Now that there already are some AKU3 devices (mostly MS Smartphones) on the market (for example, the HTC Dash (see for example this excellent Smartphone Thoughts review), and I, as I know quite much about Bluetooth, network sharing (I’m the author of the one and only POST-capable, free HTTP network sharing proxy for the Pocket PC) and connectivity issues of Windows Mobile devices, have been receiving a LOT of related questions (see for example this), I have decided to update my well-known Use your Pocket PC Phone Edition as a modem for your other Pocket PC's” tutorial so that it contains AKU3-related information and to also explain why dial-up connections in the latest, AKU3 version of WM5 behave completely different from earlier operating system versions.
This article will be of extreme interest to anyone using their Microsoft-based phones (let them be either full Pocket PC’s or “just” MS Smartphones) as cellular (GPRS / EDGE / UMTS / HSDPA etc.) modems because it explains everything about this subject, including the changes over the old model.
1. The most important changes, connectivity-wise
There are major changes in the connectivity model of AKU3 when it comes to serving clients that would like to use a Windows Mobile phone as a modem via either Bluetooth or infrared. In the following two subsections, I elaborate on both connection forms.
1.1 Bluetooth: No BT DUN profile any more
In AKU 3+, the Bluetooth DUN (Dial-up Networking) profile is no longer supported at all, only the PAN (Personal Area Network). Now, it’s via BT PAN’s that cellular-only network connections are shared and you have no access to DUN functionality any more.
This means clients discovering AKU3-based Windows Mobile phones will NOT see as modems, unlike with operating system versions prior to AKU3. This means that instead of seeing this (Microsoft BT stack) and this (Widcomm BT stack), you will see this (with the MS BT stack as clients) and this , this and this (three Widcomm-based clients (iPAQ 2210, hx4700 and the Pocket Loox 720)).
The latter screenshots, in essence, show you won’t be able to use Windows Mobile phones with Microsoft BT stack-based clients as the latter have no BT PAN support at all – along with a lot of other types of devices. That is, not so many “client” operating systems (“client” refers to devices that would like to use Windows Mobile phones to access the Net) support the (quite advanced) BT PAN profile as the “traditional” BT DUN dial-up method.
In the following subsections, I elaborate on the PAN compatibility issues both desktop and handheld OS’es. After that, I elaborate on other, related issues like port forwarding and convenience issues.
1.1.1 Desktop OS’es and BT PAN compatibility
On Microsoft Windows desktop PC’s, there is no difference: even the MS BT stack supports joining already-existing BT PAN networks as has been explained, say, here.
On Linux and Mac OS, however, the situation is vastly different: in some cases, only DUN is implemented in some Linux distributions; so is the case with the different Mac OS versions as far as I know as is also pointed out here.
1.1.2. Handheld OS’es and BT PAN compatibility
As far as Pocket PC’s are concerned, the situation here is far worse than that of the desktop Windows case. Here, it’s only the Widcomm/Broadcom BT stack that has always supported BT PAN. The Pocket PC-based Microsoft BT stack doesn’t have any kind of BT PAN client support as can also be seen in this screenshot. This shows PPC MS BT stack clients don’t see any profiles that would make it possible to access the net via AKU3 Phone Edition (or MS Smartphone) devices. Opposed to this is the pre-AKU3 case where DUN was still visible as can be seen in this screenshot (from the already-linked pre-AKU3 article “Use your Pocket PC Phone Edition as a modem for your other Pocket PC's! - a full tutorial”)).
Non-common Bluetooth stacks (like the ones that come with old BT cards – for example, see the original drivers that come with the Belkin F8T020 card – see this for more info) don’t support PAN either (they only support DUN).
Other (non-Windows Mobile) clients that can only use the DUN profile include Palm OS devices (the Palm OS’ BT PAN capabilities are really bad – Lan Access is, theoretically, supported via BT, but not in practice), some (not all! For example, the Sharp Zaurus has BT PAN support) Linux devices (for example, the Nokia 770), some mobile devices with proprietary operating systems (for example, some Garmin GPS units/computers) etc.
1.2. What do you need to know about infrared support?
It, unfortunately, no longer exists in the new Internet Sharing program, as opposed to the old Modem Link.
Right now, on some pre-AKU3 devices like the Wizard (but unlike, say, the Universal, which also has Wireless Modem (WModem)) Modem Link is the only way to use a PPC PE device as a modem over infrared (IrDA). Unlike “traditional”, “dumb” GSM phones, while these devices are also seen as “modems” for other IR devices when Modem Link isn’t active (I’ve elaborated on this, say, here), they can not be used as modems for actual dial-ups without explicitly starting the Windows Mobile phone in infrared modem mode.
