Showing posts with label firewalls. Show all posts
Showing posts with label firewalls. Show all posts

Sunday, July 28, 2013

ForSec “Value Package” Linkfest - No coupons required!

One last Linkfest from a now exhausted GSD blogger this weekend.

Cleaning out the “to-be-blogged” hopper is always rewarding, but I tend to get very behind on the weekend chores. My saving grace this weekend has been frequent scattered showers and an equally tired Lavie who hasn’t been interested in going out for shopping, groceries, or dining out. The kitchen has been cleaned. The laundry has been done for the week.

Next stop, a few hours of rest, post-blogging, then a wind-down with Endeavour on PBS Masterpiece.

Too Funny Not To Miss

Bloody galah scammers still not getting the message - Troy Hunt’s blog. Security guru Troy Hunt has had his fair share of “this is (not) Microsoft cold calling you…your PC is infected…let me remote control it” scams and has picked them all apart to the bone.

This time he takes a new angle…in a way that only an Aussie could pull off!  This is a classic! Troy, please offer us some of those sound files or link to where we can get them!  I need to put together a Texan sound-effect package for similar fun with unwanted callers. Brilliant!

Microsoft Security News

Microsoft Releases New Mitigation Guidance for Active Directory - Microsoft Security Blog

Overview of Microsoft`s "Best Practices for Securing Active Directory" - SANS Computer Forensics and Incident Response blog’s Mike Pilkington does a great summary and takeaway of the new AD mitigation guidance.

Security Awareness Training: Your First Line of Defense (Part 4) -’s Deb Shinder discusses evaluating training effectiveness short and long-term.

See also these previous series posts:

Network Security, News and Techniques

Wireshark 1.8.9 and 1.10.1 Security Update - ISC Diary

Next up are some great and detailed video presentations from Sharkfest 2013

Recent Forensically Focused Posts

Physical (In)Security?

Duplicate house keys online - Keys Duplicated - This is either freaking amazing or super-scary. I just can’t decide! According to their Security page, precautions are taken.

The Keys Duplicated Blog - A couple really cool and technical posts on the behind the scenes things that make their keys pretty good.

…as spotted on Lifehacker’s post: Shloosl Copies Your House Keys Using a Smartphone Photograph

When 'Smart Homes' Get Hacked: I Haunted A Complete Stranger's House Via The Internet - Forbes

ForSec LiveCD Distro News

AV/AM Bits

Microsoft Security Essentials quietly released version engine update for their free antivirus scanning program. If you use MSSE, you should get it via the automatic updates…if you have them turned on…you do have them turned on right?

Download Microsoft Security Essentials - Microsoft Download Center - Like most things MSSE, trying to figure out just what got updated is next to impossible so let’s just say for now that this one must be better than the previous version and move on.

I’m still using MSSE around the Valca home on all our home systems. I also continue to recommend it to friends and family (generally everyone non-work-related) who I provide friendly IT support to. I find it is pretty non-threatening to the non-technical users I know and though it loves to alert on many of my security programs (potentially unwanted programs) since they can also be used for 3vil, it seems to do a more than adequate job security the systems.

For my Windows 8 systems, I’m instead relying on Bitdefender Antivirus Free. In some ways it’s a bit different model in that you need to sign up with an email address to set up your account. Then you can download the client to the system. What is nice is that if you manage multiple systems in your home, you can log into your account at their site and then get a console feedback on the status of those systems. That’s something that I do at work with another vendor’s enterprise AV client health/status management console. That’s super cool for a free product. I’m seriously leaning to expanding it’s coverage to my main Windows 7 laptop at home. Performance has been outstanding on my Windows 8 systems.

Kaspersky tops real world protection test - BetaNews - this post does point out that Bitdefender tied Kaspersky with a 99.9 % protection level in AV-Comparatives Independent Tests of Anti-Virus Software for July 2013. While Microsoft Security Essentials rated a 92.5 % protection level. There are some additional disclaimers so read the short BetaNews article carefully. Then head over to AV-Comparatives to dig deeper and see the full findings.

Finally, we wrap up this segment with this interesting discussion:

The evolution of Ronvix: Private TCP/IP stacks - Microsoft Malware Protection Center

It’s a bootkit infection that has its own private TCP/IP stack. By doing so it can be extra stealthy and bypass personal firewall hooks and can lurk unseen in standard tools and utilities (such as nbtstat). Doing so, depending on packet/network monitor off the infected machine may be ineffective. However, it still must talk ON the network, so an independent network monitoring and forensics analysis approach using a network monitoring appliance or span port capture may detect the traffic. This may be why comparing outside network traffic captures from a system on the network to network traffic captured on the system may be a useful exercise for incident response and monitoring purposes.

Legally Focused

I’ve been reading a wider range of subjects, and a small part of those touch on our legal system. Mainly they apply to digital law and crime but some are more general. I’m just tossing them out there for the interested or curious. Generally they tend to analysis of current events or provide a more detailed lawyer’s review than the talking/shouting legal heads we encounter on mass-media “news-like” entertainment outlets these days.

  • CYB3RCRIM3 - Susan Brenner’s blog on cybercrime and cyberconflicts in technology and law.
  • Popehat - group blog with a mostly legal focus (though topics can range far afield!)
  • Le·gal In·sur·rec·tion - group blog with mostly legal and law-in-today’s-culture focus. Pretty vibrant opinions. Alignments may vary.
  • Lowering the Bar - Sometimes lighthearted (though always serious at the core) look at some of the nonsense the legal system contains, or foists on others from time to time. Great site.
  • Massad Ayoob - legal, cultural, and educational postings primarily dealing with legal private firearm ownership issues. Also analysis of public media trends and news stories.

Have a great week!

--Claus Valca

Saturday, July 24, 2010

Super-Fast Linkfest Throw-down: Pt II

More for the masses!


Microsoft Security Essentials Beta: The Next Gen Edition (2.0)

I logged into Microsoft Connect and downloaded both the x32 and x64 flavors for various systems I work/play on.  Installations went great and no ill effects seen so far.

