Jimbo 0 #1 November 1, 2002 I'm a Unix guy, I rarely invest any time in the latest Windows this or Windows that or new and exciting ways to spam people through Windows. That said, I was a bit surprised when I came home and saw this (see attachment) - anyone know how this got in? Thanks much, Jim"Like" - The modern day comma Good bye, my friends. You are missed. WTF.doc Quote Share this post Link to post Share on other sites
WFFC 1 #2 November 1, 2002 I got one similar the other day. didn't think much of it and didn't have any intrusions on the firewall.----- ~~~Michael Quote Share this post Link to post Share on other sites
jfields 0 #3 November 1, 2002 I think some spammers are taking to using IMCP to get messages through. Our firewall blocks it for about 90% of our stations. Those that have IMCP enabled for valid reasons also get the occasional new-style messaging spam. Evil spamming bastards! Quote Share this post Link to post Share on other sites
indyz 1 #4 November 1, 2002 Windows has a feature that lets users/apps send popup messages to each other. Anyone can do it, just open up a DOS prompt and type "net send computer_name_or_address message". The ability to receieve messages can be turned off in Windows' settings, but it is left on by default. Spammers are using automated tools to exploit this. Quote Share this post Link to post Share on other sites
Sonic 0 #5 November 1, 2002 There's a program called Ad-Aware - don't know if you've heard of it or not. It searches your system for spyware and deletes it. I ran it straight after a fresh install of XP pro and it got rid of about 7 items----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
goose491 0 #6 November 1, 2002 Quote (see attachment) - anyone know how this got in? Thanks much, Jim WTF indeed... Uhm I'm not very com-puh-ta savy so uhm...???.. what happened to my com-puh-ta when I clicked on the attachment? My Karma ran over my Dogma!!! Quote Share this post Link to post Share on other sites
indyz 1 #7 November 1, 2002 QuoteThere's a program called Ad-Aware - don't know if you've heard of it or not. It searches your system for spyware and deletes it. I ran it straight after a fresh install of XP pro and it got rid of about 7 items This isn't spyware. It's a Windows feature, and it's quite useful on a properly firewalled network. Unfortunately, it comes enabled on home PCs (where it's mostly useless) and spammers figured it out. Quote Share this post Link to post Share on other sites
Sonic 0 #8 November 1, 2002 yeah, I couldn't see what it said when I clicked on it (didn't think to dl it and zoom in lol)----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
Jimbo 0 #9 November 1, 2002 Got a port? I'm going to look it up now. Stupid fuckers."Like" - The modern day comma Good bye, my friends. You are missed. Quote Share this post Link to post Share on other sites
PhreeZone 15 #10 November 1, 2002 Nice Article on it....http://online.securityfocus.com/columnists/117Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
aneblett 0 #11 November 2, 2002 Will the Bombardment of Spam and Unwanted advertising ever end. I remember when you could use a public urinal and not have to stare at some ad... Hey Jimbo, just curious what is the icon on the top right hand side of your screen?S.E.X. party #2 ..It is far worse to live with fear, than to die confronting it. Quote Share this post Link to post Share on other sites
Sonic 0 #12 November 2, 2002 You've already got adaware anyway. Just an idea ----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
PhreeZone 15 #13 November 2, 2002 The reason it finds files on a clean install of windows is it erases good and bad data the same... And adaware is usless against this. Block port 135 and 139 udp.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
Jimbo 0 #14 November 2, 2002 QuoteHey Jimbo, just curious what is the icon on the top right hand side of your screen? That's probably JS Pager, a utility to provide virtual desktops on Windows. It is, in my opinion, one of the single best Windows programs out there. You can get it here: http://hem.fyristorg.com/jspage/ - Jim"Like" - The modern day comma Good bye, my friends. You are missed. Quote Share this post Link to post Share on other sites
Sonic 0 #15 November 2, 2002 XP Pro does it as standard----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
jfields 0 #16 November 2, 2002 I know there is a Microsoft-released "Windows Power Toy" that provides virtual desktops for XP, but I don't know that it comes in the shrink-wrapped version. Quote Share this post Link to post Share on other sites
PhreeZone 15 #17 November 2, 2002 If your refering to the lame firewall in XP... don't count on it. That things holier then swiss cheese. I've seen unsecure systems that block more things then that firewall does. And it only blocks inbound and not bi-directional packets so its usless once a tcp session is started. (Cissp certified)Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
Sonic 0 #18 November 2, 2002 I meant the multiple desktop thingy. Wouldn't trust the windows firewall to block against anything. Out of interest, what firewalls do people use? I got ZoneAlarm myself - the Norton one just screws up my system----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
PhreeZone 15 #19 November 2, 2002 Personally... I've got a Cisco Pix 515 at home at the moment Software firewalls will never be as secure as a hardware one. Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
Chivo 0 #20 November 2, 2002 If you like Ad-Aware, you should also take a preemptive counter measure for banners and pop-ups and other of the web-evils. I started using Proxomitron a while ago and it rulez! When you browse the web, I rarely get a pop-up, it even removes a lot of the advertisements. And if you're familiar with regular expresions, you can implement your own filters too. Chivo Quote Share this post Link to post Share on other sites
