*16)—Defaults to prefer to use encrypted media (voice codecs).
  • Secure No Call Act (*17)—Defaults to prefer to use unencrypted media for all outbound calls. Applies to all extensions.
  • Secure One Call Act (*18)—Prefers to use encrypted media for the outbound call (on this call appearance only).
  • Secure One Call Deact (*19)—Prefers to use unencrypted media for the outbound call (on this call appearance only).
  • Paging (*96)—Pages the number called.
  • Call Park (*38)—Parks a call on an entered line number.
  • Call UnPark Code (*39)—Retrieves a call from an entered line number.
  • Call Pickup (*36)—Picks up a call at an entered extension.
  • Group Call Pickup (*37)—Picks up a ringing call at a group of extensions.
  • Media Loopback Code (*03)—A service provider can set up a test call from an IP media loopback server (the source) to a subscriber’s VoIP device (the mirror). The test call provides statistical reporting on network performance  and audio quality.

Depending on the source’s capabilities, the SP can see packet jitter, loss, and delay (although Media Loopback cannot identify an offending hop). This helps the SP identify an offending hop that could be causing issues in VoIP calls to a subscriber. The test results can also provide audio quality scoring, which lets a SP better understand the subscriber’s experience.

Referral Services Codes—One or more * codes can be configured into this parameter, such as *98, or *97|*98|*123, and so on. The maximum total length is 79 characters.
This parameter applies when the user places the current call on hold (by Hook Flash) and is listening to second dial tone. Each * code (and the following valid target number according to current dial plan) entered on the second dial-tone triggers the Cisco IP phone to perform a blind transfer to a target number that is prepended by the service * code. For example:
a. After the user dials *98, the Cisco IP phone plays a special prompt tone while waiting for the user the enter a target number (which is validated according to the dial plan as in normal dialing).
b. When a complete number is entered, the Cisco IP phone sends a blind REFER  to the holding party with the Refer-To target equals to *98 target_number. This  feature allows the Cisco IP phone to hand off a call to an application server to perform further processing, such as call park. The * codes should not conflict with any of the other vertical service codes internally processed by the Cisco IP phone. You can delete any * code that you do  not want the call server to process.

Feature Dial Services Codes: Tells the Cisco IP phone what to do when the user is  listening to the first or second dial tone.
You can configure one or more * codes into this parameter, such as *72, or *72|*74|*67|*82, and so on. The maximum total length is 79 characters. When the user has a dial tone (first or second dial tone), they can enter a * code (and the  following target number according to current dial plan) to trigger the Cisco IP phone to call the target number prepended by the * code. For example:
a. After the user dials *72, the Cisco IP phone plays a special prompt tone while waiting for the user the enter a target number (which is validated according to the dial plan as in normal dialing).
b. When a complete number is entered, the Cisco IP phone sends an INVITE to *72 target_number as in a normal call. This feature allows the proxy to process features such as call forward (*72) or BLock Caller ID (*67).
You can add a parameter to each * code in Features Dial Services Codes to indicate what tone to play after the * code is entered, such as *72‘c‘|*67‘p‘.

Following is a list of allowed dial tone parameters (note the use of back quotes surrounding the parameter without spaces).

  •  ‘c‘ = Cfwd dial tone
  •  ‘d‘ = Dial tone
  •  ‘m‘ = MWI dial tone
  •  ‘o‘ = Outside dial tone
  •  ‘p‘ = Prompt dial tone
  •  ‘s‘ = Second dial tone
  •  ‘x‘ = No tones are place, x is any digit not used above

If no tone parameter is specified, the Cisco IP phone plays the prompt tone by default.
If the * code is not to be followed by a phone number, such as *73 to cancel call forwarding, do not include it in this parameter. In that case, add that * code in the dial plan.

 

Homeland Secure IT is happy to be a Cisco SMB Select Partner! If we can provide your business VoIP support in the Greenville / Upstate, SC area, please call upon us at 864.990.4748 or email info@homelandsecureit.com

Are you using pcAnywhere? Symantec says to cut that out… #vulnerbilities #hax0rz

If you are using pcAnywhere to remotely access your computer, you probably want to go read the “pcAnywhere Security Recommendations” posted by Symantec.

http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf

The danger is that someone so inclined could potentially access your computer through vulnerabilities exposed from old source code, and gain full access to your computer, files and your network.

To sum it up, disabling pcAnywhere is a surefire way to protect yourself and your company.

