How to Setting ntp client in Mikrotik

RouterBoard have special behavior, that’s my observation after install MT in hard disk and then bought RB433AH.

In RB433AH time setting automatically to January 1970 every time its get restart. Till I use ntp (network time protocol) client in MT.

The step to set ntp client in MT :

1. Click ‘System’ -> NTP Client.

mikrotik_ntp

2. Enter information of ntp server.

I use google for shortcut, enter search term :

‘ntp server for Singapore’, resulted in : sg.pool.ntp.org

read more »

Setting up RouterBoard RB433 AH

New Mikrotik RB has arrived, its RB433AH wireless indoor.

As I never use mikrotik before it’s time to configure it for first use :

1. Download neigbour viewer for windows from mikrotik.

neigbour_viewer

2. Unzip the files using winzip or winrar.

Double click to launch neighbour viewer

At first time IP address will display 0.0.0.0 it means no ip address assigned.

To assign new address double click its MAC address.

read more »

Install AnsavAnti Virus in Ubuntu Server

Playing around with anti virus lead me to ansav, a free anti virus that convince me to give it a chance for our linux server.

Installation process is simple as 123 :

1. Download core engine and update from here.

2. Install ansav.

dpkg -i ansav-linux-i386.deb

3. Move latest update to /etc/ansav

mv dbs.anv /etc/ansav/

4. Checking if it work

# ansav

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

for more command use –help

# ansav –help

—————————————————————
ANSAV 2.0.11  beta-3 (Linux.2.6.28-11-server)
updated: 16.05.2009
total: 1329 signatures inside
—————————————————————

USAGE:
ansav [options] [path]

OPTIONS:
-v   verbose mode.
-w   show malware list from database
show also list from external (dbs.anv) if exists.
-f   enable auto fix for every detected threat.
-d   enable auto deletion for every detected threat.
if -f and -d specified auto deletion will be used
for unfixable threat. This rule not affected for suspected object
or you can force delete use `–force-kill` instead.
-r   scan recursively.
-p   format output to pipeline friendly.

EXAMPLE:

ansav -vf /mnt/f

scan and fix every detected threat in directory /mnt/f.

ansav -vfd /mnt/f

scan and fix every detected threat in directory /mnt/f
and delete threat if fix fail.

Need to test it against local virus.

WARNING: Crypto package not found. Some features will fail.

That message show up when I scan conflicker in our lan.

After some google, I know the answer :

In FreeBSD :

# cd /usr/ports/security/py-pycrypto && make install

In Ubuntu :

# apt-get install python-crypto

Done.

NO more error message I guess.

Detect conflicker in our LAN

Another conflicker variant force us to behave like paranoid. Any tool that might help us to detect it get more attention, specially when it’s free :-)

Detect from Windows machine :

Download detector from Florian Roth, click here.

Save and extract to any folder, I choose C.

Make sure to run it from comman line :

C:\scs2-win32>scs2.exe 172.88.1.95  172.88.1.100

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009
Compiled for Win32 environments by Florian Roth

[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
Done

Detect from Linux machine ( I use Ubuntu 9.04 server) :

# apt-get install python-impacket

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip

# cd scs2

# ./scs2.py 172.88.1.1 172.88.1.50

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[UNKNOWN]  172.88.1.10: No response from port 445/tcp.
[UNKNOWN]  172.88.1.14: No response from port 445/tcp.
[UNKNOWN]  172.88.1.8: No response from port 445/tcp.
[UNKNOWN]  172.88.1.5: No response from port 445/tcp.
[UNKNOWN]  172.88.1.9: No response from port 445/tcp.
[CLEAN]    172.88.1.43: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.25: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.50: No response from port 445/tcp.[CLEAN]    172.88.1.22: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.23: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.

[CLEAN]    172.88.1.34: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.29: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.28: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[INFECTED] 172.88.1.47: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[CLEAN]    172.88.1.48: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.38: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.42: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[CLEAN]    172.88.1.27: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.1: No response from port 445/tcp.
[UNKNOWN]  172.88.1.4: No response from port 445/tcp.
[UNKNOWN]  172.88.1.6: No response from port 445/tcp.
[UNKNOWN]  172.88.1.7: No response from port 445/tcp.
[UNKNOWN]  172.88.1.11: No response from port 445/tcp.
[UNKNOWN]  172.88.1.12: No response from port 445/tcp.
[UNKNOWN]  172.88.1.13: No response from port 445/tcp.
[UNKNOWN]  172.88.1.16: No response from port 445/tcp.
[UNKNOWN]  172.88.1.17: No response from port 445/tcp.
[UNKNOWN]  172.88.1.18: No response from port 445/tcp.
[UNKNOWN]  172.88.1.19: No response from port 445/tcp.
[UNKNOWN]  172.88.1.20: No response from port 445/tcp.
[UNKNOWN]  172.88.1.21: No response from port 445/tcp.
[UNKNOWN]  172.88.1.26: No response from port 445/tcp.
[UNKNOWN]  172.88.1.30: No response from port 445/tcp.
[UNKNOWN]  172.88.1.31: No response from port 445/tcp.
[UNKNOWN]  172.88.1.32: No response from port 445/tcp.
[UNKNOWN]  172.88.1.33: No response from port 445/tcp.
[UNKNOWN]  172.88.1.35: No response from port 445/tcp.
[UNKNOWN]  172.88.1.36: No response from port 445/tcp.
[UNKNOWN]  172.88.1.37: No response from port 445/tcp.
[UNKNOWN]  172.88.1.39: No response from port 445/tcp.
[UNKNOWN]  172.88.1.40: No response from port 445/tcp.
[UNKNOWN]  172.88.1.41: No response from port 445/tcp.
[UNKNOWN]  172.88.1.44: No response from port 445/tcp.
[UNKNOWN]  172.88.1.45: No response from port 445/tcp.
[UNKNOWN]  172.88.1.46: No response from port 445/tcp.
[UNKNOWN]  172.88.1.49: No response from port 445/tcp.

Detect using FreeBSD machine :

# cd /usr/ports/net/py-impacket && make install

# wget http://iv.cs.uni-bonn.de/uploads/media/scs2.zip

# unzip scs2.zip &&  cd scs2

# python scs2.py 172.88.1.90 172.88.1.100
WARNING: Crypto package not found. Some features will fail.

Simple Conficker Scanner v2 — (C) Felix Leder, Tillmann Werner 2009

[CLEAN]    172.88.1.90: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be clean.
[UNKNOWN]  172.88.1.100: No response from port 445/tcp.
[INFECTED] 172.88.1.96: Windows 5.1 [Windows 2000 LAN Manager]:  Seems to be infected by Conficker B or C.
[UNKNOWN]  172.88.1.92: No response from port 445/tcp.
[UNKNOWN]  172.88.1.91: No response from port 445/tcp.
[UNKNOWN]  172.88.1.93: No response from port 445/tcp.
[UNKNOWN]  172.88.1.94: No response from port 445/tcp.
[UNKNOWN]  172.88.1.95: No response from port 445/tcp.
[UNKNOWN]  172.88.1.97: No response from port 445/tcp.
[UNKNOWN]  172.88.1.98: No response from port 445/tcp.
[UNKNOWN]  172.88.1.99: No response from port 445/tcp.
Done
#

Time to patch those infected machine.