Wednesday, August 25, 2010

Welcome Phaser 3124, so long Docuprint 203A

I bought my second printer, Fuji Xerox Docuprint 203A when I did my masters degree in USM back in 2006. At that time I printed out papers and stuffs with that printer, without much hassle. Once I reported back to my workplace, the printer left idle in the store room since most of the time I just print stuffs in the office (and not much need to print paper since usually I just printed out exam questions for my students). 

In 2010, I've to use my printer back. Unfortunately, when I lived in my old rented house, the printer was colonized by pests, even the box was munched out. So I've to clean out the printer so that it'll look okay. Yeah, perhaps I am wrong, after a rim papers was printed out, the printer experienced problem, it won't work. Say, for example, I want to print a page, it will print two, one sheet where it suppose to get the writings printed, another one just blank sheet. But most of the time it won't print at all, and just stuck at the paper feeder. I sent the printer for repair to Low Yat, to a Pakistani technician, he charged me RM80 and I thought it'll worth it, but it is not. The printer can't be used at all, plus the unlucky part, I just bought a brand new ink toner for RM160.

Now, just yesterday, I trade-in my printer for another Xerox printer, Phaser 3124, whereby I got a year additional warranty as the price of trade in (default 2 years, so now become three). It supposed to work only for Windows. But after got some love, I managed to get PPD file from open printing website. So now it should work with Ubuntu and Mac, since both are using CUPS. 

Download the PPD file here

Actually for Mac I was using Samsung's driver (it works..), but for Ubuntu Lucid, although I'm connected to the printer with IPP (which physically connected to the Mac using USB) , I need the driver which exactly matched with the printer, so simply click the given link above. It works for me.

Monday, August 16, 2010

Pattern Search Algorithm

Algorithms, specifically pattern matching algorithm widely being used in information processing areas, such as bioinformatics and computer security.

In computer security domain, this includes packet inspection, file maliciousness detection and such. To name a few, Aho-Carosick being used for one IDS' string search (not sure if it still using it). Then there are anti viruses looking for certain string for their signature matching detection.

Wednesday, August 11, 2010

Kippo Honeypot

My laptop currently running Kippo honeypot which can be downloaded here. It supports MySQL database (and soon, the author plans to support SQLite, I am not sure as an option or successor). Basically it's a honeypot which listen on SSH service on port 2222, which, if you're running on Linux for example you can reroute from port 22 (the normal port).

As in my case, I am currently running this service behind NAT, so I've to do the port forwarding thing prior to make it work.

This can be achieved by;

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 -j REDIRECT --to-port 2222

And you can check it by;


iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 46764 packets, 3114K bytes)
 pkts bytes target     prot opt in     out     source               destination
    1    60 REDIRECT   tcp  --  eth1   any     anywhere             anywhere            tcp dpt:ssh redir ports 2222

I have plenty of attempts including a brute force attempts with Japanese dictionary passwords. Seems MySQL really helps to get them shown to the screen in handy.

Sunday, June 20, 2010

TFTP and Emulate view

I enhance a bit Markus' SQL query with


  (
                SELECT
                        COUNT(*)
                FROM
                        (
                                SELECT
                                        MIN(a.download) AS download
                                FROM
                                        downloads AS a
                                JOIN
                                        connections AS b ON(a.connection = b.connection)
                                GROUP BY
                                        a.download_md5_hash
                                HAVING
                                        strftime('%Y-%m-%d',MIN(b.connection_timestamp),'unixepoch','localtime')
                                = strftime('%Y-%m-%d',connections.connection_timestamp,'unixepoch','localtime')
                        ) AS newdownloads
                        NATURAL JOIN downloads
                WHERE
                        download_url LIKE 'tftp://%'
        )AS uniq_this_day_via_tftp,
        (
                SELECT
                        COUNT(*)
                FROM
                        (
                                SELECT
                                        MIN(a.download) AS download
                                FROM
                                        downloads AS a
                                JOIN
                                        connections AS b ON(a.connection = b.connection)
                                GROUP BY
                                        a.download_md5_hash
                                HAVING
                                        strftime('%Y-%m-%d',MIN(b.connection_timestamp),'unixepoch','localtime')
                                = strftime('%Y-%m-%d',connections.connection_timestamp,'unixepoch','localtime')
                        ) AS newdownloads
                        NATURAL JOIN downloads
                WHERE
                        download_url LIKE 'emulate://%'
        )AS uniq_this_day_via_emulate

now the query became this;