lummy 4 #21 November 2, 2002 Quote Software firewalls will never be as secure as a hardware one Why is that? Back to the NET SEND spams, The University has been getting these for about 2 weeks now. The easiest thing to do is to disable the Messenger service on NT/Win2k/XP. I have a registry fix that I made at work I can post on MondayI promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1 Quote Share this post Link to post Share on other sites
Jimbo 0 #22 November 2, 2002 QuoteSoftware firewalls will never be as secure as a hardware one. That's a myth. Exactly what part of your 'hardware' firewall do you think makes it so useful? It's not the hardware, it's the software and features built into said software. The idea that hardware firewalls are/were more secure might have held water back in the day when processor speeds were, well, slower than they are now. One of the most successful and widely implemented firewalls on the market today, Checkpoint - and soon to be 'Next Generation' - is a software firewall. The Pix, if I'm not mistaken, is losing market share quickly, that is if it ever even had it. - Jim"Like" - The modern day comma Good bye, my friends. You are missed. Quote Share this post Link to post Share on other sites
PhreeZone 15 #23 November 2, 2002 >Why is that? Because you are introducing software vurns into the mix along with a greater possibility for misconfigurations. Pix runs on Cisco ISO (At one point it had a 25% market share) which at its core is a unix kernel. Checkpoint is the current market leader in firewalls but its a hardware level firewall since at its core its a BSD core with full router capibilities. The software firewalls that plug right into your every day OS's now are able to be hacked using flaws in the software along with the firewall holes themself. Whitebox solutions for firewalls have consistantly shown time after time that they are able to be attacked on a software level to result in failure of the firewall. Instead of trying to hack through the box, just exploit a Windows/unix vurn that has not been patched. With IOS/hardware upgrades you are assured that the patches will work in your config, with other sources there is no telling what a patch can do (anyone remember SP6 for NT taking out Exchange 5.5?). Then you have te issues of misconfiguration that despite your best efforts forgettign to turn one service/deamon off can leave your network wide open. Checkpoint is still considered a hardware level since it is a router. Your average homebuilt software level firewall is not capible of serving as a bridge between two unique networks and will do NAT or what ever else you want on it. A hardware level firewall can do this and more. Even proxy server software can not match the level of flexibility a hardware level firewall can offer you for proxy connections. I only have a PIX at home since I salvaged it from work. We replaced all of our firewalls with a new system that the DoD is picking up. Cyberguard, they are a firewall vendor with no bug-traq's against them, unlike every other major vendor.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
fudd 0 #24 November 2, 2002 QuoteCheckpoint is still considered a hardware level since it is a router. What?!? You can install Checkpoint on winNT. It's software. I agree that without securing th OS the firewall isn't secure. Anyway, firewalling is much more than level 4 packet filtering. There are only 10 types of people in the world. Those who understand binary, and those who don't. Quote Share this post Link to post Share on other sites
Jimbo 0 #25 November 2, 2002 QuoteCheckpoint is the current market leader in firewalls but its a hardware level firewall since at its core its a BSD core with full router capibilities. What are you talking about? This doesn't make sense, BSD as we already know is OS - that's software, but it's also unimportant. How is it a BSD core running on Solaris or NT? That would imply some type of emulation and that's just bad. Checkpoint is nothing more than a software based packet filter with a few pretty GUIs for building rules and browsing logs. It is as succeptable to compromise as the core OS, in this case either Solaris or NT, Checkpoint might also run on AIX, HP, and a host of other systems, I'm not sure. QuoteThe software firewalls that plug right into your every day OS's now are able to be hacked using flaws in the software along with the firewall holes themself. Just like Checkpoint. QuoteWith IOS/hardware upgrades you are assured that the patches will work in your config, with other sources there is no telling what a patch can do (anyone remember SP6 for NT taking out Exchange 5.5?). Do you know how many buggy versions of IOS are out there? Again, without the software your PIX is nothing more than an ugly, noisy paperweight. QuoteCheckpoint is still considered a hardware level since it is a router. Uh? QuoteYour average homebuilt software level firewall is not capible of serving as a bridge between two unique networks and will do NAT or what ever else you want on it. Specifically what 'average homebuilt software' are you referring to? Features are built into the software, the features are as powerful or as weak as the developers made them. In some cases these features are completely contained within the software, in others OS support is needed to allow them to run properly. QuoteWe replaced all of our firewalls with a new system that the DoD is picking up. Cyberguard, they are a firewall vendor with no bug-traq's against them, unlike every other major vendor. There aren't any bug-traq listings against them because they're new. Given time flaws and exploits will be discovered in ANY software application. - Jim"Like" - The modern day comma Good bye, my friends. You are missed. Quote Share this post Link to post Share on other sites