The new Internet Sharing only works via USB / BT PAN as can be seen for example in this screenshot of Internet Sharing – the IrCOMM in the drop-down menu is gone, as opposed to that of Modem Link.
By completely abandoning Modem Link, this only way to connect to the outside world via infrared will also be gone. This means you will no longer be able to use AKU3 devices as infrared modems that don’t have additional programs (for example, Wireless Modem) to be used as infrared modems.
Note that some other PPC PE devices (for example, the HTC Universal) have the IrDA-capable WModem, which, currently, is almost the same as Modem Link (except for some fancy receive / send “LEDs”) and, again, still in pre-AKU3 times, seems to be quite redundant (“why double the functionality?”). This redundancy won’t, however, be the case after moving to Internet Sharing (if and when the Universal receives an official AKU3 upgrade) any more, when it’ll be the only phone app with IrDA capabilities.
What’s the point in sticking with IrDA, you may ask? Why not USB or BT instead? The answer is simple: many, for example, Microsoft BT stack-based Pocket PC devices only have IrDA to communicate, even high-end devices like the Dell Axim x51v (if the latter may not use BT DUN any more because of the lack of the BT DUN support in the modem). The same stands for pocket-sized computing platforms like many Palm OS, Linux and Symbian devices – if they contain BT at all, they are unlikely to support PAN.
With the switch to AKU3, none of these non-BT PAN / non-USB-capable clients will be able to access the Net via a PPC PE / MS Smartphone modem any more via infrared either on devices that only have Internet Sharing and not additional connectivity apps like Wmodem.
1.3 Port forwarding issues, running server-side / like apps
With a decent mobile operator (about 20-30% of them are like so; for example, in the UK – see this), which doesn’t use a proxied (“hidden”) networking approach but assigns the connecting client device a “real”, unique, connectable-from-the-outside-world Internet address, you can use so-called “server-side” applications. Don’t be afraid of this, this isn’t geeky stuff: these include absolutely common programs; for example, FTP clients (with non-passive FTP transfers), IRC applications (DCC send from a device only works with server-like devices), RealOne stream playing, incoming remote controller (Pocket Controller, VNC etc) connections etc. Using (or at least trying to use) these are all very common with non-geeks too.
(Please also see this and this for more info on these questions. I also recommend this for a list of what I mean by “server-like” applications on Pocket PC’s – there are quite a few of them which are REALLY useful even on PPC’s, let alone PC’s.)
This means eliminating server-like functionality support on a PC (or even a Pocket PC) connected to the Net via a PPC PE device certainly isn’t welcome. Therefore, it’s a very important question whether a connected Windows Mobile phone forwards all the incoming requests to the connected client, as was the case in pre-AKU3 times.
While Internet Sharing (that is, the new program that makes it possible to share mobile connections with BT PAN clients) doesn’t offer any kind of configurable port forwarding capabilities, unlike the built-in Windows XP Internet Connection Sharing (ICS) I’ve elaborated on several of my ICS-related articles, Microsoft – very wisely! – has paid special attention to properly implement this functionality.
When an AKU3 device shares its Internet connection (over USB, BT PAN and infrared if the given phone has the Wireless Modem / WModem applet), it puts the client to a DMZ (“DeMilitarized Zone”). Then, all incoming requests will be forwarded to the client. I’ve tested this with both playing RealOne streams over GPRS (on a client Pocket PC) and sending DCC files on IRC from client Pocket PC’s and desktop XP’s (to test the USB connection with the latter).
Note that when internet sharing is active, you won’t have server functionality on the phone itself, “only” on the connected client. This is much smaller a problem than the complete lack of using a DMZ (if Microsoft hadn’t implemented port forwarding via using DMZ); with the lack of DMZ’s, no server functionality would be accessible on the client at all. Of course, when you disconnect the client from internet sharing, on the phone, you will be able to use server-side functionality (listening to RealOne streams etc) again. It’s only when Internet Sharing is actively sharing the connection that all incoming connections are auto-forwarded to the client that uses the phone as a modem.
I’ve also tested the DMZ in “leaked” (XDA-Developers) ROM versions (for the Himalaya, Wizard and Universal – click the links for more info). DMZ works with them too via both USB and BT PAN.
