If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Worm never seen before
"Bart Bailey" wrote in message
... In posted on Thu, 30 Dec 2004 19:09:25 -0000, Jason Edwards wrote: Begin Some DSL modems (which use telephone lines) have built in NAT routers but I've yet to come across a cable (which uses a TV cable) modem that does. Efficient Networks SpeedStream 5100 here via POTS, but I don't know if it qualifies as a contained NAT or not. A quick Google suggests it doesn't but I have not read the manual in detail so it is possible I missed one or more of its capabilities. I've heard much talk of the necessity of a stand alone router, laced with exhagerated comments about the insecurity of an onboard software firewall, yet I've never been able to find anyone that could successfully demonstrate this insecurity. Try setting up unpatched RTM Windows 2000 or Windows XP and see what happens. When I last tried it for demonstration reasons it took less than 1 minute for a worm to spread to the demonstration PC. The PC was then disconnected and reformatted. In fact one blowhard once claimed to be able to "own" any 9x system on the net, but was predictably unable to back up his spew. Yeah well I can understand that it is sometimes difficult to distinguish between spew and facts. If there exists some sploit for my setup, I'd sure like to know about it. If you are fully patched (have all critical or high priority Windows updates) then if I were you I would not worry. ...and no, not something I have to authorize, like a tooleaky tool, but a real "stranger on the net" attack. Attacks by real people are rare as far as the average home user is concerned. Most 'attacks' come from other compromised Windows PCs. There are exceptions; such as if you're running unpatched IIS, but you're not doing that, are you? Jason System he OS: Win98SE FW: EZ Firewall v4.5.585 Current IP#: 68.124.218.29 good luck -- Bart |
Ads |
#17
|
|||
|
|||
Worm never seen before
Bart Bailey wrote in :
In posted on Thu, 30 Dec 2004 19:09:25 -0000, Jason Edwards wrote: Begin Some DSL modems (which use telephone lines) have built in NAT routers but I've yet to come across a cable (which uses a TV cable) modem that does. Efficient Networks SpeedStream 5100 here via POTS, but I don't know if it qualifies as a contained NAT or not. I've heard much talk of the necessity of a stand alone router, laced with exhagerated comments about the insecurity of an onboard software firewall, yet I've never been able to find anyone that could successfully demonstrate this insecurity. In fact one blowhard once claimed to be able to "own" any 9x system on the net, but was predictably unable to back up his spew. There go your delusions again. You must have been smoking the pot when we had our little conversation and read into it what you wanted. You stupid *clown* prove it to yourself one way or the other and stop whining. You are an absolute jackass Bart. I should have never snatched your worthless *heart* from you that day as you have been a fool from that point. I am in your face about it. Duane |
#18
|
|||
|
|||
How I solved this...
Jason Edwards wrote:
Yes. You need to patch it BEFORE you reinstall it. http://www.google.com/search?&q=xp+sp2+slipstream Jason It begins to make strange things just installed and it needs to be "servicepacked" ASAP !!! You know Microsoft offers SP2 on a CD for free. But I suppose I will be scolded by the MS haters for providing MS my home address. |
#19
|
|||
|
|||
How I solved this...
"J. S. Jackson" wrote in message
... Jason Edwards wrote: Yes. You need to patch it BEFORE you reinstall it. http://www.google.com/search?&q=xp+sp2+slipstream Jason It begins to make strange things just installed and it needs to be "servicepacked" ASAP !!! You know Microsoft offers SP2 on a CD for free. But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. Jason But I suppose I will be scolded by the MS haters for providing MS my home address. |
#20
|
|||
|
|||
How I solved this...
In message "Jason Edwards"
wrote: But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. IIRC you can buy it for $5-$10. However, it is media only, you need to provide your own license. -- If at first you do succeed, try not to look astonished. |
#21
|
|||
|
|||
Worm never seen before
One other thing here Bart. When you started talking about your Internet
sister, I should have known right then and there that you were gone. Duane |
#22
|
|||
|
|||
How I solved this...
On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards"
wrote: But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. For anyone who owns a cd burner and the original media, creating a new slipstreamed sp2 install cd is trivial. greg -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone |
#23
|
|||
|
|||
How I solved this...
