|
Beware!!!!
BEWARE there is something very nasty happening to ALOT of customers PC's at the moment!!
after booting up, they get the following message on their windows Quote:
the NTL gods are frantically investigating this... ill keep ya posted |
God almighty!!!
What the hells going on!! Luckly at the mo this pcs connected to adsl, |
|
Isn't it the RPC vul?
Disabling this is only one small thing in securing an M$ box. EDIT: Yes it is, checked the link. :p Further EDIT: Why the hell have NTL put something on the service status about it? It's NOTHING to do with them. This will only lead to customers phoning up and complaining for lost work etc. :rolleyes: |
Well finally having ME as my OS has a positive advantage!
Incog.:) |
Quote:
|
So....this is originating from within NTL?
I've heard various stories about this all over the net though so it's not just happening to NTL customers. |
Quote:
Inline with I would imagine just about every residential ISP out there customers are responsible for the security of their own PCs *not* the isp (its in the user policy/terms if you want to go looking) . If people cant be bothered keeping up to date with the latest updates from their OS vendors then how is that the ISPs responsibility ?? Or are you advocating that your ISP net nannies you by blocking certain protocols at the border routers ?? |
ummm...it seemed to happening to ntl customers only - tho that seems to have changed now...
oh, and dont call tech support about it - with 96 calls in the queue (and climbing rapidly) we are in meltdown :cry: |
Quote:
|
Quote:
Quote:
|
Its also affecting Virgin dial up users (course they're on the same network)
|
/me gives up. Its an OS vulnerability that isn't ISP/network specific . If you're running an affected OS regardless of ISP then patch your kin system!!!!!!!!!!!!!!!
|
Everyone should get on to Microsoft.. Say they've lost loadsa dead important stuff.. Might get some freebies, Infact im going to ring them now :p
|
Quote:
|
Quote:
|
Problem is, if you're being hit, you can't stay online long enough to get the patch :D
|
Quote:
....btw....how do I know if I need the 32 or 64 bit win xp edition?:confused: |
Are you running a 64bit version of XP on a 64bit CPU?
Not likely :P |
Quote:
|
Quote:
|
Anybody know if there are any issues with win98 and this threat, good old MS haven't identified it in either the affected or non-affected categories though my guess would be non-affected if me isn't.
I've not seen any probs on my pc but my connection did go out for a few hours earlier :shrug: |
Is it just me???
My web browsing is really slow tonight, I'm not running anything else in the background. Its strange 'cos downloading speed is fine, its just the WWW
Could it be my proxy misbehaving?:( :shrug: |
Quote:
|
Quote:
Regards, Ben (who long ago stopped feeling smug about windows vunerabilities :) |
Be very aware...
http://securityresponse.symantec.com...c.cirebot.html |
Blueyonder have posted information on there service status saying all there packages are slow!
|
Incidently, anyone got a version of XP SP1 which will install on a not so legit version of XP Pro? ;)
|
Fine for me...
Bps Stortford / Cambridge area. |
EDIT: SOLUTION FOUND... :D
|
Terrible browsing speeds here in wirral area
|
There's an XP bug thats hit the services at the moment if you check the NTL service page.
Ive had mates complaining about this for a few hours. My guess is its a virus doing the rounds and its hitting some big boy servers. |
Quote:
Wonder if it'll be any better in the morning? I despise bloody viruses. |
NTL Have posted news that the following virus is doing the rounds and is a possible cause to tonights problems:
W32.Blaster.Worm http://securityresponse.symantec.com...ster.worm.html It hits your 135 port which i have recived a load of requests from tonight that my routers stopped thankfully. |
|
Quote:
|
Quote:
|
Another NTL joke as it says that this worm/virus was discovered today!
The patch has been available since mid July! |
|
NTL joke? It's a flaw in a Microsoft OS that was patched by Microsoft in July. What on earth have ntl got to do with it? Should they go round and port scan everyone's PC for vulnerabilities?