1.4 Convenience issues because of the changes in the Bluetooth networking approach
In addition to the above-explained difference in using Windows Mobile-based phones as modems to access the Net, there are some new convenience issues you must be aware of when using AKU3 via Bluetooth (but not via infrared / USB ). These can be pretty annoying if you’ve always liked the “you don’t need to touch the modem at all when you want to dial in to the Internet” in operating system versions prior to AKU3.
Every cloud has a silver lining, though. In some respects, the new, AKU3 connection model is far easier to use through USB. I’ll elaborate on this in the last subsection.
1.4.1 BT convenience issue one: Firing up Network Sharing on the phone
First, let’s have a look at how the old model (prior to AKU3) supported dialing in the Internet via Bluetooth.
When the PPC PE device is used through the standard (pre-AKU3.0) DUN profile, you don’t need to do anything to the PPC. You only start dialing on the client device and it just connects to the Net. (Of course, if you use it via USB or infrared, you must explicitly enable these modes on the Pocket PC in either Modem Link or Wireless Modem, if the latter exists.)
With the new model and the new Internet Sharing, however, the situation is vastly different (again, only when using Bluetooth - with USB / infrared, the situation remained the same as has been before.) You must power on the PDA, fire up Internet Sharing and start the connection by clicking “Connect”. This means a LOT of additional, manual powering up / clicking you didn’t need to do in pre-AKU 3.0 times.
Unfortunately, you must repeat this (power on the phone, go to Internet Sharing and click Connect) every time you’d like to reconnect to the Net on your notebook or other (PAN-compatible) Bluetooth client devices. That is, the “Connected” state changes to an unconnected one as soon as you disconnect the client. In this respect (too), the new model is a bit more inconvenient to use than the old DUN-based one.
1.4.2 BT convenience issue two: Excess clicking needed on the client that uses an AKU3 Windows Mobile via Bluetooth
As BT PAN connections are not treated the same way as BT DUN connections, on clients that use BT PAN to connect to the Net, you
• generally need more clicks to establish the connection, let it be either the desktop Windows or Windows Mobile clients. (Under mobile/desktop Linux clients, in general, you don’t need more clicks.)
• can’t rely on the auto-connect features of the operating systems under desktop and mobile Windows client OS’es. (Unlike under mobile/desktop Linux.)
For example, on desktop Windows, instead of either relying on the auto-connection OR just putting a dial-up link on your desktop (one double-click to start it and, then, just a single click on Dial ), you must (with Widcomm-based clients) click the My Bluetooth Places icon, then, the Entire Bluetooth Neighborhood icon, then, the given device and, finally, the BT PAN icon for the BT PAN connection to be established. (All clicks must be double-clicks!)
(A quick tip: you can reduce the number of clicks needed to fire up the Net connection. To do this, start up Explorer, go to My Bluetooth Places / Entire Bluetooth Neighborhood / the given device and right-click the BT PAN icon; select “Create shortcut”. It will be created – not on the desktop but under My Bluetooth Places. Now, if you just double-click My Bluetooth Places on your desktop, you’ll be able to double-click the new shortcut icon in there as can be seen in here.)
On (Widcomm-based) Windows Mobile clients, you must click the Bluetooth icon on the Today screen, click Bluetooth Manager and double-click the BT PAN icon of the given modem. All this instead of, say, just relying on the auto-connect feature of “real” BT DUN connections. Pretty annoying, eh?
1.4.3 The good: USB is more convenient than before!
In pre-AKU3 operating systems, you must
install the USB modem driver for the phone (and hunt for it if you don’t have it – for your convenience, I’ve mirrored it, along with the HTC dialer app, here should you ever need it) upon the first connection. This is unlike with the pre-AKU3 case, where you must supply USBMDM.INF to it when it prompts for a “Generic Serial” device. In AKU3, upon the first connection, the “Windows Mobile-based Internet Sharing Device” USB driver will be automatically installed by Windows XP
Note that, for this to work, you'll need the latest, 4.5beta2 ActiveSync on your desktop. With earlier AS versions (I've tested this with version 4.1 - it prompted me for the driver for "PocketPC USB Sync"), the driver isn't included (and the Windows auto-update database doesn't contain it either).
the same stands for the HTC dialer (USBModem_Dialer.exe) – you won’t need it at all in AKU3, unlike in previous OS versions. Upon firing up Internet Sharing, starting the USB mode and connecting the USB cable, the client desktop PC will automatically notice the new network. No desktop-side clicking is necessary.
That is, the new, USB-based connectivity schema is far better and more covenient than the old one.