Jason Edwards wrote:
But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. You should have at least been provided with a recovery disk with your computer. (Save all data before using it) as recovery disks revert the machine to 'as first received condition'. |
#24
|
|||
|
|||
Worm never seen before
Seems this exploit needed the attack surface created by the service running
on port 445, this is why it's good to shut these services down in addition to blocking to blocking the incoming port 445 traffuc with a router. Especially if you're just running a standalone, home system that doesn't need to talk to other domain members. "I.L.B." wrote in message ... Hi all ; I am just experiencing a strange kind of infection I don't know wether is a new worm or not, as I never seen it before. The situation is next: - I am running a computer with both Win98 and XP installed. - My Win98 session works OK - When I start an XP session, and I do activate my network connection... I start to see a very heavy traffic on the LEDs of my hub/router ADSL. The activity light is flickering like crazy... what happens?? - I check the Status of the connection, and I see dozens of outbound packets per second, and almost nothing incoming. Strange... - I run NETSTAT to see what it happens. I see a LOT of outbound TCP connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so on... no way to stop it !. All of these netstat entries end at some strange IPs at EPMAP port. - I run TaskManager, and I see a lot of started process of "SVCHOST" and "IEEXPLORE" (about 5 or 6 instances of each one started). I just checked for Sasser, Welchia worms, but the tools said I don't have these worms on my computer... Any ideas? Thanks !! |
#25
|
|||
|
|||
How I solved this...
"Greg Hennessy" wrote in message
... On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" wrote: But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. For anyone who owns a cd burner and the original media, creating a new slipstreamed sp2 install cd is trivial. Only for some people. Most people will never find out how to do it, never mind be able to. Even if they can, they won't know where to find their license key or how to back up data they want to keep. Jason greg -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone |
#26
|
|||
|
|||
Easy Solution
Go to http://www.sysinternals.com and download tcpview
and process explorer.If you run "I.L.B." wrote in message ... Hi all ; I am just experiencing a strange kind of infection I don't know wether is a new worm or not, as I never seen it before. The situation is next: - I am running a computer with both Win98 and XP installed. - My Win98 session works OK - When I start an XP session, and I do activate my network connection... I start to see a very heavy traffic on the LEDs of my hub/router ADSL. The activity light is flickering like crazy... what happens?? - I check the Status of the connection, and I see dozens of outbound packets per second, and almost nothing incoming. Strange... - I run NETSTAT to see what it happens. I see a LOT of outbound TCP connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so on... no way to stop it !. All of these netstat entries end at some strange IPs at EPMAP port. - I run TaskManager, and I see a lot of started process of "SVCHOST" and "IEEXPLORE" (about 5 or 6 instances of each one started). I just checked for Sasser, Welchia worms, but the tools said I don't have these worms on my computer... Any ideas? Thanks !! |
#27
|
|||
|
|||
Worm never seen before
On that special day, Bart Bailey, ) said...
Try setting up unpatched RTM Windows 2000 or Windows XP and see what happens. My XP-Pro box doesn't get connected to the net, it's for the extra multimedia capabilities (audio, digicam) only. Good idea. If I (ever?) get one, it will be behind a broadband router with NAT (already there), and I'll never browse with IE, or mail with OE. Remember how it was announced: "The safest Windows ever". Now it is the most often(ly?) attacked and corrupted one. I wonder why I, when hearing this "safest ever" burble, immediately thought: "I'd better wait and see; I can't believe it is *that* safe. I'd better wait until it is fixed and tightened well enough, so that it will live up to its standards". I only know that I am still waiting. Gabriele Neukam -- Ah, Information. A property, too valuable these days, to give it away, just so, at no cost. |
#28
|
|||
|
|||
Worm never seen before
"Gabriele Neukam" wrote in message
... On that special day, Bart Bailey, ) said... [...] Ah, Information. A property, too valuable these days, to give it away, just so, at no cost. Now there's a true statement Jason |
#29
|
|||
|
|||
Worm never seen before
On that special day, Bart Bailey, ) said...
...und ein glückliches neues Jahr zu Ihnen, Gaby! Of course, a Happy New Year to you, too. And to all here, be them regulars or lurkers. Gabriele Neukam -- Ah, Information. A property, too valuable these days, to give it away, just so, at no cost. |
#30
|
|||
|
|||
How I solved this...
On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy
On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" But what they don't offer, as far as I'm aware, is a replacement XP install CD for those people who want to reinstall XP. For anyone who owns a cd burner and the original media, creating a new slipstreamed sp2 install cd is trivial. Not as trivial as it should be. If an SP breaks the installation CD, as SP2 does, it should include a skippable step in the installation process to create that slipstreamed replacement CDR. If it's so trivial, perhaps you can explain exctly how to make a slipstreamed OS CDR in your reply? Or is it non-trivial enough that you'd rather point to a URL rather than type it out? ---------- ----- ---- --- -- - - - - "He's such a character!" ' Yeah - CHAR(0) ' ---------- ----- ---- --- -- - - - - |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
What is connected to which? | kiadau | New Users to Windows XP | 7 | February 14th 07 08:02 PM |
E-mail worm or mother-in-law worm | Buckus | General XP issues or comments | 2 | October 23rd 04 03:10 AM |
blaster worm | Olga | Security and Administration with Windows XP | 7 | September 17th 04 02:55 AM |
Korgo.R worm! won't go away! | Johannes Enstad | General XP issues or comments | 2 | August 8th 04 10:02 PM |
win32bagel worm | revtkc | Performance and Maintainance of XP | 2 | July 22nd 04 06:58 AM |