The *exploit* of the flaw is new in the last few hours, in fact a google for msblast.exe (the filename) came up as blank for me about 4 hours ago, since when ntl have put a status up for it as a large number of calls have come in apparently. We're quick off the mark IMHO. |
11/08/2003 23:35:52,"Rule ""Default Block EPMAP"" stealthed
11/08/2003 23:35:06,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:32:38,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:31:36,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:31:35,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:31:07,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:31:06,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:30:57,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:28:40,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:28:27,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:28:19,"Rule ""Default Block EPMAP"" stealthed 11/08/2003 23:26:02,"Rule ""Default Block EPMAP"" stealthed Nortons been busy this evening!:D :D |
I feel a thread merge coming on...:D
|
Why do over 99% of the attacks come from NTL (including Virgin) customers?
|
|
oh joy spent 4 hours at mates house trying to sort it stumbled home now and found this :rolleyes:
|
Virus Alert...
After spending a few hours trying to figure out wtf was going on with my PC shutting itself down with a reported RPC service error I figured out it is because of a fekin virus attack. This one doesn't require you to d/l anything or open any emails... it just appears by magic :shrug: (With a little help from another M$ hole)
NTL have issued an alert in their service page, but I thought it might be worth repeating it here... ntlhome Internet Customers using Windows XP/2000/NT ntlhome customers may currently be experiencing problems with their PC arising from a Windows vulnerability. This looks to be related to a new internet virus/worm discovered today. For detailed info and ways to restore service please see the following links. The following link will direct you to a Microsoft page with instructions on how to install a patch which will restore service :- http://www.microsoft.com/technet/tre...n/MS03-026.asp This link contains more specific information about the worm and instructions on how to remove it :- http://securityresponse.symantec.com...ster.worm.html Windows XP users may also want to enable the inbuilt firewall option. Instructions on how to do so can be found at :- http://support.microsoft.com/default...;en-us;q283673 |
:rofl: Oops :rofl: Still, you know where to look to keep abreast of PC Problems :D
|
Quote:
*gotta start charging for my services damn it :D m pc has been fine been up for a few days updated defintions firewall at full strength patched xp *is glad he is sensible at always having antivrus and firewall software looking after his pc not any old crap either :p |
Hence my use of Sygate Pro and Norton Systemworks (set to update daily)
Running tests at a few places, system is Stealthed all the way through no ports open, all attacks logged, Norton keeps on top of windows errors and keeps me virus free... once a month I check at housecall from trend micro just to be certain the AV system wasn't compromised etc lol |
It seems to be getting worse:
http://isc.incidents.org/port_details.html?port=135 |
Maybe its just best to turn the PC off and leave it off for a few days till it goes away...lol
|
Don't think it will, it's programmed to infect machines until June 2004. :disturbd:
|
It's just less then a month since the hotfix for that came out. Looks like we need to keep applying those hotfixes! Thank goodness for my router (which is set up to explicitly block those ports).
|
well, hats off to my housemate Pritch and his homemade router - its done the biz and kept me XP safe :D
:beer: :beer: |
Aaahh....I love Linux.
</smug mode> |
For those of you feeling complacent. Take a look at my router log :D
Code:
IP PortLooks like 135 attacks have taken over from 137 attacks. |
I bet all those that got a router (with NAT FW) so they can play XBL are glad too...
|
I still can't believe that they haven't fired some senior people in that company.
They charge like £200 for a copy of Windows and make the worst OS known to man. I've lost count of the number of large-scale exploits M$ systems have had in the last year. What a load of BS. ...and they complain that people hate them and that Open Source is their biggest threat...damn right it is. :afire: |
Quote:
80.4.127.211 139 80.4.195.246 135 80.4.161.49 135 80.4.165.187 135 196.44.174.222 137 80.4.127.211 139 12.148.162.155 135 213.104.180.24 135 80.4.90.141 135 64.230.150.61 137 80.4.127.211 139 - and many more NAT doing it's job thank goodness! |
I have to say, I'm feeling pretty dissapointed that my router logs show no access attempts, *sniff* my pc must not be good enough :( :D
|
Quote:
|
My system is now patched.
After declaring ages ago that I wouldnt run a firewall I have recently installed one......30 mins ago Norton internet security (got it with Mainboard) had 22 attempted hacks so far and one "default block sokets de trois v1. Trojan") Maybe I was wrong and I should be running a firewall all the time. |
Quote:
Linux has some pretty major exploits as well (don't believe the hype that it is secure, etc). After installing Mandrake and running their update utility there were at least 50Mb of security updates avail. Do a search on Google for Linux exploits - for those who are too lazt take a look here http://www.linuxsecurity.com/advisories/ Should Linux become the mainstream home user OS then the number of serious exploits / viruses / trojans will explode. Secondly a fix for this exploit has been out for some time. |
This may be of some use to people.