1.5 My wishes…
While the current model is compatible with the majority of desktop Windows-based clients, clients using other operating systems may encounter problems or full inability to access the Net via AKU3 devices because of the…
lack of infrared support in Internet Sharing (as opposed to Modem Link), if the given model doesn’t contain Wireless Modem (or something similar)
lack of USB support on the client side (the case with all non-desktop (mobile) clients (show me a Windows Mobile, Symbian or mobile Linux device with USB host that is also able to use Internet Sharing via USB!) and even Linux or other operating systems on the desktop)
lack of client-side BT PAN support
Therefore, my recommendation for Microsoft is bringing back the DUN profile in addition to keeping the new BT PAN profile. Both have their place under the sun. Use BT PAN with clients that do support it and use the “fallback” DUN with clients that don’t support it or need convenience (see the previous, 1.4 section on the convenience issues on both the client and the phone of the new, PAN-based model).
I also have some other remarks that would make the new approach far more flexible and usable with very little additional coding need. I really hope the excellent folks at Microsoft reimplement DUN in subsequent AKU upgrades and also consider extending the Network Sharing functionality as explained in the following two subsection so that it is able to share any kind of network connections, not only mobile phone-based ones and, at last, offers almost real BT PAN, not only for accessing the Net.
1.5.1 Let’s share any kind of connections, not just mobile phone-based ones!
Internet Sharing could be made MUCH more useful by letting for sharing any kind of connection, not just the ones present in the Connections. Right now, it’s not possible to share for example Wi-Fi connections (a lot of people are asking for Wi-Fi connection sharing all the time; I answer at least one every week). This is a really big problem and could be easily fixed by, for example, just eliminating (or making it optional: if the user only wants to share a given connection and not the current one) the drop-down “Network Connection” menu in the new Internet Sharing applet and just share the current Internet connection, independent of its type.
1.5.2. What do you need to know about the new BT PAN? Can you use it was a REAL Bluetooth PAN network for, say, messaging and playing?
The answer is YES, which is very good news for all MS BT stack users that have long been longing for BT PAN support for its excellent messaging / playing capabilities. Please DO check out my BT PAN-related articles on all these questions; for example, on 4Talk (chat – see this), MS Portrait (chat, file sending) or BT PAN-compatible games (please see the Multiplayer Pocket Game Bible for some examples).
This all means the BT PAN network in AKU3 is a real network as it uses local IP’s (as opposed to DUN) in the network. This means all LAN-based, BT PAN-friendly applications / games work with it as can also be seen in the screenshot I’ve taken with the great multiplayer game Gold Rush (which worked just great over the AKU3 BT PAN – something not possible with pre-AKU3 devices). That is, the basics are already there: it’s just the interface that could be (slightly) modified by Microsoft, of which I’ll elaborate right now.
Unfortunately, the BT PAN support, while it, basically, works, is a bit more limited in AKU3 than in Widcomm-based Pocket PC’s:
You MUST connect to the internet in order to be able to create a BT PAN network between two devices. If you don’t have an Internet connection (or you, for example, supply a connection connecting to a bad APN name), BT PAN won’t work either.
Second, not as important as above, only one client can connect to an AKU3 device, unlike with the Widcomm BT stack, where the number of connecting clients isn’t restricted
AKU3 lacks the BT PAN client mode (so that a AKU3+ device can (also) join BT PAN’s, not (only) host them). This, along with the second bullet, aren’t very important though as can be very easily circumvented (and it’s in very rare cases that you would need a BT PAN network with more than two devices in it – some mass BT PAN multiplayer games like Gold Rush.)
All in all, while the BT PAN, in some respects, does what it’s supposed to (the internet connection sharing does work as expected, except for the convenience and compatibility issues I’ve already elaborated on), the BT PAN support itself could be made independent of “plain” connection sharing. First, making the BT PAN capabilities independent of connection sharing (that is, decouple PAN from Internet Sharing or, at least, make it available for “generic”, non-sharing purposes) would be very nice. The ability to have BT PAN between devices without an actual Internet connection would really enhance the functionality of the BT PAN as there are a LOT of tasks that can be done via local, internet connection-less networks and require no (in cases, non-existing or very expensive) Internet connection. Hope Microsoft also considers this for future AKU versions.