2010-06-20|142|15|129|13|13|0|0
2010-06-19|127|16|116|16|16|0|0
2010-06-18|111|15|100|13|13|0|0
2010-06-17|96|25|87|20|19|0|1
2010-06-16|71|4|67|3|2|1|0
2010-06-15|67|2|64|2|2|0|0
2010-06-14|65|8|62|8|8|0|0
2010-06-12|57|8|54|8|8|0|0
2010-06-09|49|4|46|4|4|0|0
2010-06-08|45|7|42|6|6|0|0
2010-06-06|38|7|36|7|7|0|0
2010-06-05|31|8|29|8|8|0|0
2010-06-03|23|3|21|3|3|0|0
2010-05-31|20|2|18|2|2|0|0
2010-05-26|18|4|16|2|2|0|0
2010-05-25|14|2|14|2|2|0|0
2010-05-23|12|4|12|4|4|0|0
2010-05-22|8|3|8|3|3|0|0
2010-05-20|5|5|5|5|5|0|0

and the plot output became this;



with each emulate and TFTP uniq binaries both equal to one, see how low the plot line is :-\

Saturday, June 19, 2010

From Paris with Love ...!

Saya berpeluang berjalan-jalan di Kota Paris, bersama isteri saya selepas kira-kira enam bulan perkahwinan kami (macam honeymoon lah tu!). Kami bertolak berdua dari Stesen Keretapi St Pancras di London, dan tiba di Stesen Keretapi Gare Du Nord di Paris. Perjalanan adalah kira-kira 2 jam, merentasi terowong bawah laut Selat Inggeris. Di Paris kami tidak punya banyak masa, disebabkan cuti isteri saya yang pendek, kami hanya ambil cuti seminggu sahaja untuk pusing-pusing di Ireland, UK dan Perancis. Kenangan di Perancis lebih mencabar kerana sahabat kami yang mulanya menemani perjalanan di UK dan Ireland (dia belajar di Dublin) tidak dapat menemani kami, kerana ada kelas. Nak harapkan orang yang tak pernah study oversea macam kami ni hehehehe



Maka perjalanan pun bermula...!

Setelah sampai di Gare Du Nord tadi, kami perlu mencari penginapan kami, hotel bajet yang terletak di Rosny (macam nama Dekan saya dulu, Dr Rosni). Mula-mula kami naik keretapi RER dan turun di satu perhentian, tetapi kami clueless. Saya lantas bertanya kepada seorang lelaki di situ (tapi kami kena tanya dulu, samada dia bertutur dalam bahasa Inggeris). Walaupun begitu, saya kurang faham penjelasan beliau, mungkin sebab dia pun tidak berapa faham soalan kami. Saya mengambil keputusan untuk pergi ke satu perhentian sebelum perhentian tadi, disebabkan saya sudah melakukan carian di Google tentang rupa bentuk bangunan hotel kami.

Dah jumpa pun! Setelah berjalan kira-kira 15 minit, dan isteri saya pun agak risau. Yelah, berada di negara asing, tanpa siapa-siapa pun yang dikenali. Kami jumpa hotel kami dan bermalam di situ. Kecil saja, sesuai dengan bajet kami,seingat saya kira-kira EU35. Nak pakai cerek pun kena pinjam di kaunter(tu pun kena pulang balik sebab dia nak guna untuk hidang mereka yang sarapan di situ).

Esoknya, selepas Subuh kami bertolak ke destinasi kami. Berpandukan peta yang saya ambil di Gare Du Nord dan daily pass yang kami beli menggunakan kad kredit (tak boleh guna tunai) di situ, kami pusing-pusing di sekitar Zon 1 di Kota Paris (ada beberapa zon,tak silap Zon 1,2 dan 3.. Disneyland Paris seingat saya di Zon 3, paling jauh dan tiket daily pass kami tidak cover perjalanan ke sana).


Isteri saya menunjukkan satu bangunan bentuk piramid pada peta kami.. saya rasa menarik, tapi tak tau pun apa bangunan tu. (Isteri saya dah tengok Da Vinci Code, tapi saya belum hehe... mungkin. Rupanya itu bangunan yang ada dalam cerita tu. Begitu juga Gare Du Nord, jadi tempat penggambaran filem Bourne Identity lakonan Matt Damon).

