OT-Re: test post

Brian Densmore DensmoreB at ctbsonline.com
Wed Dec 26 14:57:32 CST 2001 

ROFL! Another good reason to use Linux and Secure FTP.

Thanks for the laugh,
Brian

> -----Original Message-----
> From: Gerald Combs [mailto:gerald at ethereal.com]
> Sent: Wednesday, December 26, 2001 8:49 AM
> To: Marvin Bellamy
> Cc: kclug at kclug.org
> Subject: Re: OT-Re: test post
> 
> 
> Sometimes a dynamic address can be a good and useful thing:
> 
> ----
> From daniel at pressure.net.nz Tue Dec 25 11:34:35 2001
> Date: Tue, 25 Dec 2001 18:09:02 +1300
> From: Daniel Swarbrick <daniel at pressure.net.nz>
> To: bugtraq at securityfocus.com
> Subject: Possible hole in Win XP MS Client networking
> 
> Hi, I hope this is the correct contact for this kind of thing.
> 
> I've just had somebody drop Nimda viruses on my Windows XP Pro
> workstation from Korea. Here's how it happened.
> 
> I had a Windows share on a FAT32 drive, which granted read/write to
> Everybody (I know, bad practice, but it was just a temporary 
> "Incoming"
> directory from a file swap session with a friend a few nights ago). I
> noticed my modem lights going, even though I was not downloading
> anything at the time. At that moment, Norton Antivirus started popping
> up warnings about Nimda viruses in .EML files in the shared 
> directory. I
> suspected my friend's files had come with a little extra 
> bonus, so went
> to check the directory myself. I couldn't find more than one .EML file
> at a time (as NAV kept moving them to quarantine), but new ones kept
> arriving. That's when I clicked as to what was happening, and ran
> netstat from a DOS window.
> 
> Netstat revealed an ESTABLISHED connection from a host in Korea to the
> microsoft-ds service on my machine. It also showed a TIME_WAIT
> connection to windowsupdate.microsoft.com, although I had not been to
> that site - possibly unrelated, as Windows does tend to phone home a
> bit. Anyway, I promptly stopped sharing the directory, and 
> disconnected
> from the Internet, reconnecting in order to get a new IP.
> 
> I then checked my network configuration, and double checked 
> that Client
> for Microsoft Networks was not bound to my modem, which indeed it
> wasn't. Now I don't run the XP firewall for my dialup connection, but
> how is it that a connection can be made to a service that is not bound
> to the dialup adapter?
> 
> Is this a hole? Can you guys perhaps replicate the condition 
> and see if
> it is? My machine has all the current critical updates applied from
> Windows update.
> 
> Any other information you might need, I will try to supply.
> ----
> 
> 
> On Wed, 26 Dec 2001, Marvin Bellamy wrote:
> 
> > Too bad that wouldn't stop spammers from using mail servers 
> to relay. 
> >  Anyone notice how tons of spam seems to be relayed through 
> msn.com or 
> > that IE allows pop-ups that take over your desktop and 
> can't be closed? 
> >  I'm wondering if this is an oversight or if M$ is selling these 
> > "features"...
> > 
> > Duane Attaway wrote:
> > 
> > >They ought to give everyone a non-changing IP address.  
> That ought to
> > >clean up much nonsense on the net and let disturbed people 
> like me track
> > >who's computer is messing up spreading viruses.  I don't 
> know, it just
> > >seems like the way dynamic IP's are being pushed is the 
> source of much
> > >evil in the world.  Tattoo a static IP to each house and I 
> feel that the
> > >internet would be more like a community, rather than strangers on a
> > >connection that quickly vanishes.
> > >
> > 
> > 
> > 
> > 
> majordomo at kclug.org
> > 
> 
> 
> 
> majordomo at kclug.org
>

More information about the Kclug mailing list