2. Comparison chart
The following chart (only for advanced users / geeks!) compares AKU 3+, pre-AKU3 and Widcomm / Broadcom-based Pocket PC’s (the latter may also have AKU3 – as Bluetooth is not that of Microsoft, with them, the exact AKU version isn’t important) in three areas:
in how they support all (not just plain Internet sharing) the capabilities of BT PAN: can you connect to a given BT PAN server with more than one clients at a time; can you use the given implementation as both a client and a server, is the given BT PAN a “real” PAN network and, finally, is any kind of Internet connection needed for the BT PAN network to work. Note that I’ve already elaborated on all these questions earlier.
dialup-related: how dial-up (accessing the Net from other devices) is done (via DUN or BT PAN); is it possible to use the device as an infrared modem, can you run server-like apps on the client and, finally, is any manual intervention needed for (re)connection (again, in pre-AKU3 times, nope via Bluetooth DUN – this was also a real strength of the DUN-based approach)
internet sharing-related: what protocols work over the sharing (at this, AKU3 really excels as it shares EVERYTHING, as opposed to third-party, non-OS-level solutions used before as is also explained in “Can I share the Internet connection on my Pocket PC through Bluetooth/Wi-Fi? That is, can I make my Internet-connected Pocket PC into some kind of a Wi-Fi/Bluetooth Access Point?”) and the class of collections that can be shared (in this, AKU3’s solution is definitely inferior to “real” ICS, which can share any kind of connection including Wi-Fi, not only mobile phone-based ones.)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you can’t see the above chart, the chart is here as HTML
3. Verdict
While the new model exhibits some serious compatibility (and, with Bluetooth connections, convenience) problems, I consider it a very good step in the right direction.
I do hope Microsoft reimplements Bluetooth DUN (which isn't at all complicated because it did exist in previous operating system versions - they will only need to insert back the code used in there) and, preferably, infrared connection in the new Internet Sharing program or, at least, forces Pocket PC manufacturers to supply the Wireless Modem program with all their AKU3 ROM upgrades (also on models that, traditionally, didn't have it - for example, the Wizard) / new models so that infrared dial-in still remains possible.
Also, I hope they go on extending the functionality of Bluetooth PAN so that the Microsoft BT stack, at least BT PAN-wise, becomes a decent alternative to the Widcomm BT stack.
4. Other, recommended links
Use your Pocket PC Phone Edition as a modem for your other Pocket PC's! - a full tutorial - (this explains the pre-AKU3 case)
Can I share the Internet connection on my Pocket PC through Bluetooth/Wi-Fi? That is, can I make my Internet-connected Pocket PC into some kind of a Wi-Fi/Bluetooth Access Point? - this article explains how ICS must be done on pre-AKU3 devices.
UPDATE (11/13/2006): in the meantime, I've scrutinized whether you can "hack" DUN support to the AKU3 MS BT stack with "simple" registry hacking.
Unfortunately, it doesn't seem to be possible for the following reasons:
The subkeys under [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Bluetooth\ Services] isn't actively used (and can even be deleted) when clients discover the services of a MS BT stack device.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bluetooth\SYS\COD, which is a dword with the value 00120114 in AKU3 and 00100114 in pre-AKU3 only describe for clients what kind of a BT device is (is it a phone? A PDA? A desktop computer? A headset? Stereo headphones?), and not the services it offers. This means using the old 00100114 as its value in AKU3 won't help either.
It seems the list of the provided services are returned from the BT-related DLL files, which can't be hacked easily.
Feel free to chime in and to point out if you know a way of (re-)enabling the DUN profile under WM5 (without, preferably, getting rid of BT PAN!)
Discussions of this article: HowardForums
Any idea what has to be done to allow linux to use the AKU 3.3 rom's via usb? Theoretically PAND will work under linux but I could never get it to work.
Connecting Fedora Core 6 to the Internet using HTC P3600 Compressed Tutorial
Of course that it will work on any Linux ! Of course that with any WM5 AKU 3 device !
The stages are as simple as 1, 2, 3 !
1. Go (on the WM5 AKU 3.x device) to Internet Sharing, select your network, select BT-PAN profice and click Connect.
2. Open a console on Linux (root) and start writing:
root# pand -s -r PANU
root# pand -Q10
(optional, to test) root# pand -l
root# ifconfig bnep0 192.168.0.2
root# route add default gw 192.168.0.1
root# echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0
3. READY !
Notes upon the implied commands:
a) pand -s -r PANU // starts the PAN daemon (server) in the PANU mode and puts it to listening mode
b) pand -Q10 // performs a 10sec search for the HCI address of a PANU and connects to it
c) pand -l // view if you have connection : bnep0 00:17:83:01:38:6B PANU - in my case
d) ifconfig bnep0 192.168.0.2 // sets the IP of the virtual network interface. Please do veryfy on your PDA that the PAN interface has 192.168.0.1 already seted up. Of course that you can use other IPs, but stay in the same network !