Utilities Galore

  • SearchMyFiles – freeware – Nir Sofer’s tool has some more options now.  My favorite power file-search tool!  See also the freeware tool SMF – Search my Files over at also a rockin’ tool.
  • Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61 – Sysinternals
  • FREE: imagepatcher – Update WIM images – 4sysops links to a tool (script) that will put patches on all/selected images in a WIM/VHD file.  Pretty cool and based on Microsoft Powershell.  imagepatcher home.
  • WhatChanged 1.07 – freeware – VTask Studio – this version update for file/registry diff’ing got a speed/performance enhancement.  Quite a handy tool for when Windows System State Analyzer is just too much brawn for your needs.
  • Double Driver – freeware – This utility for backing up/restoring your Windows system drivers (Microsoft/OEM/third-party) is an awesome update.  I used it recently to back up and collect all my XP AT&T Sierra 881 Wireless card drivers.  Then we took those to an identical platform that wouldn’t recognize those same drivers from the same installer and restored them to that system.  Flawless.  I liked the options in the older 2.0 builds but this 4.0 version GUI is super-slick and mature.  Stop and get it right now!  You never know when your driver backup may come in handy!  See also DriverBackup! tool at and DriverMax for alternative driver backup tools and Nir Sofer’s DriverView as well for cataloging them.
  • Microsoft PowerToy Image Resizer – (XP only) – is a wonderful tool I add to supported user’s systems.  They can then right-click/resize photos from digital cameras in a no-brainer method so our email doesn’t get clogged with super-sized image attachments.  However it isn’t an option for Vista/Windows7 users.  So along comes…
  • Image Resizer Powertoy Clone for Windows – via CodePlex and Brice Lambson – it mimics XP’s Image Resizer features perfectly on Vista/Windows7.  (Note: as for my own on-the-fly image resizing, I use these, but for batch-image resizing work rely on FastStone Photo Resizer and FastStone Image Viewer.  (spotted via this freewaregenius review)


I’ve been surprised to see the following super-flood of interest again in sandboxing applications and processes!  I guess that’s a good thing.

And since Adobe PDF files seem to be a very common and growing vector for malware attack, it seems good measure to see the following focus:

Then there is system sandboxing in general.

And some tools/software to help make things easy for the end user

Oh My! Firewall Overload

And an updated round-up of Free Windows Firewalls

    1. Comodo Internet Security 
    2. PC Tools Firewall Plus Free Edition
    3. ZoneAlarm Free Firewall
    4. Ashampoo FireWall Free
    5. Online Armor Free
    6. Agnitum Outpost Firewall Free 
    7. Filseclab Personal Firewall Professional Edition

Also see these additional ones:

Please do your research very carefully if you are really looking specifically for "out-bound” leak protection as many malware/root-kits have tricks up their sleves to evade and bypass less-than-robust outbound filtering by firewall products.

MatouSec is still probably one of the leading groups doing firewall leak testing/validation.  See the following site for a roundup

Of course, if all you want is solid inbound firewall protection  Windows Firewall - Windows 7 is seriously robust, you just have to remember to enable it!

Vertical Tabs in Chrome

I was reading a recent TechBlog daily link-post and followed a link to Chrome 6: What made the cut--and what missed it.  While that article was interesting, what caught my eye was reference to "side tabs" were pushed back to Chrome's 7.  Was this possibly the elusive Work under way to add sidebars to Google Chrome I and other Chrome/ium fans are longing for so we can have bookmarks managed from the side like in Firefox, IE, Opera and (kinda-sorta) in Safari?

Nope, but it is cool still, and you can sort-of get them in Chrome anyway…

…though the effect isn’t terribly pleasing in my eyes.

--Claus V.

Sunday, January 10, 2010

Windows Firewall, the netsh command, and verbose = enable

Back in my Opening Ports in Windows Firewall from Batch files post I found the command-line power (for batch file building) of the netsh command.

In the end I wrote a few variants to a) install a needed application surreptitiously, and b) set the Windows Firewall to open up a needed port to inbound connections from a few specific remote IP address based servers.

Here they are a few examples (with my environmental specifics removed) as built specifically for deployment on our XP Pro systems.  As the first post pointed out, Vista and Windows 7 now has some updated (advanced) items that should be used instead.

Note the setup.exe file is held in the same folder that contains the bat files

For my user-prompted batch-file:

@echo off
echo -
echo To Set up and configure Application and FW-rule, type 1
echo -
echo To cancel, type 2
echo -

set /P  selection=    Type the number and then press Enter:  

If "%selection%" == "1"  goto APP_SETUP
If "%selection%" == "2"  goto end

echo Installing Application applet


echo Adding Windows Firewall port exception

netsh firewall add portopening protocol=tcp port=portnumber name=app-name mode=ENABLE profile=All Scope=custom addresses = server-ip-address_#1/subnet,server-ip-address_#1/subnet

echo Windows Firewall port opened


and for the “silent” no-prompt bat file:


netsh firewall add portopening protocol=tcp port=portnumber name=app-name mode=ENABLE profile=All Scope=custom addresses = server-ip-address_#1/subnet,server-ip-address_#1/subnet

Easy Peasy.

Note: those netsh command lines are actually all on one line with no returns like it seems….

Show + “Verbose = enable”

While verifying that I had my netsh line format built correctly, I needed to validate it (specifically the subnet into) against a system I had manually configured and verified was working correctly.

Although I was running the following command, it wasn’t quite giving me the firewall port detail I wanted.

netsh firewall show portopening

It took me some more digging but I found that if I passed the CLI as follows with the verbose = enabled added, I got VERY detailed information on the port settings.

netsh firewall show portopening verbose = enable

This technique can easily generate great data from the command-line for system information audits and incident responses.

From this post: Netsh Commands for Windows Firewall – Microsoft TechNet

show commands

The following show commands are used to display the current configuration:

The show command cannot be used to see the list of exceptions for the public profile, even if the public profile is the current profile. To see the list of exceptions for the public profile, use the Windows Firewall with Advanced Security MMC snap-in, and use the Filter by Profile option in the Actions pane.