If you have questions about this or any other security issue in the Greenville or Upstate SC area, please call upon Homeland Secure IT, we can help set your mind at ease.  864.990.4748

The Dockside Band is going to be at Rendezvous on Saturday Jan-28-2012 @DocksideBand #LiveMusic #Greenville

Whatcha doing this Saturday evening? If you say anything other than, “Going out, having a great time”, then you need to consider heading over to Rendezvous on Pelham Rd, near I85 and check out The Dockside Band!

In addition to performing all your favorites, we’re going to be premiering two new songs, “Carolina Girl” and “Standing in the Dark” which will be on our forthcoming album, due out June 8, 2012.

If you would, please visit our facebook page at http://facebook.com/DocksideBand and “like” us!!!!!!

US-CERT Technical Cyber Security Alert TA12-024A warns of Anonymous DDoS attacks

Anonymous has made the news lately with their attacks on many sites, with the most prominent being government sites. US-CERT released this info yesterday:

 

National Cyber Alert System

Technical Cyber Security Alert TA12-024A

“Anonymous” DDoS Activity

Original release date: January 24, 2012

Last revised: —

Source: US-CERT

Overview

US-CERT has received information from multiple sources about

coordinated distributed denial-of-service (DDoS) attacks with

targets that included U.S. government agency and entertainment

industry websites. The loosely affiliated collective “Anonymous”

allegedly promoted the attacks in response to the shutdown of the

file hosting site MegaUpload and in protest of proposed U.S.

legislation concerning online trafficking in copyrighted

intellectual property and counterfeit goods (Stop Online Piracy

Act, or SOPA, and Preventing Real Online Threats to Economic

Creativity and Theft of Intellectual Property Act, or PIPA).

 

 

I. Description

 

US-CERT has evidence of two types of DDoS attacks: One using HTTP

GET requests and another using a simple UDP flood.

 

The Low Orbit Ion Cannon (LOIC) is a denial-of-service attack tool

associated with previous Anonymous activity. US-CERT has reviewed

at least two implementations of LOIC. One variant is written in

JavaScript and is designed to be used from a web browser. An

attacker can access this variant of LOIC on a website and select

targets, specify an optional message, throttle attack traffic, and

monitor attack progress. A binary variant of LOIC includes the

ability to join a botnet to allow nodes to be controlled via IRC or

RSS command channels (the “HiveMind” feature).

 

The following is a sample of LOIC traffic recorded in a web server

log:

 

“GET /?id=1327014400570&msg=We%20Are%20Legion! HTTP/1.1” 200

99406 “hxxp://pastehtml.com/view/blafp1ly1.html” “Mozilla/5.0

(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1”

 

The following sites have been identified in HTTP referrer headers

of suspected LOIC traffic. This list may not be complete. Please do

not visit any of the links as they may still host functioning LOIC

or other malicious code.

 

“hxxp://3g.bamatea.com/loic.html”

“hxxp://anonymouse.org/cgi-bin/anon-www.cgi/”

“hxxp://chatimpacto.org/Loic/”

“hxxp://cybercrime.hostzi.com/Ym90bmV0/loic/”

“hxxp://event.seeho.co.kr/loic.html”

“hxxp://pastehtml.com/view/bl3weewxq.html”

“hxxp://pastehtml.com/view/bl7qhhp5c.html”

“hxxp://pastehtml.com/view/blafp1ly1.html”

“hxxp://pastehtml.com/view/blakyjwbi.html”

“hxxp://pastehtml.com/view/blal5t64j.html”

“hxxp://pastehtml.com/view/blaoyp0qs.html”

“hxxp://www.lcnongjipeijian.com/loic.html”

“hxxp://www.rotterproxy.info/browse.php/704521df/ccc21Oi8/

vY3liZXJ/jcmltZS5/ob3N0emk/uY29tL1l/tOTBibVY/wL2xvaWM/v/b5/

fnorefer”

“hxxp://www.tandycollection.co.kr/loic.html”

“hxxp://www.zgon.cn/loic.html”

“hxxp://zgon.cn/loic.html”

“hxxp://www.turbytoy.com.ar/admin/archivos/hive.html”

 

The following are the A records for the referrer sites as of

January, 20, 2012:

 

3g[.]bamatea[.]com                A    218[.]5[.]113[.]218

cybercrime[.]hostzi[.]com         A    31[.]170[.]161[.]36

event[.]seeho[.]co[.]kr           A    210[.]207[.]87[.]195

chatimpacto[.]org                 A    66[.]96[.]160[.]151

anonymouse[.]org                  A    193[.]200[.]150[.]125

pastehtml[.]com                   A    88[.]90[.]29[.]58

lcnongjipeijian[.]com             A    49[.]247[.]252[.]105

www[.]rotterproxy[.]info          A    208[.]94[.]245[.]131

www[.]tandycollection[.]co[.]kr   A    121[.]254[.]168[.]87

www[.]zgon[.]cn                   A    59[.]54[.]54[.]204

www[.]turbytoy[.]com[.]ar         A    190[.]228[.]29[.]84

 