e) route add default gw 192.168.0.1 // sets the WM5 device as the gateway for IP packets. Certainly that you can change the address for originality, but remember that it must be the IP of the PAN interface on the WM5 device !
f) echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0 // assigns a DNS server to be queried. Of course that you can use any DNS IP that you want.
g) REMEMBER: On Fedora, IP forward is already activated. On Debian it is not. Thus, before command number e, you must activate it by typing "echo 1 > /proc/sys/net/ipv4/ip_forward" (without the quotes).
Cheers !
PAN on OS X
It now works in OS X as of 10.4.9! I tested on both my Dulie G5 and my MacBookPro.
Here are the steps I took to make it happen, pretty simple. But it took some playing around to get it.
-----------
Open the Bluetooth Preference Pane, Click Devices, select your device and click Configure.
It will scan your device; Click 'Continue'
It should then display the Conclusion screen that will contain "Use as personal area network"
Click Quit
Click Settings and be sure "Show Bluetooth status in the menu bar" is Checked.
On your WM5 device connect your network using the Internet Sharing application.
Back on your Mac go to the Bluetooth icon in the menu bar, click and select "Join Network on <devicename>"
Your on! Oddly on my Macbook it shows under the Network prefs as a Ethernet Adaptor, but on my G5 it shows as Bluetooth PDA.
Thanks for the update Apple!!
Great! Will post an update to everywhere!
moucha said:
Of course that it will work on any Linux ! Of course that with any WM5 AKU 3 device !
The stages are as simple as 1, 2, 3 !
1. Go (on the WM5 AKU 3.x device) to Internet Sharing, select your network, select BT-PAN profice and click Connect.
2. Open a console on Linux (root) and start writing:
root# pand -s -r PANU
root# pand -Q10
(optional, to test) root# pand -l
root# ifconfig bnep0 192.168.0.2
root# route add default gw 192.168.0.1
root# echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0
3. READY !
Notes upon the implied commands:
a) pand -s -r PANU // starts the PAN daemon (server) in the PANU mode and puts it to listening mode
b) pand -Q10 // performs a 10sec search for the HCI address of a PANU and connects to it
c) pand -l // view if you have connection : bnep0 00:17:83:01:38:6B PANU - in my case
d) ifconfig bnep0 192.168.0.2 // sets the IP of the virtual network interface. Please do veryfy on your PDA that the PAN interface has 192.168.0.1 already seted up. Of course that you can use other IPs, but stay in the same network !
e) route add default gw 192.168.0.1 // sets the WM5 device as the gateway for IP packets. Certainly that you can change the address for originality, but remember that it must be the IP of the PAN interface on the WM5 device !
f) echo "nameserver 194.102.255.2" > /tmp/resolv.conf.bnep0 // assigns a DNS server to be queried. Of course that you can use any DNS IP that you want.
g) REMEMBER: On Fedora, IP forward is already activated. On Debian it is not. Thus, before command number e, you must activate it by typing "echo 1 > /proc/sys/net/ipv4/ip_forward" (without the quotes).
Cheers !
Click to expand...
Click to collapse
What has to be done different to use the direct usb connection under linux? I run suse and was able to get an ip address but could never get it to go to a website.
Thankyou!
Just wanted to post a comment saying thankyou so much for this guide - it's amazing, so detailed and very, very useful!!!
Much appreciated!
I send that - I'm just about to go to AKU3 and use the USB connection method for modem use. Excellent stuff!
USB No worky
I'm having some really strange functionality with the internet sharing on AKU3.5 that I've built and installed on my Verizon XV6700.
I have everything working 100% from the phone side. Picture and video messaging. Internet browsing checking email you name it.
When I fire up Internet Sharing with the Bluetooth PAN option I can connect with my laptop and I'm actually posting this message over Internet Sharing via Bluetooth PAN. But when I use USB no worky.
I'm running Windows Vista Ultimate (so I have the latest and greatest Active Sync). When I plug in Windows DOES detect it as a network card. For the longest time it was only getting a 169.x.x.x IP so it was like it wasn't fining anyone home on the other end. After several iterations of setting my USB from Serial to RNDIS and back again and editing settings in the RNDIS adapter in connections I now have an IP getting correctly configured.