  • show allowedprogram [ [ verbose = ] { enable | disable } ]
    Displays the current list of program exceptions for the domain and standard profiles. Use the parameter verbose=enable to see additional details.
  • show config [ [ verbose = ] { enable | disable } ]
    Displays the local configuration information for the domain and standard profiles, including the output of all other show commands. Use parameter verbose=enable to see additional details.
  • show currentprofile
    Displays the current profile in use for the network location type.
    If the current profile is the public profile, then this command shows the standard profile.
  • show icmpsetting [ [ verbose = ] { enable | disable } ]
    Displays the ICMP settings. Use parameter verbose=enable to see additional details.
  • show logging
    Displays the current logging settings.
    If the current profile is the public profile, then this command shows the standard profile.
  • show multicastbroadcastresponse
    Displays multicast/broadcast response settings for each profile.
  • show notifications
    Displays whether the firewall displays pop-up notifications for each profile.
  • show opmode
    Displays the operational mode for the firewall for each profile.
  • show portopening
    Displays the current list of port exceptions for each profile. Use parameter verbose=enable to see additional details.
  • show service
    Displays the service configuration for each profile. Use parameter verbose=enable to see additional details.
  • show state
    Displays the current state information for the firewall. Use parameter verbose=enable to see additional details.

For more info see these additional sources:


--Claus V.

A Valca Oops! How to REALLY enable (hack) Windows 7 Home Premium to run Remote Desktop Connection as a Host

reposted and re-edited here for clarity and blog-time continuum harmony.

I get it now “Kevin” if you are still reading this blog "  ;-)

Gentle readers…it has come to my attention via the comments that the post title and content in the following (and now updated) Grand Stream Dreams post…

  • Run Windows Remote Desktop Connection on Win7 “Home” editions – Updated - Grand Stream Dreams

…might be a “bit” misleading.  That was not my intention, but after careful and objective reading of the post now, I clearly find that was the case.

To that end I want to make some important clarifications. 

Then, if you want to carry the Windows 7 RDC “client” binaries on your USB stick for whatever clever reason you need them for, please go on and read that post.

1)  My original desire in that post was twofold:

a) Run Windows RDC from my Windows 7 Home Premium laptop to control my desktop “faux-server” Windows 7 system (currently running Win7 Ultimate RC1), and

b) Be able to use the final Win7 RDC binaries at work on my XP Pro system to RD some XP Pro systems.


If that sounds like what you are interested in doing (and/or what the post title and/or Google led you here for)…then read these bits if you are curious and then hop over to that previous post

If not and you really do want to set up (hack/patch) your Windows 7 Home Premium to run RDC with a “host-mode” service not natively supported by Microsoft in that version, then keep reading down to item #5 below before deciding to stay or leave this post…you might be rewarded for doing so.

2) The original nomenclature I had used previously to refer to “host” and “client” in RDC was incorrect (or at least, muddled).  Here is the “official” definitions per Microsoft;  “Remote Desktop Connection is a technology that allows you to sit at a computer (sometimes called the client computer) and connect to a remote computer (sometimes called the host computer) in a different location.”  So the PC you are working at that you are initiating the RDC session from is the client end and the one you are actually remote-controlling is the host end. M’kay?

3) As the table below shows (but is a bit misleading without the above information) ALL versions of Windows 7 allow you to run the Windows 7 RDC client natively. That’s why (as some commenters pointed out) the binaries I noted are actually present on all the Win7 systems.  So following the earlier post instructions really are not necessary UNLESS you want to run the Windows 7 RDC client binaries from a non-Win7 system (XP/Vista/Server) and do so from a USB stick (unless you then offload them to that system locally).


creator unknown original image here.  Comment please and I will give credit

4) Based on #3 above, you just don’t need to do the solution (patch/hack) in this post UNLESS you mean to say you want to run Windows Remote Desktop on Windows 7 Home Premium as the HOST.  Then without following the steps in this post, you would be completely helpless (at least as far as using the specific tool Microsoft RDC) per the official Microsoft product description for Win 7 RDC: “You can connect to computers running Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise. You can't use Remote Desktop Connection to connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium.” 

Only you actually “can” with Windows 7 Home Premium (x32 or x64).

If that is what you came here looking for…continue on to see item 5 below.

5) To REALLY run Windows RDC in “host-mode” on a Windows 7 Home Premium system  you will need to perform the following steps.

Last course-correction warning: If all you want to do is just remote control another system to help a friend or mate or distant relative out, please look to the very end of this post as there are some great freeware solutions to do so without any mucking around and hacking/patching of Windows System 32 files that this requires (and brings with it possible heartbreak and system-break).

The Patch/Hack to enable Windows 7 Home Premium to run Windows Remote Desktop Connection as a HOST service

  • Note: ONLY do this if you understand what you are doing, what the consequences are, and will accept and adopt as your own blood any security issues or system-stability consequences that might arise if you decide to do this!  Pet hamsters might escape their cages. You might Black or Blue Screen of Death your Windows 7 Home Premium system that works just fine right now.  Seriously.  This really shouldn’t even be considered by anyone except advanced or professional Windows users and administrators.  Seriously. I mean it.  M’kay?  Still want to do it? Fine.  Keep reading then. I warned you that here be dragons and you just wouldn’t listen…

  • Probably want to start by manually making a System Restore Point. .

  • On the Windows 7 Home Premium system, go to Start --> Control Panel –> System.

  • From that window, check the sidebar and find and select “Remote settings” on the left-hand side sidebar.

  • In the “System Properties” window select the “Remote” tab.

  • Check (enable) the “Allow Remote Assistance connections to this computer.”

  • Select “Apply” and “OK”.  Then close all the windows out.

  • Go to this page: How to enable Remote Desktop in Windows 7 Home Premium over at the Tenniswood Blog and follow the link to download the zip file. .

  • Unpack the zip file “”. .

  • Open up the unpacked folder and find the install.cmd file and run it as “administrator” .

  • (Note: On my Windows 7 Home Premium x32 bit laptop it worked fine out of the box. On my Win7 Home Premium x64 AMD system…it errored out as it said the termsrv.dll file didn’t exist.  A CLI search for the file did find it present (but cloaked by the OS) in C:\Windows\System32.  So I had to then disable UAC, reboot, re-run the install.cmd file as “administrator”.  It worked. I then reset UAC and rebooted….)


  • You will need to decide if you wish to allow “concurrent” (multiple) sessions (let a logged-on user work while you also work on it without force logging out the current user…I select “Y” myself,


  • and if you want to enable “blank” password for account login (not have to provide the password)…I select “N” for this.


  • Once done (and the process may take a while, particularly when it waits to listen to the service on port 3389) you will be directed to close the window out.  Then you are done!


