ROFL! Another good reason to use Linux and Secure FTP. Thanks for the laugh, Brian > -----Original Message----- > From: Gerald Combs [mailto:gerald@ethereal.com] > Sent: Wednesday, December 26, 2001 8:49 AM > To: Marvin Bellamy > Cc: kclug@kclug.org > Subject: Re: OT-Re: test post > > > Sometimes a dynamic address can be a good and useful thing: > > ---- > From daniel@pressure.net.nz Tue Dec 25 11:34:35 2001 > Date: Tue, 25 Dec 2001 18:09:02 +1300 > From: Daniel Swarbrick > To: bugtraq@securityfocus.com > Subject: Possible hole in Win XP MS Client networking > > Hi, I hope this is the correct contact for this kind of thing. > > I've just had somebody drop Nimda viruses on my Windows XP Pro > workstation from Korea. Here's how it happened. > > I had a Windows share on a FAT32 drive, which granted read/write to > Everybody (I know, bad practice, but it was just a temporary > "Incoming" > directory from a file swap session with a friend a few nights ago). I > noticed my modem lights going, even though I was not downloading > anything at the time. At that moment, Norton Antivirus started popping > up warnings about Nimda viruses in .EML files in the shared > directory. I > suspected my friend's files had come with a little extra > bonus, so went > to check the directory myself. I couldn't find more than one .EML file > at a time (as NAV kept moving them to quarantine), but new ones kept > arriving. That's when I clicked as to what was happening, and ran > netstat from a DOS window. > > Netstat revealed an ESTABLISHED connection from a host in Korea to the > microsoft-ds service on my machine. It also showed a TIME_WAIT > connection to windowsupdate.microsoft.com, although I had not been to > that site - possibly unrelated, as Windows does tend to phone home a > bit. Anyway, I promptly stopped sharing the directory, and > disconnected > from the Internet, reconnecting in order to get a new IP. > > I then checked my network configuration, and double checked > that Client > for Microsoft Networks was not bound to my modem, which indeed it > wasn't. Now I don't run the XP firewall for my dialup connection, but > how is it that a connection can be made to a service that is not bound > to the dialup adapter? > > Is this a hole? Can you guys perhaps replicate the condition > and see if > it is? My machine has all the current critical updates applied from > Windows update. > > Any other information you might need, I will try to supply. > ---- > > > On Wed, 26 Dec 2001, Marvin Bellamy wrote: > > > Too bad that wouldn't stop spammers from using mail servers > to relay. > > Anyone notice how tons of spam seems to be relayed through > msn.com or > > that IE allows pop-ups that take over your desktop and > can't be closed? > > I'm wondering if this is an oversight or if M$ is selling these > > "features"... > > > > Duane Attaway wrote: > > > > >They ought to give everyone a non-changing IP address. > That ought to > > >clean up much nonsense on the net and let disturbed people > like me track > > >who's computer is messing up spreading viruses. I don't > know, it just > > >seems like the way dynamic IP's are being pushed is the > source of much > > >evil in the world. Tattoo a static IP to each house and I > feel that the > > >internet would be more like a community, rather than strangers on a > > >connection that quickly vanishes. > > > > > > > > > > > > majordomo@kclug.org > > > > > > majordomo@kclug.org >