When I was not getting an IP Windows would say that I had "Limited Connectivity" on the network card. Now that there is a good set of IP's I get "Local Only" access. The phone says it has 192.168.1.1 my computer has 192.168.1.100 (its normal local address) but it does have 192.168.1.1 setup as its gateway. All seems correct in there. Essentially it seems like the phone is a firewall and someone forgot to put the MASQ rule in there. Its talking to the phone it just seems like the phone isn't routing the connections outside. Which seems REALLY odd being that BT PAN works so well.
Any insight would be greatly appreciated.
Figures... Right after I post this I figure it out. I've been workin on this for about 2 days now...
When going to start -> settings -> connections -> wifi
then going to the network adapters tab.
I noticed that Bluetooth PAN was in there. It had a use specific IP setting in it to 192.168.0.1 NETMASK 255.255.255.0. My RNDIS adapter was configured to use auto assigned IP's. I just changed the RNDIS to use the same specific IP settings that the BT PAN adapter did and plug and chug.
Click bang whirr and we're up and running!
Speed tests seem to be a little faster with the USB cable. Wonder if the BT connection is a bottleneck with respect to the EVDO connection.
Anyway hope this helps someone....
Problem fixed; see http://forum.xda-developers.com/showthread.php?p=1400709
Menneisyys said:
Unfortunately, the BT PAN support, while it, basically, works, is a bit more limited in AKU3 than in Widcomm-based Pocket PC’s:
You MUST connect to the internet in order to be able to create a BT PAN network between two devices. If you don’t have an Internet connection (or you, for example, supply a connection connecting to a bad APN name), BT PAN won’t work either.
Second, not as important as above, only one client can connect to an AKU3 device, unlike with the Widcomm BT stack, where the number of connecting clients isn’t restricted
AKU3 lacks the BT PAN client mode (so that a AKU3+ device can (also) join BT PAN’s, not (only) host them). This, along with the second bullet, aren’t very important though as can be very easily circumvented (and it’s in very rare cases that you would need a BT PAN network with more than two devices in it – some mass BT PAN multiplayer games like Gold Rush.)
Click to expand...
Click to collapse
sorry for the (probably dumb) question but could you elaborate a little bit on the possible workaround to connect an aku3 device as a BT PAN client to a BT PAN server on another aku3 device ?
Here is the scenario I am interested in : having a HTC Universal (no sim card) connected to the internet thanks to another aku3 device. This other device (probably a smaller device like a HTC Wizard) is connected to the internet through its wan connection and keeps its full internet functionalities.
Thanks !!!
pierro78 said:
sorry for the (probably dumb) question but could you elaborate a little bit on the possible workaround to connect an aku3 device as a BT PAN client to a BT PAN server on another aku3 device ?
Here is the scenario I am interested in : having a HTC Universal (no sim card) connected to the internet thanks to another aku3 device. This other device (probably a smaller device like a HTC Wizard) is connected to the internet through its wan connection and keeps its full internet functionalities.
Thanks !!!
Click to expand...
Click to collapse
I referred to installing the (hacked) Widcomm BT stack (see http://www.pocketpcmag.com/blogs/index.php?blog=3&p=1649&more=1&c=1&tb=1&pb=1 ), which is available for many (but not all!) MS BT stack-based models.
Thanks Menneisys for your answer.
So another (probably also dumb) question :
If I buy an Universal and just want to use it as a PDA connected to the internet through, say, my Wizard. Is there a reliable (& not too hard) way so my Wizard also has full internet features enabled at the same time ??
Thanks again !!!!
PS :
I could go for the N800 which has BT PAN client already integrated but I'd like a keyboard and MS Exchange access ...
pierro78 said:
Thanks Menneisys for your answer.
So another (probably also dumb) question :
If I buy an Universal and just want to use it as a PDA connected to the internet through, say, my Wizard. Is there a reliable (& not too hard) way so my Wizard also has full internet features enabled at the same time ??
Thanks again !!!!
PS :
I could go for the N800 which has BT PAN client already integrated but I'd like a keyboard and MS Exchange access ...
Click to expand...
Click to collapse
So, you need to use Internet Sharing on the Wizard, so that you can also access the Net on it? Then, install the Widcomm hack on the Universal. See http://forum.xda-developers.com/showthread.php?p=1115973
Menneisyys said:
Then, install the Widcomm hack on the Universal. See http://forum.xda-developers.com/showthread.php?p=1115973
Click to expand...
Click to collapse
Awesome, I have missed this thread and didn't know the widcomm hack was so advanced on the Universal
Thanks a bunch !!!!