  • Your Windows 7 Home Premium system should now be “patched” to run RCD as a HOST for incoming RDC sessions.

Observations:  This is a hack/patch/mod of a Windows OS file along with some other automagical system configurations that changes the code of the termsrv.dll file, adds the rdpclip.exe file to the system, starts the service, and adds Windows Firewall Rules.  It is completely unsupported by Microsoft.  Future Service Pack release and/or monthly OS security/updates might overwrite and/or break this whole house of cards.  I am a bit smart, but I am not a programmer and cannot certify that the documentation on file patching is all that goes on.  It might allow Martians to mind-control RDC your system.  I just don’t know.  As far as I can tell everything seems legit and quite effective, but your mileage may vary.

Also, if you are running a non Windows Firewall solution, you might need to do some more firewall rule tweaking to get the inbound RDC connection session past your firewall.  Can’t help you there….

Finally as mentioned in the second line of this post, I owe a GSD commenter to this post “Kevin” an apology.  Because my nomenclature was muddled up, I didn’t quite “get” the tipoff he was trying to pass to me on this very technique.  Kevin’s tip and information turned out to be MUCH more valuable (granted to a really small set of Windows Home Premium users) than I realized at the time…including myself!.  Great tip Kevin and a full hat tip to you, mate!

Patch/Hack Extras:

Freeware Solutions for Windows supported “Remote Control” Sessions (non RDC – based)

Probably most home users won’t need Windows Remote Desktop Connection nor will (or should) they muck around with this patch…no matter how effective, cool, or useful it might be.  Best left to advanced Windows users.

However, there are LOTS of easy to use and just/more than effective solutions to set up a remote-desktop control sessions between two windows machines.  Like when you want to help that friend or relative out who is stuck on their PC but you don’t want to drive across town in the dead of winter to do so…even for free beer or pizza.

Check these solutions out.

(Re)Listed in a particular order (to me).

Finally all recent Windows builds come with something most folks don’t know called “Remote Assistance” or “Easy Connect”.  It’s also pretty cool, free, and installed on all XP/Vista/Windows7 builds.

Sorry 'bout any confusion.

--Claus V.

Saturday, January 02, 2010

Opening Ports in Windows Firewall from Batch files

All of our systems run a single application/service that is auto-(re)-installed from a user login event script.

No biggie.  It’s kinda overkill but it is a critical application that could be deleted accidently.

It does require that we add some Windows Firewall port exceptions for custom IP addresses so it can have a clear shot through the Windows Firewall if the user accidentally or purposefully (say our laptop users) enable the firewall.

All of my own built system images for some time have had the custom port opening rules added in by default.

However, some older systems didn’t deploy with my image and didn’t have the port configured by default.  Since we are not an AD shop, it has meant going, upon request, to the users’ systems, verifying the application/service is running correctly, and then manually going into the Windows Firewall GUI to set the open port rule and custom scope.

Usually it’s not a big deal but sometimes it can be as it is disruptive to an end-user when we drop in and start suddenly adding Firewall port rules/exceptions to the system from the GUI.  Some end users are fairly PC savvy and it can generate some raised eyebrows and questions that add more time to the service job.

Recently I had completed another such assignment and wondered if I could just skip all the drama of having someone watch me set custom Windows Firewall port rules.  Maybe I could just make a silent-running and innocuous batch file that could quietly do all the work for me in the background while I focused on checking other system things.

Sure enough…I could…and it’s pretty easy as well.

GUI-based Windows Firewall Port Exceptions

Some applications and services need to be able to get out through the firewall.  Sometime “mothership” applications need to signal down to the client-side application/service.  Firewalls work to prevent those communications.

However if the communications inbound/outbound are legitimate and mission-critical, you need to open up a hole to talk-through.

Normally opening a hole in your security wall is dangerous as maybe someone unwanted could sneak in.  Windows uses communication “holes” called ports.  Actually I guess they are more like “channels” or frequencies rather than ports (windows) on the side of a ship.  Certain programs and services only talk on certain ports/channels.  Generally the firewall locks these down so the call can’t go through.  However, these can be opened up so that anyone/anything could talk on that port.

Sites like GRC | ShieldsUP! or McAfee’s Test Your Firewall, or SecurityMetrics Free Port Scan or PC Flanks can be used for free to test your system for open ports.

But what if you don’t want’ to leave a port open to everyone, even though you need to?  You can then set one more level of protection on your port by setting a custom rule to only allow traffic of a certain type and/or trusted IP address (or range) to flow through.

Firewalls are great but they can interfere with applications, games, and other communications from trusted programs that by design need to reach the network/Internet. 

Luckily Windows XP and higher does allow you to set these kind of special exceptions.  For most folks using the GUI method is simple enough and easy to do.

Unlike an exception, which is only open during the time that it is needed, a port stays open all the time, so be sure to close ports that you don't need anymore.

  1. Open Windows Firewall by clicking the Start button, clicking Control Panel, clicking Security, and then clicking Windows Firewall.

  2. Click Allow a program through Windows Firewall.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. Click Add port.

  4. In the Name box, type a name that will help you remember what the port is used for.

  5. In the Port number box, type the port number.

  6. Click TCP or UDP, depending on the protocol.

  7. To change scope for the port, click Change scope, and then click the option that you want to use. ("Scope" refers to the set of computers that can use this port opening.)

Which works just fine but takes a while to click through, enter the correct values (assuming you still remember them), and isn’t very discreet, particularly if the rule name sounds suspicious.

But a silent-running batch-file now that would be quick, surgical, and endoscopic.

I did find that Gammadyne’s Free DOS Utilities offers a free command-line tool FIREWALL.EXE for adding exceptions to the Windows Firewall but it wasn’t quite as granular as I was looking for.

Luckily, Windows XP (and a more advanced one in Vista/Windows 7) does contain just the command-line tool I needed.

NETSH to the CLI Firewall configuring rescue!

It didn’t take me too much effort to find the NETSH command and the wonderful tricks it could do:

These were great and gave me the basics that I needed to see my goal was possible to accomplish.

Then I found Penn State U’s fantastic page How To Add Programs and Ports to Windows XP SP2 Firewall Exceptions List. Not only did it have some basics, but it also has a unpackable collection of batch-files tailor-made for configuring Windows Firewall rules with these techniques; including both prompted and silent-running batch files with netsh commands.  It provides some great examples to use as starting points.