24 jam, termasuk perjalanan pergi balik dan tidur semalaman di hotel, kami berjaya ke:

-Musee de Luvre (bangunan piramid tu)
-Effeil Tower (wajib pergi! tapi kami tak naik sebab ramai sangat orang)
-Notre Dame (shopping beli cendermata di sini, t-shirt segala)
-Paris Mosque (masjid.. :)

itu sahaja.. tapi sangat puas hati berjalan. Naik RER (keretapi ala-ala KLIA Express, tapi 2 tingkat), dan satu lagi Metro (macam LRT, slow sikit. Yang ni kami naik untuk ke Place Monge, untuk ke Masjid Paris)
-La Defense (gerbang besar)

Dan selepas tu pulang ke Saint Pancras, untuk kembali ke London dan seterusnya pulang ke Malaysia, meninggalkan seribu satu kenangan.
Gnuplot stuffs

Yeah, long time not dealing with Gnuplot now it's up to it again. Since my machine didn't get a lot of binaries compared to other people out there who might have vast range of public IPs, so here goes.

This is the content of my uniqfiles.txt


2010-06-18|108|12|98|11|11
2010-06-17|96|25|87|20|19
2010-06-16|71|4|67|3|2
2010-06-15|67|2|64|2|2
2010-06-14|65|8|62|8|8
2010-06-12|57|8|54|8|8
2010-06-09|49|4|46|4|4
2010-06-08|45|7|42|6|6
2010-06-06|38|7|36|7|7
2010-06-05|31|8|29|8|8
2010-06-03|23|3|21|3|3
2010-05-31|20|2|18|2|2
2010-05-26|18|4|16|2|2
2010-05-25|14|2|14|2|2
2010-05-23|12|4|12|4|4
2010-05-22|8|3|8|3|3
2010-05-20|5|5|5|5|5

which actually derived from the following (if you want to see what it means...)



How to visualize them, refer Markus' write up here .

This is what I got;






I changed a little bit on the scale since 600x120 seems so squeezed on my plot.
Afterglow stuffs

I have been using Afterglow yesteryears back in 2008, when I submit my "conference paper" on what I fetched from my Nepenthes sensors. Tonite I just followed Markus tips on creating the same stuffs, the only thing that triggered me to try out was getting the data from SQLite, something which I never done before since usually I simply create an AWK script (sigh, what a waste) aka log parsing. So 2000 late.

This is what I did,


The following are sanitized IPs:




Read the rest from Markus

Thursday, June 17, 2010

Mwcollectd v4

Mwcollectd is written by 0xff (Georg Wicherski), now that since I plan to contribute back to mwcollect alliance, I've to get a software which provides module for the binaries submission. Nepenthes will do, with the submit-mwserv.conf module (however, I'm yet to know how to enable this, either by editing nepenthes.conf or something). Dionaea, I'm not sure yet since I can't find the module for the submission. 

For the mean time I go for Mwcollect, perhaps until I can figure out how to do this on Nepenthes/Dionaea. 

If you wondering what mwcollect is, go here . There is also slides which presented stuffs on mwcollect.



Saturday, June 05, 2010

Dionaea, XMPP and SQLiteman


The following is what it's look like for the normal log.


But since we have the SQLiteman client, simply invoke the SQL statement, and query the data as you like ;-)


Thursday, May 27, 2010

SURFIDS

I read about SURFIds long, long time ago but never actually tried it. Today I managed to download the demo image which basically a Debian image, 500MB+ file.

Here goes. I open up the file using first, Virtualbox (but since I do not know how to redirect the web server to the host browser, I simply use QEMU since I got the experience of redirecting the TCP connection on QEMU).

Wednesday, May 26, 2010

Malaysian Open Source Conference 2010 (MOSC 2010)

My talk has been accepted by MOSC 2010, entitled "Internet Malicious Miscreant. This annual event will be held in Berjaya Times Square, Kuala Lumpur, Malaysia from 29th June until 1st July 2010. At first I was very reluctant to participate as a speaker since for security domain, there are many people out there who are actually working for their bread and butter for this. Anyway, since not to disappoint Fazli, I'll give what I've done throughout these years.

Seems from the list of speakers, some of them are international speakers, so don't miss the chance to attend this talk!

Register here, discounts waiting for the early birds!

