2011
12.17

IDM or ASDM JAVA Memory Heap Size Issue

Category: Uncategorized / Tags: no tag / Add Comment
Share

When trying to open Intrusion Prevention from Cisco ASDM, following message is thrown

image

Your current Java memory heap size is less than 256 MB, the amount required for IOS IPS to run. To change the Java memory heap size, open the Java control panel and enter -Xmx256m in the Java Applet Runtime Settings dialog. This dialog is in the Java tab, or in the Advanced tab of the Java control panel. After you have changed the Java heap size, restart Cisco SDM.

Solution:

Step 1:
1. Open the Control Panel.
2. Navigate to Programs, and open the Java control panel.
3. Under the Java tab, in the Java Runtime Environment Settings pane, click View.
4. For all enabled Java versions, enter -Xmx512m under Runtime Parameters.
5. Hit OK and close the control panel.

image

Step 2: The shortcut will still refer to its own runtime parameters. Change it and create a short cut as Target: C:\Windows\System32\javaw.exe -Xms256m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher

Start in: “C:\Program Files\Cisco Systems\ASDM\”

2011
11.21

JBoss Worm Perl.Bossworm Infection

Category: Firewall, Hacking, My Lab, Scripts / Tag:  / Add Comment
Share

Let me provide you some of the my network analysis and IPS reports, soon after I found that my test JBoss Server has been infected by Perl.Bossworm.

Perl.Bossworm is a malignant worm that exploits the JBoss Enterprise Application Platform Multiple Vulnerabilities (BID 39710) in order to copy itself to unpatched JBOSS servers. When Perl.Bossworm sets up to a vulnerable server, it finds and infects more vulnerable servers. Perl.Bossworm connects to predetermined domains for downloading and installing other malware threats. Remove Perl.Bossworm before it harms your PC system.

How to find out JBoss Worm Infection on your network :-

Perl.Bossworm symptoms on JBoss Server is discussed and very well explained  in JBoss Community. Where as, below are the symptoms on the network side from my lab:

Symptom 1:

  • the connectivity  between Network Switch and Firewall would be very unstable. I had frequent disconnections – request timeout even when I ping the Inside interface of Firewall from the Switch Telnet console. So obviously, you will have either slow Internet connection or no connectivity at all.
Telnet to your Network Switch and ping to Inside LAN interface of Firewall to check the response (PING) status.
Symptom 2:
  • Network Switch utilization has gone up and reached 99% :(
Commands to execute and verify on Network Switch:
1. sh proc cpu sorted (Cisco Switch Command)
You could see that my switch utilization has gone very high within 5 seconds statistics
2. show platform cpu packet statistics  (Cisco Switch Command)
Port GI 7/9 on Network Switch is where JBoss Server was connected, finally found to be transmitting huge number of packets in few seconds

Firewall and IPS (Intrusion Prevention System) Worm Infection Report:-

The IPS reports shown below will clarify the doubts of what has really caused to utilize so high CPU of Network Switch and Firwall disconnectivity

  • The next day after worm infection,  it has established nearly 17000 irc-base sessions to Outside Internet.

  • 342 GB of Bandwidth has been utilized on day 2 of infection
  • Finallywe have the IRC IPs to which infected JBoss server was communicating
Solution to remove JBoss Worm:
2011
11.13

White box appears on the image embedded in Outlook Email

Category: System Administrator / Tag:  / Add Comment
Share

Did you see any white box appears on the image in Outlook 2007 Email even though client PC has SP2 installed?

Follow the steps to rectify the above problem

Create a New email, click the Office Button in the top left, choose the Editor Options button at the bottom right, select Advanced, scroll down to the “Display email content” section and make sure there is no tick next to the “Show Picture Placeholders” option.

2011
11.13

Zip attachment in Acrobat Reader

Category: Cool Tips, System Administrator / Tag:  / 1 comment
Share

I have come across a situation where my client was not able to download zip attachments embedded in PDF documents, though he was using latest version of Acrobat Reader. But we make use of  Acrobat Professional 6 version to download zip attachments from the same PDF documents.

What about peoples who don’t have Acrobat Professional? Follow

  • Open registry editor
  • Navigate to following registry path
  • Choose registry value: tBuiltInPermList
  • Search for zip and change from 3 to 2
  • Close all acrobat files and open again, user must be able to extract files now.
2010
11.27

Facebook Scam: See who is viewing your facebook profile

Category: My Lab / Tag:  / 1 comment
Share

Fake: http://seeyouseeme.info

Again, another fake application from Profile Spy which claims to let facebook users know who has viewed their facebook profile. This is one of the most wanted feature but found missing in the Number  1 rated social networking website (2011 Social Networking Websites Review).

This fake Profile Spy was earlier spreaded under different website names as  http://whosviewme.t35.com/fb.php, http://whoviewsyou.eyetesting.info, http://whoviewsyou.icantbelieve.info but now with a different domain name http://seeyouseeme.info.

As per www.dnsstuff.com, this website is registered under godaddy.com on 05-Nov-2010. Within few weeks of hosting, the website gained popularity and reached maximum hits of 270 users in a day (statistics form whos.amung.us)

Map shows different locations in the world fromwhere the visitors are accessing this scam website.

Share this facebook scam alert to your friends and help them to protect their facebook accounts.

« Previous Entries
Next Entries »