In the end, the heart of my own custom Windows XP Firewall batch file will contain a line like this:

netsh firewall add portopening TCP <my target port #> OPRule_<port#> ENABLE ALL CUSTOM <ip address #1,ip address #2>

where <my target port #"> is the specific one that our application/service communicates through, and where <ip address #1,ip address #2> are the specific IP addresses used the the “mothership” application that only will be allowed to solicit requests to the local client application through that specific port.

NETSH CLI References

The links above were great but they didn’t really help me understand and add the details like “ALL” which set the Windows Firewall port exception rule for all profiles on the system. Nor did it help me with the “CUSTOM” argument to detail which IP’s I needed to open up when setting the rule.  While the examples found showed how to open up a port number, it didn’t deal with setting the port to use the specific IP ranges that I wanted to only allow.

For those details I had to turn to these wonderful resources.

In my case specifically this portion (though the Appendix is rich with Netsh CLI goodness) is what I was interested in.

add portopening

Used to create a port-based exception.


Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.

add portopening
[ protocol = ] TCP|UDP|ALL    
[ port = ] 1-65535    
[ name = ] name    
[ [ mode = ] ENABLE|DISABLE       
    [ scope = ] ALL|SUBNET|CUSTOM      
    [ addresses = ] addresses      
    [ profile = ] CURRENT|DOMAIN|STANDARD|ALL      
    [ interface = ] name ] 
Adds firewall port configuration. 
protocol - Port protocol.    
    TCP  - Transmission Control Protocol (TCP).    
    UDP  - User Datagram Protocol (UDP).    
    ALL  - All protocols. 
port - Port number. 
name - Port name. 
mode - Port mode (optional).    
    ENABLE  - Allow through firewall (default).    
    DISABLE - Do not allow through firewall. 
scope - Port scope (optional).    
    ALL    - Allow all traffic through firewall (default).    
    SUBNET - Allow only local network (subnet) traffic through firewall.
    CUSTOM - Allow only specified traffic through firewall. 
addresses - Custom scope addresses (optional). 
profile   - Configuration profile (optional).    
    CURRENT  - Current profile (default).    
    DOMAIN   - Domain profile.    
    STANDARD - Standard profile.    
    ALL      - All profiles. 
interface - Interface name (optional). 
Remarks: 'profile' and 'interface' may not be specified together. 'scope' and 'interface' may not be specified together. 'scope' must be 'CUSTOM' to specify 'addresses'. 
     add portopening TCP 80 MyWebPort    
     add portopening UDP 500 IKE ENABLE ALL    
     add portopening ALL 53 DNS ENABLE CUSTOM,, 0.0.0,LocalSubnet    
     add portopening protocol = TCP port = 80 name = MyWebPort    
     add portopening protocol = UDP port = 500 name = IKE mode = ENABLE scope = ALL    
     add portopening protocol = ALL port = 53 name = DNS mode = ENABLE scope = CUSTOM addresses =,,,LocalSubnet

You can also use “netsh set portopening” to modify an existing port rule or “netsh delete portopening” to remove one from a batch-file or command line.

NETSH in Vista/Windows 7

Netsh is still present in Vista/Windows 7 but advances in the Windows Firewall design have demanded it be expanded to keep with the times.

In XP, you have to call the “netsh firewall” context when placing your add or set or delete portopening commands and arguments (along with all the other firewall-specific supported netsh commands). 

In Vista and Windows 7 that changes to now require "netsh advfirewall firewall" context to control Windows Firewall behavior.

  • How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista – Microsoft Help and Support Article ID: 947709.

    The netsh advfirewall firewall command-line context is available in Windows Server 2008 and in Windows Vista. This context provides the functionality for controlling Windows Firewall behavior that was provided by the netsh firewall context in earlier Windows operating systems.

    This context also provides functionality for more precise control of firewall rules. These rules include the following per-profile settings:




      The netsh firewall command-line context might be deprecated in a future version of the Windows operating system. We recommend that you use the netsh advfirewall firewall context to control firewall behavior.

      Note The netsh firewall command line is not recommended for use in Windows Vista.

    And then there is this…

    • Netsh Commands for Windows Firewall with Advanced Security – Microsoft TechNet.

      Applies To: Windows 7,Windows Server 2008,Windows Server 2008 R2,Windows Vista

      Netsh advfirewall is a command-line tool for Windows Firewall with Advanced Security that helps with the creation, administration, and monitoring of Windows Firewall and IPsec settings and provides an alternative to console-based management. This can be useful in the following situations:

      When deploying Windows Firewall with Advanced Security settings to computers on a wide area network (WAN), commands can be used interactively at the Netsh command prompt to provide better performance than gnraphical utilities when used across slow-speed network links.

      When deploying Windows Firewall with Advanced Security settings to a large number of computers, commands can be used in batch mode at the Netsh command prompt to help script and automate recurring administrative tasks that must be performed.

      You must have the required permissions to run the netsh advfirewall commands:

      If you are a member of the Administrators group, and User Account Control is enabled on your computer, then run the commands from a command prompt with elevated permissions. To start a command prompt with elevated permissions, find the icon or Start menu entry that you use to start a command prompt session, right-click it, and then click Run as administrator.

    From there (at least in my specific need) you then need to move on to either the

    or the

    Good stuff all the way round.

    Can’t wait to start deploying…

    Claus V.

    Monday, May 04, 2009


    I’m sitting on I think at least three interesting posts right now.

    I’m trying to clean out these other links I’ve got sitting here so I can clear my mind and get really focused on them exclusively.

    Bear with me for the brevity.

    Panda launches free anti-Virus – offloads almost everything to cloud – Security – The Tech Herald.

    Interesting on multiple points.  Panda is providing a “thin” solution to AV bloat by offering a new “free” anti-virus product that installs on the local system, but then gets its protection and analysis from “cloud-based” computing.

    I’ve seen a number of other AV products that this method as well.

    Panda Cloud Antivirus FREE – Panda Security

    I haven’t had a chance to play with it on a virtual system, but one person who has states that the installer alone is 18 MB in size.  Not necessarily what I would consider “thin.”