PS :
Now I just need to go on ebay and buy myself a cheap Universal ...
pierro78 said:
Awesome, I have missed this thread
Click to expand...
Click to collapse
Just make sure you follow all my articles - I've also advertised this thread in several of them
An interesting read :
Closing Open Holes
#JDevil#
With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked.
This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system.
Open Ports: A Threat to Security?
Now, which option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.
For Example,
C:\windows>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.inop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.inop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*
Now, let us take a single line from the above output and see what it stands for:
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
Now, the above can be arranged as below:
Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)
Local System Name: ankit (This is the name of the local system that you set during the Windows setup.)
Local Port opened and being used by this connection: 1031
Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)
Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)
State of Connection: ESTABLISHED
Netstat? with the ? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.
The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.
Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice
For complete list, refer to the Tutorial on Trojans at: hackingtruths.box.sk/trojans.txt
----
Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:
Now, the thing to understand here is that, Port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21. Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!
The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.
If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.
The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:
1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.
***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80. However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:
http://domain.com:8080 instead of
http://domain.com:80
The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.
The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110. However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc
Some sysadmins also like to choose Port numbers in the following manner: 1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************
Firewalls
Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?
Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.
Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)
NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.
Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.
Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?
You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.
Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.
What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.
The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.
Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.
You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.
*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************
So how do I protect myself from such Scans and unsolicitated attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicitated connection probes, scans, attacks.
They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.
Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:
ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com
Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.
Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them?
Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.
You might even get a message like: Such and Such IP is trying to initaite a Netbios Session on Port X. This again is extrememly common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:
DNS in-addr.arpa PTR queries sent to the DNS server
NetBIOS NodeStatus queries sent to the IP address
lookups in the /etc/hosts file
AppleTalk over IP name query sent to the IP address
RPC query sent to the UNIX NIS server
NetBIOS lookup sent to the WINS server
Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.
(Side note: User's sometimes complained that accessing Windows servers is slow. This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).
The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider.
Breaking Through Firewalls
Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88
(Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88
(Notice the -g67 which specifies source port).
JDevil
An interesting read
Closing Open Holes
#JDevil#
With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked.
This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system.
Open Ports: A Threat to Security?
Now, which option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.
For Example,
C:\windows>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.inop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.inop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*
Now, let us take a single line from the above output and see what it stands for:
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
Now, the above can be arranged as below:
Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)
Local System Name: ankit (This is the name of the local system that you set during the Windows setup.)
Local Port opened and being used by this connection: 1031
Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)
Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)
State of Connection: ESTABLISHED
Netstat? with the ? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.
The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.
Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice
For complete list, refer to the Tutorial on Trojans at: hackingtruths.box.sk/trojans.txt
----
Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:
Now, the thing to understand here is that, Port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21. Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!
The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.
If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.
The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:
1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.
***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80. However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:
http://domain.com:8080 instead of
http://domain.com:80
The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.
The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110. However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc
Some sysadmins also like to choose Port numbers in the following manner: 1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************
Firewalls
Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?
Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.
Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)
NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.
Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.
Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?
You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.
Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.
What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.
The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.
Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.
You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.
*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************
So how do I protect myself from such Scans and unsolicitated attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicitated connection probes, scans, attacks.
They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.
Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:
ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com
Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.
Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them?
Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.
You might even get a message like: Such and Such IP is trying to initaite a Netbios Session on Port X. This again is extrememly common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:
DNS in-addr.arpa PTR queries sent to the DNS server
NetBIOS NodeStatus queries sent to the IP address
lookups in the /etc/hosts file
AppleTalk over IP name query sent to the IP address
RPC query sent to the UNIX NIS server
NetBIOS lookup sent to the WINS server
Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.
(Side note: User's sometimes complained that accessing Windows servers is slow. This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).
The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider.
Breaking Through Firewalls
Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88
(Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88
(Notice the -g67 which specifies source port).
JDevil
Nice tutorial! Thanks!...But while having a look at the topic I had to smile... Vulnerabilities sounds better.
Lol exactly hahhahahah , thanks for the kind words
Sent from my SAMSUNG-SGH-I317 using xda app-developers app
Pretty amazing read, I'm impressed. What OS do you you on your home PC jeremyandroid? just curious?
js663k1 said:
Pretty amazing read, I'm impressed. What OS do you you on your home PC jeremyandroid? just curious?
Click to expand...
Click to collapse
Kali Linux, been a while bro, still got your badge I'm signature hahahha nice ,even though I havnt done anything in a long time but papers .