From: mynick on 20 Jan 2010 21:10 On Jan 19, 11:59 pm, David Brown <da...(a)westcontrol.removethisbit.com> wrote: > mscotgr...(a)aol.com wrote: > > On Jan 19, 10:04 pm, David Brown > > <david.br...(a)hesbynett.removethisbit.no> wrote: > >> mscotgr...(a)aol.com wrote: > >>> On Jan 19, 3:23 pm, mynick <anglom...(a)yahoo.com> wrote: > >>>> On Jan 19, 1:56 am, Arno <m...(a)privacy.net> wrote: > >>>>> In comp.sys.ibm.pc.hardware.storage mynick <anglom...(a)yahoo.com> wrote: > >>>>>> Is there some undelete software that can run only locally and undelete > >>>>>> from a mapped network ntfs disk without the aid of an client/agent > >>>>>> installed/running on thatremotecomputer? > >>>>> I doubt that very much, as the filesystem will not export > >>>>> the required information over the network. > >>>>> Arno > >>>>> -- > >>>>> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: a...(a)wagner.name > >>>>> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F > >>>>> ---- > >>>>> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > >>>> why not send info from hdd directly over tcp/ip instead of an agent > >>>> doing the hdd search remotely and just sending the resulting list to > >>>> local- Hide quoted text - > >>>> - Show quoted text - > >>> Could you expand on this please. > >>> To undelete a file it is necessary to access the hard drive on a > >>> sector level, and rewrite the MFT entry. There is no way I am aware > >>> of doing this over a general purpose ethernet link. If this was > >>> easily possible, network security would be a complete nightmare. > >> It is perfectly possible to do this over Ethernet - the most common way > >> is to use iSCSI (network block devices with *nix are another > >> possibility). Of course, this involves making the partition effectively > >> invisible to the host (server) machine, and mounted on the guest machine > >> as though it were a local drive. I don't know what sort of support > >> windows has for iSCSI, either as a target or initiator. And it is > >> clearly impractical for the issue at hand. But it /is/ possible to give > >> direct low-level access to a hard drive over a network.- Hide quoted text - > > >> - Show quoted text - > > > The question asked for access without a "client /agent > > installed/running on thatremotecomputer" > > > I think you will find that iSCSI has to be set up on BOTH ends - > > please say if I am wrong > > You are entirely correct - iSCSI needs to be configured at both ends. I > was just pointing out that such low-level disk sharing is certainly > possible, if you choose to use it. > > > With a client app installed, there is no problem, but as a straight > > mapped drive, I think it is impossible. > > One possibility is that windows has a number of backdoors that allow > execution of software on aremotemachine without actively installing > something there. The simplest and safest tools are probably things like > psexec from the SysInternals Suite (download from MS). psexec lets you > execute commands directly on aremotemachine, assuming you have an > administrator password for the machine. what do you think of nbd protocol? running nbdsrvr on remote if that does not require special privilleges on remote and than using Selfimage which supports nbd (but perhaps not the nbdsrvr.exe version)
From: David Brown on 21 Jan 2010 02:51 mynick wrote: > On Jan 19, 11:59 pm, David Brown <da...(a)westcontrol.removethisbit.com> > wrote: >> mscotgr...(a)aol.com wrote: >>> On Jan 19, 10:04 pm, David Brown >>> <david.br...(a)hesbynett.removethisbit.no> wrote: >>>> mscotgr...(a)aol.com wrote: >>>>> On Jan 19, 3:23 pm, mynick <anglom...(a)yahoo.com> wrote: >>>>>> On Jan 19, 1:56 am, Arno <m...(a)privacy.net> wrote: >>>>>>> In comp.sys.ibm.pc.hardware.storage mynick <anglom...(a)yahoo.com> wrote: >>>>>>>> Is there some undelete software that can run only locally and undelete >>>>>>>> from a mapped network ntfs disk without the aid of an client/agent >>>>>>>> installed/running on thatremotecomputer? >>>>>>> I doubt that very much, as the filesystem will not export >>>>>>> the required information over the network. >>>>>>> Arno >>>>>>> -- >>>>>>> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: a...(a)wagner.name >>>>>>> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F >>>>>>> ---- >>>>>>> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans >>>>>> why not send info from hdd directly over tcp/ip instead of an agent >>>>>> doing the hdd search remotely and just sending the resulting list to >>>>>> local- Hide quoted text - >>>>>> - Show quoted text - >>>>> Could you expand on this please. >>>>> To undelete a file it is necessary to access the hard drive on a >>>>> sector level, and rewrite the MFT entry. There is no way I am aware >>>>> of doing this over a general purpose ethernet link. If this was >>>>> easily possible, network security would be a complete nightmare. >>>> It is perfectly possible to do this over Ethernet - the most common way >>>> is to use iSCSI (network block devices with *nix are another >>>> possibility). Of course, this involves making the partition effectively >>>> invisible to the host (server) machine, and mounted on the guest machine >>>> as though it were a local drive. I don't know what sort of support >>>> windows has for iSCSI, either as a target or initiator. And it is >>>> clearly impractical for the issue at hand. But it /is/ possible to give >>>> direct low-level access to a hard drive over a network.- Hide quoted text - >>>> - Show quoted text - >>> The question asked for access without a "client /agent >>> installed/running on thatremotecomputer" >>> I think you will find that iSCSI has to be set up on BOTH ends - >>> please say if I am wrong >> You are entirely correct - iSCSI needs to be configured at both ends. I >> was just pointing out that such low-level disk sharing is certainly >> possible, if you choose to use it. >> >>> With a client app installed, there is no problem, but as a straight >>> mapped drive, I think it is impossible. >> One possibility is that windows has a number of backdoors that allow >> execution of software on aremotemachine without actively installing >> something there. The simplest and safest tools are probably things like >> psexec from the SysInternals Suite (download from MS). psexec lets you >> execute commands directly on aremotemachine, assuming you have an >> administrator password for the machine. > > what do you think of nbd protocol? > running nbdsrvr on remote if that does not require special privilleges > on remote > and than using Selfimage which supports nbd (but perhaps not the > nbdsrvr.exe version) I've only used nbd with Linux systems (to give an embedded Linux system a swap disk) - I have no idea about support in windows for nbd. But generally speaking, if you are using nbd to "share" a partition, the partition cannot also be accessed locally.
