OT-Re: test post
Brian Densmore
DensmoreB at ctbsonline.com
Wed Dec 26 14:57:32 CST 2001
ROFL! Another good reason to use Linux and Secure FTP.
Thanks for the laugh,
Brian
> -----Original Message-----
> From: Gerald Combs [mailto:gerald at ethereal.com]
> Sent: Wednesday, December 26, 2001 8:49 AM
> To: Marvin Bellamy
> Cc: kclug at kclug.org
> Subject: Re: OT-Re: test post
>
>
> Sometimes a dynamic address can be a good and useful thing:
>
> ----
> From daniel at pressure.net.nz Tue Dec 25 11:34:35 2001
> Date: Tue, 25 Dec 2001 18:09:02 +1300
> From: Daniel Swarbrick <daniel at pressure.net.nz>
> To: bugtraq at securityfocus.com
> Subject: Possible hole in Win XP MS Client networking
>
> Hi, I hope this is the correct contact for this kind of thing.
>
> I've just had somebody drop Nimda viruses on my Windows XP Pro
> workstation from Korea. Here's how it happened.
>
> I had a Windows share on a FAT32 drive, which granted read/write to
> Everybody (I know, bad practice, but it was just a temporary
> "Incoming"
> directory from a file swap session with a friend a few nights ago). I
> noticed my modem lights going, even though I was not downloading
> anything at the time. At that moment, Norton Antivirus started popping
> up warnings about Nimda viruses in .EML files in the shared
> directory. I
> suspected my friend's files had come with a little extra
> bonus, so went
> to check the directory myself. I couldn't find more than one .EML file
> at a time (as NAV kept moving them to quarantine), but new ones kept
> arriving. That's when I clicked as to what was happening, and ran
> netstat from a DOS window.
>
> Netstat revealed an ESTABLISHED connection from a host in Korea to the
> microsoft-ds service on my machine. It also showed a TIME_WAIT
> connection to windowsupdate.microsoft.com, although I had not been to
> that site - possibly unrelated, as Windows does tend to phone home a
> bit. Anyway, I promptly stopped sharing the directory, and
> disconnected
> from the Internet, reconnecting in order to get a new IP.
>
> I then checked my network configuration, and double checked
> that Client
> for Microsoft Networks was not bound to my modem, which indeed it
> wasn't. Now I don't run the XP firewall for my dialup connection, but
> how is it that a connection can be made to a service that is not bound
> to the dialup adapter?
>
> Is this a hole? Can you guys perhaps replicate the condition
> and see if
> it is? My machine has all the current critical updates applied from
> Windows update.
>
> Any other information you might need, I will try to supply.
> ----
>
>
> On Wed, 26 Dec 2001, Marvin Bellamy wrote:
>
> > Too bad that wouldn't stop spammers from using mail servers
> to relay.
> > Anyone notice how tons of spam seems to be relayed through
> msn.com or
> > that IE allows pop-ups that take over your desktop and
> can't be closed?
> > I'm wondering if this is an oversight or if M$ is selling these
> > "features"...
> >
> > Duane Attaway wrote:
> >
> > >They ought to give everyone a non-changing IP address.
> That ought to
> > >clean up much nonsense on the net and let disturbed people
> like me track
> > >who's computer is messing up spreading viruses. I don't
> know, it just
> > >seems like the way dynamic IP's are being pushed is the
> source of much
> > >evil in the world. Tattoo a static IP to each house and I
> feel that the
> > >internet would be more like a community, rather than strangers on a
> > >connection that quickly vanishes.
> > >
> >
> >
> >
> >
> majordomo at kclug.org
> >
>
>
>
> majordomo at kclug.org
>
More information about the Kclug
mailing list