    Contrast that with another “cloud-based” free A/V scanner Prevx Edge which delivers it’s local product as an EXE that weighs in at about 800 kb.  Hop over to TinyApps.Org Blog : A better NOD32? for more linkage on that product.

    I’ll add more on Panda when I get the opportunity.  I’m OK with the theory but a bit skeptical on the actual delivery.

    Adding to the “free” march is Outpost Firewall Free 2009.  Outpost has had a good reputation and this new offering should delight folks looking for another free firewall solution from a trusted player in the field.

    Outpost Firewall FREE – Agnitum  Supports both XP and Vista.

    Agnitum finally blog about their free Firewall :-) - Donna’s SecurityFlash

    Agnitum’s Outpost Firewall goes free – Agnitum Blog

    Old new now but Firefox 3.5 Beta 4 available for testing now - Mozilla Links.  With the patch to NewsFox now in place, I’ve only started using this build version heavily today.

    This is interesting:

    Tip: How to install and uninstall a program in Safe Mode – 4sysops blog

    The post details how to do a registry hack to get the installer service going in Safe Mode.

    I prefer to use SafeMSI (download link off that Computer Business 101 blog page) instead which is a single exe file solution I keep handy on USB sticks.

    Anyway, that’s not what is curious to me…I’ve been trying to leave a blog comment on 4sysops but now cannot get the website to load at home or work.  Only way I can reach it is via a proxy.  I’ve not been able to leave a comment over there to tip off on SafeMSI as an alternative technique.

    I serious doubted I would be blocked somehow from the site from two different IP address (though that could be possible). I’ve also tried in several other browsers to see if a particular Firefox add-on might be doing it but no-dice.

    Strange.  I’m going to try to drop the site a direct line to see if something is up.

    Short: vLite screws up Windows Vista SP1 upgrade path - Within Windows

    Turns out that using vLite to optimize a Vista installation disk might strip the Vista OS version of components needed and called to during a Vista SP2 upgrade run.  So (according to Microsoft) if you have used vLite to deploy Vista, you might get bit when Vista SP2 rolls out.

    IEBlog : Customization in IE8 – Most folks (including myself) probably just roll with the toolbar layout and elements as it is presented to them.  While I’ve got my Firefox build pretty tricked out as far as toolbars, icons, element layout items, etc. I don’t really use IE enough to do all the tweaking it can offer.

    IEBlog covers a number of adjustments that can be made.  So if you need a good reference or inspiration on ways to make IE 8 a bit more flexible, check out that post.


    --Claus V.

    Sunday, March 22, 2009

    A “Suddenly it’s Sunday” Linkfest

    Been a chill weekend.

    Lavie has been lovingly concerned that I’ve been burning the candle at both ends at work this past week.  She’s pretty correct on that front.

    So this weekend I was told in no uncertain terms that I had better relax.  So, uncharacteristically, Saturday found me in my jammies all day long, and mostly in bed; cranking out the past two blog posts and Jonesing on Turner Classic Movies.


    Today I paid the price a bit having more catch-up work on the regular household chores, but even Alvis said she hadn’t seen me acting so embarrassing for a long time. (That’s a good thing for me, a bad thing for her.)

    So as the girls close out the night (and Spring break) with a round of Jeff Dunham on Comedy Central (they haven’t stopped laughing yet)…I’ve got one more post of assorted links culled from the past two weeks.


    • Springboard Series Virtual Roundtable: Windows 7 - To the Beta and Beyond – Microsoft hosts a Q&A session with a number of their pros, including Mark Russinovich.  If you don’t have time to spare, read this abbreviated transcript that covers all the major points of the Windows 7 discourse.

    • Engineering Windows 7 : Designing Aero Snap – I found this Microsoft post fascinating as it showed the degree of research and design in conceptualizing and working to delivery of this feature.  Neat stuff and really hard to ‘get right’.

    • Network Monitor 3.3 Beta Available – New version (beta) has been released of Microsoft’s network capture and monitoring tool. Jump the link to get the details on the improvements. While it isn’t near the top of my network capture tool list, I still keep it installed in case I need a “second opinion” on captures.

    • NetworkMiner follow up « SANS Computer Forensics, Investigation, and Response – I do like NetworkMiner for capture analysis and this post highlights an odd (but logical) issue; that sometimes network captures could be filtered by your A/V product and provide an incomplete picture of what is going on.  It’s good to know your tools and what to expect them to provide. This way you can spot when something deviates and needs to be examined more closely.

    • 4sysops - Windows 7 multiple active firewall profiles – Michael drops a great find: Windows 7 firewall brings more granularity to rules.  Specifically he has found that you can assign a different firewall rule to each NIC device on a system.

    • A sneak peek at the Windows 7 Release Candidate | Ed Bott’s Windows Expertise – More Windows 7 feature and screen-shot p0rn.

    • Windows 7 to officially support logon UI background customization - Within Windows – Finally, (almost) native support for changing the Logon background graphics.  Yes you can already do this with Vista and XP but you have to go on the down-low to pull it off.  Windows 7 looks to be much easier to do this.  Prepare for corporate logos on Windows 7 business deployments!

    • Sysinternals Site Discussion : Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault – Updates, get ur updates! My picks below:

        Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows.

        TCPView v2.54: Fixes bugs that prevented the display of IPv6 TCP endpoints and the correct display of IPv6 UDP endpoints

        VMMap v1.02: Now shows all image subsections, even if they reside within the same allocation region. It also fixes a bug in image name sorting and makes the UAC elevation smoother on 64-bit Windows.

    • I don’t know what I would do without Nir Sofer and his wonderfully targeted utilities.  He has been hard at work updating oldies-n-goodies, as well has delivered a new tool that has now created a load of reorganizing work on my business system.

    • NirBlog: Utilities updates for this week

      • RegDllView, InstalledCodec, IECacheView: Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them into a folder in Explorer.
      • FileTypesMan: Added support for creating and deleting file extensions.
      • WirelessKeyView: New and safer method to extract the wireless keys of the local machine. Starting from this version, WirelessKeyView uses a new method that extract the wireless keys without any code injection. and Fixed bug - In Vista, if WPA-PSK key contained 32 characters, the key was not displayed in Ascii form.