....click on the buttons marked common ports, file sharing, all service ports etc........ |
Quote:
As you will know, it is much harder to compromise a Linux machine because of the different way processes are run in the environment. |
Quote:
Don't kid yourselfs that linux is secure. It's not. Just that few people have "got it in" for linux. I use linux, unix and windows systems, and no matter what I always look out for the latest patches. I'd be a fool to just sit there with a smug "ah, I'm okay I use linux" attitude. Of all things I concentrate very carefully on Apache patches as that's the one thing exposed to the outside world on my system. And has everyone ensured they've got the ICMP patch for their linux based routers? Very few people know about that one and many assume a dedicated linux router/firewall is rock solid and never needs patching, yet this will open their entire network up. |
Quote:
Windows Server 2003 Enterprise 64bit edition (note that it replaces the old 'limited' edition which might be the library version you mention, see here) Windows XP 2003 64bit edition ;) In fact many unix systems are actually 32bit with 64bit libraries unless you explicitly install the 64bit kernels (just take a look at 64bit AIX). The 64bit kernels often cause major headaches, so most run with 32bit kernels and just run 64bit apps on the system. Not really a true 64bit OS. XP 64bit and 2003 Server 64bit use 64bit kernels/subsystem and the Win64 API from the ground up AFAIK. 32bit apps run with WOW32 which is a subsystem to run 32bit (Win32) under 64bit (a bit like the old WOW used to run 16bit on 32bit NT, but nothing like Win9x which was 16bit DOS hacked to run 32bit on top of it and Windows on top of that ). |
Quote:
Many Linux / Unix users have become lax because of this perceived security that Linux has gained. Site like astalavista, neworder, etc are full of exploits and vunerabilities for all OS's including Linux, Win, FreeBSD, etc. As Linux achieves more attention for home users then I think we will start to see more virus / trojan activity as well as more vulnerability exploits, etc. I think that the difference is that Linux is proabably more secure out-of-the-box so to speak than NT / XP is, but both can be made pretty secure with some work and the application of the constant security updates that both formats see. |
Quote:
Ahh, but has anyone been dumb enough to use it on production systems yet :-) Quote:
Quote:
Regards, Ben |
Quote:
I gave my Micro$oft account manager some grief today though!:D |
Quote:
There's no reason why it's a problem. We're talking the NT line here and after all 32bit NT (proper operating system) was way more robust than nasty 16bit DOS/Windows (spawn of the devil ;)), so not much reason why 64bit XP/Server2003 (NT really) is no less robust as 32bit. As with unix, it drops down to 32bit as necessary anyway (slightly better at it than the old 16bit WOW which was more emulation, whereas this relies on the 64bit processor ability to run 32bit... I think). |
Quote:
|
Quote:
Sure, if your lax in your updates, run as root all the time, dont check for root kits and leave ports wide open then you are screwed. However all the servers you mentioned are turned off initially and if you wanted to turn them on you had better know what your doing. If not then your incompetant or lazy and who cares. Linux is more inherently secure than the other leading os, mostly because of the security models used. MS sets up their systems to fully integrate into their not so secure infrastructure such as windows update; their programs are riddled with bugs that they have no intention of fixing and hides the running services that can be compromised such as Messenger and allows a user to have administrative priveliges. It also supports the script kiddies favorite language - VB. This is not to say that Linux does not have its own problems, the difference is that these exploits are much, much harder to impliment especially against a user who has a clue about security. Also when an exploit is discovered it is paxtched as rapidly as possible. You can also install SE Linux, which promptly deals with the script kiddies, the so called L33T hackers and quite a few of the competant ones, at the possible expense of opening your system up to the NSA :-) Quote:
Quote:
Regards, Ben |
Quote:
There is no security in obscurity as any CISSP should be able to tell you. Regards, Ben |
The thread on .com is good
|
Quote:
As for IIS vs Apache patches, I don't think IIS has needed a patch for some time, but I'm not going to argue IIS is better (regardless of who has the more patches) because I do prefer Apache myself anyway (running on linux). The difference with patches is MS "fixes the barn door after the horse has bolted", which is part of the problem, whereas the linux community fixes it usually before it's an issue. Or rather MS spends a huge amount of time and money regression testing so their fixes are not going to break systems and cost people a lot of money, whereas on linux they fix it and then fix those bugs, then fix those bugs, and you have to wait until someone comes up with a decent fix or you fix it yourself (that's the problem of open source, it's a "do it yourself or wait, test in production" strategy). MS has often fixed the problem well before it's an issue but as soon as they make the problem public the kids go off and write their virus/trojans/worms knowing a lot of people don't patch. Add to that the fact their fix may be written but not tested so needs time for testing, that gives them time to write the stuff. |
I can confirm that engineers are dealing with the problem as I type.