Friday, May 21, 2010

SQLite and Dionaea


Markus shared that in order to use SQLite which manipulates loqsql.sqlite in the default /opt/dionaea/var/dionaea/logsql.sqlite, sqlite3 should be used. Also instead of using the creepy SQLite statement, use sqlman instead as follows:


also, since Markus already upgraded the Dionaea code, you don't need to use XMPP client either PSI or Pidgin based, instead just invoke  /opt/dionaea/bin/dionaea -l all,-debug -L 'logxmpp'

Thursday, May 20, 2010

Psi and Pidgin with Dionaea Honeypot (XMPP support)



Monday, May 17, 2010

XOR Problem

Recently I offered to the members of mypenguin99, to get my encrypted with XOR file decrypted. (I was using xor-analyze, and never mentioned the keylength, and the tool that I chose to encrypt). Bro Bahathir unsurprisingly  managed to solve the problem in no time (yeah, need some time to google and decrypt). In this case we need a collision from a dictionary of widely used words, so that the real message can be guessed. 

Although XOR considered a primitive cryptography, it is being used by malware writers to encrypt part of their payloads, as being written here

Thursday, May 13, 2010

Dionaea with XMPP

I was actually wonder why Nepenthes sensors and Dionaea did not catch any malware since 8th April. It's more than a month now. So I decided to look to the other way despite looking at the empty, boring folder.

But I'm not sure whether my config is correct, although I guess I already able to login.


You might also want to use XML Console within Psi

Tuesday, May 11, 2010

Books: Computer Worms by Jose Nazario
I borrowed a book from my employer's resource center and this book seems seminal for a malicious code research, especially on computer worms.

A security professional educated in Biochemistry (PhD), Jose Nazario who is currently working with Arbor Networks needs no introduction. Worth to read, although it was published in 2003.

Thursday, May 06, 2010


I bought several books for my study literature, one of them is
"Botnets, The Killer Web App" which covers the technical parts of botnet. At first I doubt the book actually cover the common botnet that people talk about, but after I read the book, yes sure it is. I suggest the word "killer web app" to be phased off, since it is not always dealing with Web... port 6667 isn't Web, port 80 and 443 always Web.

Virtual Honeypots: From Botnet Tracking to Intrusion DetectionPrior to that I already got Provos and Holz's
Virtual Honeypot's book. This is also a technical book, finely grained covered on howtos of the honeypot including the popular Nepenthes (although now it's already dead, succeeded by Dionaea).

Saturday, April 17, 2010

Changing filenames to lowercase/capital

Changing to ALL lowercase

Say we have tonnes of AVI files:

 for i in *.avi; do mv $i `echo $i |tr [A-Z] [a-z]`;done

Another way around, changing from mixed to CAPITAL

 for i in *.avi; do mv $i `echo $i |tr [a-z] [A-Z]`;done
I bought this book, Hacking Exposed: Malware & Rootkits several months back, while it is still new! A good read and really worth for your money. It keeps you update with current stuffs and first of its kind within Hacking Exposed series. Perhaps more to come in the same title in future!

If you comfortable shopping online, just visit Amazon and get the latest copy here HACKING EXPOSED MALWARE AND ROOTKITS

sctest, tool in libemu



I recently just tested out sctest, a tool to process shellcode provided in libemu.

The usage is as follows:



 

sctest -gS -s 10000 -v -G test.dot 





Basically there are several steps prior to that (which I need a friend to help me out!).

Say, I have a file called hexdump.txt;



Try with 10, 000 steps:

$ sctest -Ss 10000 -g < hexdump.txt

verbose = 0 success 

offset = 0x00000005  

stepcount 10000 




Try with 100, 000 steps we got this:

 

$ sctest -Ss 100000 -gv < hexdump.txt


 


verbose = 1 success 

offset = 0x00000005 

stepcount 100000




HMODULE LoadLibraryA ( LPCTSTR lpFileName = 0x0012fe80 => = "ws2_32"; ) = 0x71a10000; int WSAStartup ( WORD wVersionRequested = 2; LPWSADATA lpWSAData = 1244276; ) = 0; SOCKET WSASocket ( int af = 2; int type = 1; int protocol = 0; LPWSAPROTOCOL_INFO lpProtocolInfo = 0; GROUP g = 0; DWORD dwFlags = 0; ) = 66; int bind ( SOCKET s = 66; struct sockaddr_in * name = 0x0012fe6c => struct = { short sin_family = 2; unsigned short sin_port = 23569 (port=4444); struct in_addr sin_addr = { unsigned long s_addr = 0 (host=0.0.0.0); }; char sin_zero = " "; }; int namelen = 16; ) = 0; int listen ( SOCKET s = 66; int backlog = 2; ) = 0; SOCKET accept ( SOCKET s = 66; struct sockaddr * addr = 0x0012fe4c => struct = { }; int addrlen = 0x0012fe50 => none; ) = 68; int closesocket ( SOCKET s = 66; ) = 0;


Now, let us create a flow graph. We will add -G flag this time. 