    • NirBlog: Latest utilities updates in NirSoft

      • AlternateStreamView and ResourcesExtract: Added support for choosing SubFolders depth in scanning.
      • SearchMyFiles:
        • Fixed bug: Base folder combo-box limited the number of characters that you could type.
        • Added option to save/load all search option to .cfg file.
        • Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them inside a folder of Windows Explorer.
        • Added 'Open With' option.
        • Added option to choose the subfolders depth to scan.

    • NirBlog: Extracting multiple attachments from Outlook with OutlookAttachView

      • OutlookAttachView utility can help you do that. It displays the list of attached files in your Outlook's mailbox, and allows you to easily select all attachments that you need, and then extract them into a folder that you choose.  A fast update brought with it a bug fix “that caused OutlookAttachView to fail on scanning sub-folders under main Outlook folders.
        Also added 'Folder Path' column that displays the full path of the folder (For example: Personal Folders\Inbox\Bug Reports).

    When I ran the last tool, Outlook Attach View against my Outlook PST file, it found over 6,000 attachments embedded in there.  Despite my efforts over the past two years to strip out all attachments and file them in “real” system folders, there obviously were lots that pre-dated that period.  It works fantastically. Nir has outdone himself with this one!  In addition, Nir has fixed some key bugs in his Outlook .NK2 viewer to now properly handle some unusual field populations.

    • Mark Minasi’s Newsletter #76:  Solving Windows "driver is not signed" problems – Mark outlines how to “sign your own drivers” for Windows 64-bit OS systems.

    • FizzBin - The Technical Support Secret Handshake - Scott Hanselman’s Computer Zen – Scott ponders a “secret codeword” that lets on-line tech support staff know you are a member of the professional IT geek society and can dispense with the “noobie” level of conversation.  The comments are almost better than the post.  Just last week we had a tanked wireless card.  We had troubleshooted it on the user’s system, on a “clean” test-bed system, and then finally repeated on both systems (successfully) with a “known-good-device” that worked perfectly on both systems.  The trouble followed the card.  When we finally got to the company’s tech-support, they wanted to follow the flowchart all over again from square one.  We wasted almost an hour patiently re-working our days of efforts.  Eventually he decided the card must be bad and then authorized a RMA.  Sheesh.

    • On my XP systems I swear by the file-copy performance Supercopier brings.  It lets me jockey files all over the place with speed much higher than Windows offers natively.  However it doesn’t seem to work on my Vista systems.  So I have been playing with TeraCopy and FastCopy. While neither one seems to offer the integration I get from Supercopier in XP systems, they both seem moderately better than Vista’s file-movement native speeds.  Anybody have any other recommendations for a replacement high-speed file copy/move tool on Vista?

    • 300447 Computer Forensics Workshop - Media Preparation And Copying ... (PDF) – Great lecture presentation from a Down Under Aussie Derek Bem on computer forensics.  I found this while digging up tips on using dd for an earlier post.  It’s great stuff and provides a very good overview of tools and techniques specifically in dealing with media.  Download and file this gem away after reading it carefully. Plan to spend some time poking around the Computer Forensics page for the University of Western Sydney that hosts this material. Of particular note are the Interesting Links page and the Online Materials.  Both are chock full of wonderful material.  I so wish my university had offered a degree plan like the one offered there.  Oh how things could have been different…   See also: Lecture 01-Computer-Forensics 30047 notes.  Additional lecture notes can be found here.

    • Forensic Investigation, Analysis, Documentation, and Law – (PDF) - Great SANS paper that covers more ground in the forensics field.  Again, probably nothing that forensics specialists don’t already know for good stuff for sysadmins who need to interface with them. 

    • Microsoft PowerPoint - DD in Windows Forensic - (PowerPoint) – Another good source of material I found while working on my “dd” usage.  Download this one and tuck it away! I also found more useful material on this firewall forensics.pdf page.

    This should keep you busy for a bit!


    Claus V.

    Saturday, November 08, 2008

    Windows 7 News Roundup – Moving Forward

    Just when I though I captured all there was to know about Windows 7 in my Windows 7 News Roundup – The Very Best and Windows 7 Watch – Micro Edition posts, looks like someone forgot to shut the tap off fully.

    A little nagging drip of Windows 7 news continues to fill the sink.

    Maybe it’s just a leaky washer…


    Sunday, November 02, 2008

    Fall-Back Linkfest

    So most all of our clocks have been updated with the time-change.  I think the ones in our cars still need to be updated.  I never can remember if the cellular phones we have auto-update the time or not.  I’ll worry about them in the morning.

    Last night we had a belated birthday party for little-bro.  Ate a mess of NY strip steaks, made some special Valca fresh green-beans, taters…all the usual.

    Then we cut up and watched a humiliating loss of UT Texas to Texas Tech. It was a real heartbreaker.

    In the end the real highpoint was when I bumped our dining-room table and six cans of A&W root beer rolled off the table onto the floor.  It’s a “bistro” style table so the table-top is about three-feet high.  I wasn’t looking as they rolled off, but heard them hitting. And they all exploded.

    Root-beer was shooting out of tiny breaks in the can all over the place!

    Root beer on the walls, all the chairs and table, the floor was coated in root beer.  The sideboard. Yep.

    Took almost an hour for the first-round of cleanup last night.

    This morning I dug out a bucket, filled it with hot water and soap and did a full Cinderella-style old-school cleaning of the room and all known surfaces.

    I like root-beer and so does Alvis, but Lavie hates the smell.

    Needless to say she wasn’t impressed.

    Here’s your link roundup for the week.  These should be safe for all ages, unlike those A&W cans.

    Vista Bits

    Guide to Freeing up Disk Space under Windows Vista - Scott Hanselman’s Computer Zen – Most Excellent guide to lots of uncommon steps to reclaim your hard-disk space under Vista. Even if you don’t do all these steps, all good Vista buckaroos should be familiar with them.

    Windows Vista Service Pack 2 Beta - Windows Vista Team Blog – Brief roundup of what Vista SP2 may deliver.

    How to Update Windows Vista SP1 to SP2 - Windows Vista Help Forum. Hack on how to get a pre-release, non-beta version of SP2.  I wouldn’t dare consider this, but I do find these exercises informative and fascinating. You’ve been warned.

    Browser News

    Chrome beta update lands with security and performance tweaks – Ars Technica. Chrome is not quite the Web darling it was for the two weeks in the spotlight it enjoyed.  Nevertheless, they are working hard at tweaking it better.