|
I got all the criticals windows updates from "windows update" is this patch included in the list automatically?
I'm also behind a router. |
Quote:
|
Quote:
If the router is a NAT router, then you should be protected. My router is all that's currently protecting my 2nd machine (W2K), which is currently being defragged before any more updates are applied. |
Quote:
I only recall one patch for SuSE 7.3 that had tro be recalled, infact I'm so confident of SuSE doing a good job that all my servers are set to automatically update. Something I would never dream of doing on one of the few remaining NT boxes. MS couldn't care less if one of their patches broke your system for a few hours, after all you cant sue them thanks to the EULA, whereas the open source community cannot dare take that attitude, and quite frankly wouldn't as they take pride in their work. Sure one or two projects may ignore a bug report, currently there is one in gnomecanvas thats been there for 8 months giving me a headache. People are working on it but it'll take time to come through and in the meantime I can figure out a workaround. While I was writing M$ based apps, I came across quite a few bugs and was faced by a wall of silence by microsoft. They dont care, and they dont need to care, hence part of the reason for the growth of Linux. Prehaps you should consider changing your distro, after all RH can only handle about 20-30 users at once :D Regards, Ben |
Quote:
Or are you trying to claim that open source software is bug free? As Deadkenny says - I see more security updates for my Linux Distro's than I do for Windows. There are certaily serious issues with Linux, for example IIRC samba versions between 2.0.x and 2.2.7 (I think) had a vunerability that could allow an anonymous attacker to acquire super-user rights - it took them a long-time to block this exploit as you can see with the version numbers. There are plenty others that allow attackers to get root or super-user rights. Boths OS's have vunerabilities and eploitable bugs. The only advantage that Linux really has it that it is more secure out-of-the-box than Windows, but with a little work both can be made pretty secure. The same goes for IIS and Apache aswell. |
Why does it seem that every thread reduces down to the usual mine is better/bigger/stronger than yours?
Why not just agree to differ and leave it at that?It's not really worth the aggro and besides it's somewhat off topic. Incog ;) |
Quote:
|
|
Quote:
Certainly not, I do however say that Linux and its mature/Beta grade software has far fewer bugs than its closed source equivalent because of A) Its huge tester base B) The open nature of the code allows others to identify the nature of the bug and correct it if they are able and C) There is a far greater incentive for the programmer to doi a good job. With the code available for all to see, then the programmers ego could be done serious harm by bodging something together :) Quote:
Quote:
Quote:
Quote:
Also could you please start differentiating between bugs and exploits, an overrun that causes X to crash is not the same as allowing code to be executed without the users knowledge. Quote:
Regards, Ben |
Quote:
:D Best, Ben |
Quote:
So, if we take the amount of bugs in Windows and all third party software and compare that to the amount for Linux and third party software, Linux will have quite a few less. You can certainly feel safer using Linux (I'm using Mandrake 9.1 right now with Mozilla) because most script kiddies will only know how to compromise a Windows system and it takes a bit more knowledge to break into a Linux OS. Plus, you are more safe from virus and trojans. As mentioned earlier in the thread, Linux comes pretty secure out of the box anyway, I'm not running any servers on this machine - the most important thing is making sure the system if up to date and the root password is strong. |
Plus when a new linux kernel is released, that is what it is... new
Looking at this recent exploit that has come to light... Affected Versions.... NT 4 circa 1995? Windows 2000 2000 Windows XP 2001 Windows 2003 2003 So the issue has existed for 8 years accross 4 platforms.. How much legacy code do they blindly copy between versions? |
Quote:
I just see the merits of both Windows and Linux - I've got both running here. As for the advisory in Samba - you can find it here. https://rhn.redhat.com/errata/RHSA-2003-137.html Samba versions above 2.2.8 don't have this exploit. |
Don't get me wrong - I am not in the Windows is better than Linux camp, nor vice-versa.