$ sctest -Ss 100000 -gvG bla.dot






You will get a file, bla.dot ... and by using Graphviz package later you just choose whether to use fdp, circo, neato to create your flow graph. Say, I am comfortable with dot. Remember, since we may create a lot of flow lines, include splines=true in your dot file.

I got a graph as above.






Friday, April 16, 2010

Marking Nepenthes' log with GeoIP

I always wanted to let my Nepenthes log meaningful, rather than cryptic columns which is pretty much boring.

So this is what I did after several searches on the Net... some of the link just show the result, and I wonder why don't they just *put* the script online. Here goes!


Let say, I am processing /var/log/nepenthes/logged_downloads

116.7.16.130 df51e3310ef609e908a6b487a28ac068
116.80.225.172 1d419d615dbe5a238bbaa569b3829a23
116.80.227.106 e269d0462eb2b0b70d5e64dcd7c676cd
116.80.81.221 98eb0fdadf8a403c013a8b1882ec986d
116.80.85.224 e269d0462eb2b0b70d5e64dcd7c676cd
116.81.88.146 2fa0e36b36382b74e6e6a437ad664a80


I want it to be:

Russian Federation ,95.28.56.118 , 7d99b0e9108065ad5700a899a1fe3441
Russian Federation ,95.28.63.209 , 7d99b0e9108065ad5700a899a1fe3441

Russian Federation ,95.28.71.57 , 7d99b0e9108065ad5700a899a1fe3441

Russian Federation ,95.28.82.129 , 7d99b0e9108065ad5700a899a1fe3441

Russian Federation ,95.28.89.135 , 7d99b0e9108065ad5700a899a1fe3441

Russian Federation ,95.29.28.40 , 7d99b0e9108065ad5700a899a1fe3441

United States ,98.101.106.156 , 7d99b0e9108065ad5700a899a1fe3441


If I just invoked "geoip" tool from the BASH command line, it's going to be:

for ip in `awk {'print $1'} hcountry.txt`; do echo "$ip" `geoiplookup $ip|awk
-F "GeoIP Country Edition" {'print $2'}`; done

This, however only like this:

114.136.161.59 : TW, Taiwan
114.136.83.68 : TW, Taiwan
114.137.222.91 : TW, Taiwan
114.43.232.67 : TW, Taiwan
115.171.144.48 : CN, China
115.177.145.254 : JP, Japan
116.10.232.29 : CN, China
116.11.39.46 : CN, China
116.1.222.156 : CN, China
116.19.174.223 : CN, China
116.206.128.101 : MY, Malaysia
116.206.147.239 : MY, Malaysia
116.226.37.237 : CN, China
116.227.187.234 : CN, China

without the hash.

I solve the problem by using Python language.. it worked, despite my minimal knowledge in Python.. also some clue from a friend :)

import re
import sys

import GeoIP

GEOIP_DATABASE='/usr/share/GeoIP/GeoIP.dat'

geoip=GeoIP.open(GEOIP_DATABASE,GeoIP.GEOIP_STANDARD)

for line in open("chcountry.txt"):

columns = line.split(',')

negara=geoip.country_name_by_addr(columns[0])

x=columns[1].strip("\n")

print columns[0],(','),negara,(','),x



Also, if you simply want to use geoiplookup from CLI directly, I asked a friend who gave me a solution here (final one)

awk '{ ("geoiplookup " $1) | getline d; split(d, data, ":"); print data[2]
";" $1 ";" $2; close ("geoiplookup "$1); }' hcountry.txt

Thursday, March 04, 2010

Burn CD dengan dd command

Dah lama tak menulis.. agak sibuk. Tadi baru burn CD gune DD command..dah lama tak main "dd" ni...