    Beta and Plugin Improvements in Google Chrome - Chromium Blog – More information from the Chrome development team.

    The dark (theme) side of Firefox and The dark side of Firefox, unabridged - Mozilla Links. Two excellent posts that compare a number of polished “dark” themes for Firefox.  I liked both the Abstract Zune and the Gradient iCool in particular.

    Minefield is Firefox - Mozilla Links. I’ve covered this distinction before as well. Only my mistake was not adding the cool illustrative graphic.  No point in being confused now I suppose.

    Polishing Firefox, Week n (Special Edition) - Alex Faaborg’s blog – Wonderfully well done post that illustrates the amount of time and effort the Mozilla team is putting into the details. Sure it is just tiny GUI elements, but the detail work and attention is crazy (in a good way).

    Privacy UI - Alex Faaborg’s blog – Alex reveals that the PrivacyMode indicator for the next version of Firefox is going to be a neat masquerade mask.  I think it looks kinda cool.  And if you take the time to dive into the comments, you might find a good discussion on this trend in private-browsing in general.

    At Mozilla, blowing the lid off security practices - Defense in Depth - CNET News – Robert Vamosi sits down with Window Snyder, Mozilla's chief security something-or-other to discuss security in browsers and what Mozilla is paying attention to specifically.  It’s a good background on threat-modeling and the tools used to find vulnerabilities.  Interesting discussion.

    Newsfox v released – Nice (pre-release) minor update to this fine and fast RSS reader plugin for Firefox. Get this version here.

    MinimizeToTray :: Firefox Add-ons – With taskbar space at a premium on my systems, especially when I want to leave Firefox open to run automatic RSS feed update checks with Newsfox, I had a problem.  This bitty add-on solved it. It minimizes Firefox to the system-tray. But RSS notifications in Newsfox still pop-up when new feeds are found. Perfect solution.

    Desktop Security Updates

    Comodo Internet Security – (freeware) - New release of Comodo’s free security software combines both their noted firewall product along with their anti-virus program.  In both XP and Vista supported flavors. Download Squad has a great screenshot tour and first impressions review.  I have to confess that I have since removed Comodo’s firewall from my XP and Vista systems along with ThreatFire a while back.  The reason was that my XP desktop system had been locking up hard with the hard-drive light steady-on.  At first I thought my drive was failing again, but the more troubleshooting I did it appeared that both programs were somehow conflicting with each other in a very-bad way.  So I removed them both, rolled back to the XP and Vista firewalls and have just been running AVG 8 Free otherwise.  Could just be something weird with my configuration, but better steady that not.  No problems since.

    Hitman Pro 3 – SurfRight - (not quite freeware) – A previously surprisingly controversial program that bundles and throws a heavy posse of anti-malware programs at a potentially infected system.  It has quite a lot of things going for it and takes the more-is-better approach at malware removal. MakeUseOf has a great review of Hitman Pro. Well worth reading to get the big-view. For a deeper look at the controversy surrounding this tool, please take the time to read  Surfing Safe's breakdown on this program.  I’ve not used it and it seems like a good approach…so long as the developer can secure permission from the companies it depends on to integrate. Hitman Pro 3 is free for scanning for threats and allows for a 7-day activation window.  After that you have to pony up your $.  Hitman Pro 2 was free but ran into a lot of problems with both vendors and users who thought it didn’t allow enough user-control.  Worth taking a look at and being familiar with for all you malware-busting ninja’s out there.

    Anti-Malware Toolkit 1.03.125 - (freeware) – Previously noted here, this program is only a bit similar to Hitman Pro.  What it does, with much less issue, is to enable a key selection of anti-malware busting tools to be directly downloaded to a system for installation and use. Kind of saves a bunch of time in the pre-work.  However, you still need to be skilled enough to use many of these tools and there is no guarantee any of these tools will remove the problem files.  That may take some deeper l33t skilz for success.  It’s a good starting point however, and if you don’t have your pre-loaded USB response stick ready, it can save a bunch of time surfing the web to all the individual sites.  Definitely a keeper.

    Secunia PSI RC4 - (freeware) – This program is the localized client version of Secunia’s vulnerability scanner. It is a rocking application to make sure your desktops (home) are kept safe and secure.  It makes keeping an eye on critical patches for software are identified and able to be easily applied to your systems.  See the full changelog here.  Strongly Valca recommended.

    Apps Galore

    xp-AntiSpy - (freeware) – Great tweaking tool got another minor update.

    8 Best Defragmenters To Keep Your PC Running Like New - Roundup of several latest generation third-party defragmenters.  All are good in their own way, so find one you like and meet your needs and stick with it.

    CrystalDiskInfo - (freeware) – Wonderful hard-drive monitoring and health utility. Recently updated.

    Process Monitor v2.02 - (freeware) – Sysinternals tool got a minor bug-fix for symbol configuration issues.

    Bare Tail - (freeware) – Wicked-cool tool that allows real-time monitoring of log-files. Too cool to pass up!  All sysadmins must get this one.  This version is free for home and professional use, but there is a Pro version ($) that adds on the features. Check out Confessions of a freeware junkie’s review for a great breakdown of what you may have been missing.

    AutoMen (Mini Mencoder Gui) 5.0 - (freeware) – Multifaceted code converter.  See this review for a bit more information on why you might want to add this one to your collection.

    DVD neXt COPY - (freeware) – Offers to turn your DRM managed iTunes files to unlocked MP3 format files.  Sure, you can do like my brother did and rip his whole collection of iTunes purchases to CD on your own to get around it (backup) but you probably aren’t single and have the ripping rig he does (nor the time) to do all that.  This program might simply that process a bit. As usual, walks us through the high/low points of this program. A fuller-featured Pro version is available as well for a few $.  Not a magic bullet but could be a time saver for quick rips.

    USBDeview - (freeware) – NirSoft utility to manage and get info about USB devices connected (currently or historically) to a system has been updated to include ability to open items in RegEdit.

    MozillaCacheView and OperaCacheView - (freeware) – NirSoft utility to read the cache file of Mozilla and Opera web-browsers have been updated to enable saving of cache files in the website’s directory structure. Very helpful when reconstructing browsing sessions and comparing them to websites visited.


    Time for bed little mouse, little mouse. Darkness is falling all over the house!