Add local redirection of low port to unpriv high port
Remove any existing entries:
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080 2> /dev/null
Add new redirects:
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080
Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster. Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges. Something like 92% of Microsoft critical vulnerabilities announced in 2008 could have been mitigated by operating day-to-day as a normal user. Splitting your accounts into a normal account and admin account is a good idea, but it can lead to some headaches when the normal user needs to run temporarily as Administrator.
Fortunately there are some work arounds that can be used to temporarily elevate the user’s privileges to Administrator. Most of these involve the RUNAS command:
File explorer
If you’re running IE7 under WinXP, in order to run Windows Explorer with the runas command, it must be run as a separate process. A quick way to do this, without having to change your Folder Options settings, would be to run an instance of Explorer with the undocumented parameter /separate, like this:
runas /user:domain\username "explorer /separate"
Command Line Prompt
You can add a shortcut on the task bar with the following syntax to get an Administrator cmd prompt:
%windir%\system32\runas.exe /user:yourdomain\a-someuser cmd
yourdomain is the name of your AD domain if you have one, if not, leave it out. a-someuser is a suggested naming convention for the Administrator account associated with the user named someuser.
As pointed out in many postings and sites, one can use tr to remove octal 015 (^M or CR)
tr -d '\015' < oldfile > newfile
MSBull US-CERT SecFocus© 2009 Allen Pomeroy. All Rights Reserved. This is the personal website of Allen Pomeroy. Opinions expressed are not necessarily those of my employer.