Mula-mula check kat mana posisi disk kita...

root@auber:~# cdrecord -scanbus



scsibus1:
1,0,0 100) 'TSSTcorp' 'CD/DVDW SH-S182F' 'SB01' Removable CD-ROM
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) *
1,6,0 106) *
1,7,0 107) *


Then kalo tengok kat atas posisi dia 1,0,0...


root@auber:~# cdrecord -v -dao -dev=1,0,0 /backup/debian-504-i386-CD-1.iso



TOC Type: 1 = CD-ROM
scsidev: '1,0,0'
scsibus: 1 target: 0 lun: 0
WARNING: the deprecated pseudo SCSI syntax found as device specification.
Support for that may cease in the future versions of wodim. For now,
the device will be mapped to a block device file where possible.
Run "wodim --devices" for details.
Linux sg driver version: 3.5.27
Wodim version: 1.1.9
SCSI buffer size: 64512
Device type : Removable CD-ROM
Version : 5
Response Format: 2
Capabilities :
Vendor_info : 'TSSTcorp'
Identification : 'CD/DVDW SH-S182F'
Revision : 'SB01'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x0009 (CD-R)
Profile: 0x0015 (DVD-R/DL sequential recording)
Profile: 0x0016 (DVD-R/DL layer jump recording)
Profile: 0x002B (DVD+R/DL)
Profile: 0x001B (DVD+R)
Profile: 0x001A (DVD+RW)
Profile: 0x0014 (DVD-RW sequential recording)
Profile: 0x0013 (DVD-RW restricted overwrite)
Profile: 0x0012 (DVD-RAM)
Profile: 0x0011 (DVD-R sequential recording)
Profile: 0x0010 (DVD-ROM)
Profile: 0x000A (CD-RW)
Profile: 0x0009 (CD-R) (current)
Profile: 0x0008 (CD-ROM)
Profile: 0x0002 (Removable disk)
Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr).
Driver flags : MMC-3 SWABAUDIO BURNFREE
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 1056000 = 1031 KB
Beginning DMA speed test. Set CDR_NODMATEST environment variable if device
communication breaks or freezes immediately after that.
FIFO size : 12582912 = 12288 KB
Track 01: data 645 MB
Total size: 741 MB (73:28.32) = 330624 sectors
Lout start: 741 MB (73:30/24) = 330624 sectors
Current Secsize: 2048
ATIP info from disk:
Indicated writing power: 6
Is not unrestricted
Is not erasable
Disk sub type: Medium Type C, low Beta category (C-) (6)
ATIP start of lead in: -11231 (97:32/19)
ATIP start of lead out: 359846 (79:59/71)
Disk type: Short strategy type (Phthalocyanine or similar)
Manuf. index: 27
Manufacturer: Prodisc Technology Inc.
Blocks total: 359846 Blocks current: 359846 Blocks remaining: 29222
Speed set to 8468 KB/s
Starting to write CD/DVD at speed 48.0 in real SAO mode for single session.
Last chance to quit, starting real write in 0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
Performing OPC...
Sending CUE sheet...
Writing pregap for track 1 at -150
Starting new track at sector: 0
Track 01: 645 of 645 MB written (fifo 100%) [buf 99%] 41.6x.
Track 01: Total bytes read/written: 677117952/677117952 (330624 sectors).
Writing time: 158.952s
Average write speed 31.5x.
Min drive buffer fill was 99%
Fixating...
Fixating time: 15.222s
BURN-Free was 1 times used.
wodim: fifo had 10666 puts and 10666 gets.
wodim: fifo was 0 times empty and 6177 times full, min fill was 97%.

Monday, January 11, 2010

GRE?

Somebody asked me about GRE, so I archive it here...

salam, just started my phd.so far very bz with classes.

GRE: to register for this exam you have to register from ETS, it handles TOEFL exam too, fee for GRE is around USD170 (last year), while TOEFL is around USD150.

Last time I chose to take the exam at Prometric(nearby LRT Dang Wangi, so it's easy to catch the train since it begin 900AM, otherwise you can choose for evening).

I did not really prepare for GRE and TOEFL since I had wedding weeks before.. so busy with something else. Nevertheless the M'sian govt decided not to send the rest of us overseas, so actually taking both pretty much a waste (sigh). But later I took IELTS, and score quite well, also pointless(I got an offer to Australia though).

Anyway.. GRE has two sections, quantitative and qualitative, finally analytical writing. Quan. is much like high school math, but you've to get the first few questions right..otherwise your score will be low, since the next question is based from you current answer. Qualitative is more on English.. and it asks for very weird vocab. Buy a book though. I got mine from Kinokuniya.. later I sold them to my in law(grin).

Analytical writing needs you to write. Both quant and qual are over 800, so sometimes they asked for combined marks.. it will /1600 . Analytical if not mistaken is over 6.0 ...