The HTTP requests contained an “id” value based on UNIX time and

user-defined “msg” value, for example:

 

GET /?id=1327014189930&msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20

 

Other “msg” examples:

 

msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20

msg=:)

msg=:D

msg=Somos%20Legion!!!

msg=Somos%20legi%C3%B3n!

msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1″ 200 99406

http://pastehtml.com/view/bl7qhhp5c.html

msg=We%20Are%20Legion!

msg=gh

msg=open%20megaupload

msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer

%20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos

msg=stop%20SOPA!!

msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not%20

forgive.%20We%20do%20not%20forget.%20Expect%20us!

 

The “msg” field can be arbitrarily set by the attacker.

 

As of January 20, 20012, US-CERT has observed another attack that

consists of UDP packets on ports 25 and 80. The packets contained a

message followed by variable amounts of padding, for example:

 

66:6c:6f:6f:64:00:00:00:00:00:00:00:00:00 | flood………

 

Target selection, timing, and other attack activity is often

coordinated through social media sites or online forums.

 

US-CERT is continuing research efforts and will provide additional

data as it becomes available.

 

 

II. Solution

 

There are a number of mitigation strategies available for dealing

with DDoS attacks, depending on the type of attack as well as the

target network infrastructure. In general, the best practice

defense for mitigating DDoS attacks involves advanced preparation.

 

* Develop a checklist or Standard Operating Procedure (SOP) to

follow in the event of a DDoS attack. One critical point in a

checklist or SOP is to have contact information for your ISP and

hosting providers. Identify who should be contacted during a

DDoS, what processes should be followed, what information is

needed, and what actions will be taken during the attack with

each entity.

* The ISP or hosting provider may provide DDoS mitigation services.

Ensure your staff is aware of the provisions of your service

level agreement (SLA).

* Maintain contact information for firewall teams, IDS teams,

network teams and ensure that it is current and readily available.

* Identify critical services that must be maintained during an

attack as well as their priority. Services should be prioritized

beforehand to identify what resources can be turned off or

blocked as needed to limit the effects of the attack. Also,

ensure that critical systems have sufficient capacity to

withstand a DDoS attack.

* Have current network diagrams, IT infrastructure details, and

asset inventories. This will assist in determining actions and

priorities as the attack progresses.

* Understand your current environment and have a baseline of daily

network traffic volume, type, and performance. This will allow

staff to better identify the type of attack, the point of attack,

and the attack vector used. Also, identify any existing

bottlenecks and remediation actions if required.

* Harden the configuration settings of your network, operating

systems, and applications by disabling services and applications

not required for a system to perform its intended function.

* Implement a bogon block list at the network boundary.

* Employ service screening on edge routers wherever possible in

order to decrease the load on stateful security devices such as

firewalls.

* Separate or compartmentalize critical services:

 

* Separate public and private services

* Separate intranet, extranet, and internet services

* Create single purpose servers for each service such as HTTP,

FTP, and DNS

* Review the US-CERT Cyber Security Tip Understanding

Denial-of-Service Attacks.

 

 

III. References

 

* Cyber Security Tip ST04-015 –

<http://www.us-cert.gov/cas/tips/ST04-015.html>

 

* Anonymous&apos;s response to the seizure of MegaUpload according to

CNN –

<http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/index.htm>

 

* The Internet Strikes Back #OpMegaupload –

<http://anonops.blogspot.com/2012/01/internet-strikes-back-opmegaupload.html>

 

* Twitter Post from the author of the JavaScript based LOIC code –

<http://www.twitter.com/#!/mendes_rs>

 

* Anonymous Operations tweets on Twitter –

<http://twitter.com/#!/anonops>

 

* @Megaupload Tweets on Twitter –

<http://twitter.com/#!/search?q=%2523Megaupload>

 

* LOIC DDoS Analysis and Detection –

<http://blog.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html>

 

* Impact of Operation Payback according to CNN –

<http://money.cnn.com/2010/12/08/news/companies/mastercard_wiki/index.htm>

 

* OperationPayback messages on YouTube –

<http://www.youtube.com/results?search_query=operationpayback>

 

* The Bogon Reference – Team Cymru –

<http://www.team-cymru.org/Services/Bogons/>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA12-024A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA12-024A Feedback INFO#919868” in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2012 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

January 24, 2012: Initial release

 

If you require assistance with DDoS or any other security need for your Greenville or Upstate SC business, please call upon us at 864.990.4748 or email info@homelandsecureit.com