From: mynick on 21 Jan 2010 20:31 On Jan 20, 11:51 pm, David Brown <da...(a)westcontrol.removethisbit.com> wrote: > mynick wrote: > > On Jan 19, 11:59 pm, David Brown <da...(a)westcontrol.removethisbit.com> > > wrote: > >> mscotgr...(a)aol.com wrote: > >>> On Jan 19, 10:04 pm, David Brown > >>> <david.br...(a)hesbynett.removethisbit.no> wrote: > >>>> mscotgr...(a)aol.com wrote: > >>>>> On Jan 19, 3:23 pm, mynick <anglom...(a)yahoo.com> wrote: > >>>>>> On Jan 19, 1:56 am, Arno <m...(a)privacy.net> wrote: > >>>>>>> In comp.sys.ibm.pc.hardware.storage mynick <anglom...(a)yahoo.com> wrote: > >>>>>>>> Is there some undelete software that can run only locally and undelete > >>>>>>>> from a mapped network ntfs disk without the aid of an client/agent > >>>>>>>> installed/running on thatremotecomputer? > >>>>>>> I doubt that very much, as the filesystem will not export > >>>>>>> the required information over the network. > >>>>>>> Arno > >>>>>>> -- > >>>>>>> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: a...(a)wagner.name > >>>>>>> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F > >>>>>>> ---- > >>>>>>> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > >>>>>> why not send info from hdd directly over tcp/ip instead of an agent > >>>>>> doing the hdd search remotely and just sending the resulting list to > >>>>>> local- Hide quoted text - > >>>>>> - Show quoted text - > >>>>> Could you expand on this please. > >>>>> To undelete a file it is necessary to access the hard drive on a > >>>>> sector level, and rewrite the MFT entry. There is no way I am aware > >>>>> of doing this over a general purpose ethernet link. If this was > >>>>> easily possible, network security would be a complete nightmare. > >>>> It is perfectly possible to do this over Ethernet - the most common way > >>>> is to use iSCSI (network block devices with *nix are another > >>>> possibility). Of course, this involves making the partition effectively > >>>> invisible to the host (server) machine, and mounted on the guest machine > >>>> as though it were a local drive. I don't know what sort of support > >>>> windows has for iSCSI, either as a target or initiator. And it is > >>>> clearly impractical for the issue at hand. But it /is/ possible to give > >>>> direct low-level access to a hard drive over a network.- Hide quoted text - > >>>> - Show quoted text - > >>> The question asked for access without a "client /agent > >>> installed/running on thatremotecomputer" > >>> I think you will find that iSCSI has to be set up on BOTH ends - > >>> please say if I am wrong > >> You are entirely correct - iSCSI needs to be configured at both ends. I > >> was just pointing out that such low-level disk sharing is certainly > >> possible, if you choose to use it. > > >>> With a client app installed, there is no problem, but as a straight > >>> mapped drive, I think it is impossible. > >> One possibility is that windows has a number of backdoors that allow > >> execution of software on aremotemachine without actively installing > >> something there. The simplest and safest tools are probably things like > >> psexec from the SysInternals Suite (download from MS). psexec lets you > >> execute commands directly on aremotemachine, assuming you have an > >> administrator password for the machine. > > > what do you think of nbd protocol? > > running nbdsrvr on remote if that does not require special privilleges > > on remote > > and than using Selfimage which supports nbd (but perhaps not the > > nbdsrvr.exe version) > > I've only used nbd with Linux systems (to give an embedded Linux system > a swap disk) - I have no idea about support in windows for nbd. But > generally speaking, if you are using nbd to "share" a partition, the > partition cannot also be accessed locally. nbdsrvr for win can be found at http://www.vanheusden.com/ however nbd readme says Do *NOT* share partitions/files that are already in mounted/in use! It is almost for sure that corruptions will occure??? -is that what 'cannot' meant and would it make difference if there would be only 1 PC accesing the remote share ? Another idea might be using running locally and remotely dd command for win- perhaps that could go through smb (and after copying dd to mapped share it could be started via telnet because above mentioned psexec expects it on remote in c:\windows which is not accessible)
From: David Brown on 22 Jan 2010 03:50