My point is that all OS's have flaws, both minor and serious. Already Linux is starting to see an increase in the number of viruses. Even BSD-based OS's have their flaws and exploits. I remember one that related to a vulnerability with certain SSH installs, though I can't remember what the vulnerability was though. When more and more crackers and hackers turn their attention to Linux then I think you will see an increase in the number of vulnerabilies / exploits. Nobody can anticipate every interaction that code can have under every situation and this is why vulnerabilities such as the RPC one can exist in an OS for years before coming to light. |
Quote:
Hardly an internet stopper, but something to keep an eye on. Thanks, Ben |
Quote:
Quote:
Linux represents a very unhealthy enviroment for any virus, theres no VB macros, no unlocked ports, seperation of users and administrators and lack of binary executables, let alone executables that run without permission. For an interesting and accurate article on linux viruses, rather than speculation, try this: http://librenix.com/?inode=21 Quote:
Quote:
The only ones that have the kind of skill needed to crack Linux or any other kind of Unix are usually far too busy running security companies or writing virus TK's to be used against windows due to some kind of beef they have against MS. Even if they were to start writing viruses to be used against Linux, it would still be reliant on the user to do something truely stupid in order to allow the virus to propegate. Quote:
Ben |
LOL.
Everything is open for exploitation whether it be Microsoft, Linux, Mac. Just cos Microsoft are the largest people think it shouldn't happen. |
It's probably also fair to say that people who run Linux are likely to keep up to date with all the patches and bug fixes that are released.
While some Windows users do, unfortunately a large proportion don't. This is the main reason why Windows virii propagate so well. |
Quote:
SuSE however, well look here: http://www.suse.co.uk/uk/private/sup...ity/index.html There have been 9 updates in the last five months, 10 if you include the kernel patch I'm expecting sometime today and is already available via YaST. What more do I need to say? Regards, Ben |
Helping fight W32.Blaster.Worm
I'm sure you'll have seen in the news mention of the latest worm that's doing the rounds on the internet - W32.Blaster.Worm. This particular nasty will cause your machine to shut down and is designed to launch a DDoS attack against WindowsUpdate from the 16th. It is causing a whole lotta traffic on port 135 as the worm seeks to propagate itself.
We sat up late last night developing a small app that would use the port-forwarding abilities of a router firewall. Basically the incomming port 135 requests are router to port 10000 before they reach the machine so that Windows ignores them, and the app sends out a Net Send message to the connecting IP advising them they they appear to infected with W32.Blaster and would they please go to a webpage for more info. It does have the side-effect of messaging back those Messenger spammers that lurk around the net as well, but that's only a plus in my opinion. :D Most of the scans I get are from other NTL IPs, which indicates that the worm bases it's scanning on the local machine's IP, but there have been a few others. As a guide to how bad it's getting, I received 20 scans this morning while I was in the bath, and I wasn't in there that long. :) We may release the app when it's complete, but in the meantime check your firewall logs and let us know how many connection attempts you've had on port 135 over the past few days. |
Its great that people are developing ways to combat this worm. But I would hope people would be getting the security update from MS and running the MSblaster fix from symantec. I personally fixed two machines last night this way.
One thing that surprised me was that when I closed MSBlaster.exe from the processes list, approx 3 mins later the machine still shut down, the command had restarted itself, this made removal of the virus a tad tricky......eventually though I got the machine to stay on long enough to remove the infection. I dont know how many people would be interested in your application, I may be, but firstly I'd have to enquire who you work for Keep up the good work TW2001 |
well, as of lastnight, this was the fix we were giving out last night.... version 5 i think :erm:
Quote:
|
Quote:
|
| All times are GMT. The time now is 23:50. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are Cable Forum