mynick wrote: > On Jan 20, 11:51 pm, David Brown <da...(a)westcontrol.removethisbit.com> > wrote: >> mynick wrote: >>> On Jan 19, 11:59 pm, David Brown <da...(a)westcontrol.removethisbit.com> >>> wrote: >>>> mscotgr...(a)aol.com wrote: >>>>> On Jan 19, 10:04 pm, David Brown >>>>> <david.br...(a)hesbynett.removethisbit.no> wrote: >>>>>> mscotgr...(a)aol.com wrote: >>>>>>> On Jan 19, 3:23 pm, mynick <anglom...(a)yahoo.com> wrote: >>>>>>>> On Jan 19, 1:56 am, Arno <m...(a)privacy.net> wrote: >>>>>>>>> In comp.sys.ibm.pc.hardware.storage mynick <anglom...(a)yahoo.com> wrote: >>>>>>>>>> Is there some undelete software that can run only locally and undelete >>>>>>>>>> from a mapped network ntfs disk without the aid of an client/agent >>>>>>>>>> installed/running on thatremotecomputer? >>>>>>>>> I doubt that very much, as the filesystem will not export >>>>>>>>> the required information over the network. >>>>>>>>> Arno >>>>>>>>> -- >>>>>>>>> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: a...(a)wagner.name >>>>>>>>> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F >>>>>>>>> ---- >>>>>>>>> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans >>>>>>>> why not send info from hdd directly over tcp/ip instead of an agent >>>>>>>> doing the hdd search remotely and just sending the resulting list to >>>>>>>> local- Hide quoted text - >>>>>>>> - Show quoted text - >>>>>>> Could you expand on this please. >>>>>>> To undelete a file it is necessary to access the hard drive on a >>>>>>> sector level, and rewrite the MFT entry. There is no way I am aware >>>>>>> of doing this over a general purpose ethernet link. If this was >>>>>>> easily possible, network security would be a complete nightmare. >>>>>> It is perfectly possible to do this over Ethernet - the most common way >>>>>> is to use iSCSI (network block devices with *nix are another >>>>>> possibility). Of course, this involves making the partition effectively >>>>>> invisible to the host (server) machine, and mounted on the guest machine >>>>>> as though it were a local drive. I don't know what sort of support >>>>>> windows has for iSCSI, either as a target or initiator. And it is >>>>>> clearly impractical for the issue at hand. But it /is/ possible to give >>>>>> direct low-level access to a hard drive over a network.- Hide quoted text - >>>>>> - Show quoted text - >>>>> The question asked for access without a "client /agent >>>>> installed/running on thatremotecomputer" >>>>> I think you will find that iSCSI has to be set up on BOTH ends - >>>>> please say if I am wrong >>>> You are entirely correct - iSCSI needs to be configured at both ends. I >>>> was just pointing out that such low-level disk sharing is certainly >>>> possible, if you choose to use it. >>>>> With a client app installed, there is no problem, but as a straight >>>>> mapped drive, I think it is impossible. >>>> One possibility is that windows has a number of backdoors that allow >>>> execution of software on aremotemachine without actively installing >>>> something there. The simplest and safest tools are probably things like >>>> psexec from the SysInternals Suite (download from MS). psexec lets you >>>> execute commands directly on aremotemachine, assuming you have an >>>> administrator password for the machine. >>> what do you think of nbd protocol? >>> running nbdsrvr on remote if that does not require special privilleges >>> on remote >>> and than using Selfimage which supports nbd (but perhaps not the >>> nbdsrvr.exe version) >> I've only used nbd with Linux systems (to give an embedded Linux system >> a swap disk) - I have no idea about support in windows for nbd. But >> generally speaking, if you are using nbd to "share" a partition, the >> partition cannot also be accessed locally. > > nbdsrvr for win can be found at http://www.vanheusden.com/ > however nbd readme says > Do *NOT* share partitions/files that are already in mounted/in use! It > is > almost for sure that corruptions will occure??? > -is that what 'cannot' meant > and would it make difference if there would be only 1 PC accesing the > remote share ? When I say "cannot", I really mean "should not" - and the OS should hopefully enforce that limitation. The rule is that only one writer should ever have low-level access to a partition (or file used as a block device - that's the common usage for nbd). You can have multiple read-only connections at a time, but if you try to allow two different file system drivers to write to the same partition, you are guaranteed chaos and corruption. > Another idea might be using running locally and remotely dd command > for win- perhaps that could go through smb > (and after copying dd to mapped share it could be started via telnet > because above mentioned psexec expects it on remote in c:\windows > which is not accessible) The trick is to use "psexec \\remoteserver cmd" to start a remote command prompt - a poor man's telnet. But if you have a telnet or ssh server on the remote machine, use that. |