RE: Windows 98 box is 'owned'
From: Randy Williams (randyw_at_techsource.com)
Date: 10/01/04
- Previous message: GuidoZ: "Re: FCC Asks For Comments On Internet Wiretapping"
- In reply to: GuidoZ: "Re: Windows 98 box is 'owned'"
- Next in thread: GuidoZ: "Re: Windows 98 box is 'owned'"
- Reply: GuidoZ: "Re: Windows 98 box is 'owned'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'GuidoZ'" <uberguidoz@gmail.com> Date: Fri, 1 Oct 2004 10:31:40 -0400
Greetings,
I stand corrected! Yes, GuidoZ is quite right; the products that I was
mentioning were simple NAT boxes, and NOT proper firewalls. I have fallen
prey to my own attempt to convey complex ideas to the uninitiated with broad
terms, please accept my apology.
RandyW
-----Original Message-----
From: GuidoZ [mailto:uberguidoz@gmail.com]
Sent: Friday, October 01, 2004 1:15 AM
To: Randy Williams
Cc: bulliver@badcomputer.no-ip.com; security-basics@securityfocus.com
Subject: Re: Windows 98 box is 'owned'
While these are all good points, I'd like to make a clarification on one
thing.
> 1) Complete re-install of the OS with the addition of both a software
> firewall (ZoneAlarm) and a Hardware Firewall (Linksys, Dlink, etc).
Linksys, Dlink, etc are routers, not firewalls. While they function
similar to a hardware firewall (providing NAT and blocking the systems
behind them from direct access), they are NOT a substitute for a real
hardware firewall (SonicWall, AlphaShield, etc) when required.
Although, I believe a router would be plenty for your mother. =)
People frequently toss around the term "hardware firewall" (including
vendors), applying it to ANY device that provides NAT translation. In
my eyes, it takes a lot more then NAT to make a firewall. Additional
protection such as SPI, Content filtering, VPN, PKI, etc make up a
true hardware firewall.
-- Peace. ~G On Thu, 30 Sep 2004 16:51:32 -0400, Randy Williams <randyw@techsource.com> wrote: > Greetings Darren, > > This is a common problem to say the least; there are a couple of things that > you could do that could help out your Mother. > > 1) Complete re-install of the OS with the addition of both a software > firewall (ZoneAlarm) and a Hardware Firewall (Linksys, Dlink, etc). > > 2) Clean the system with Adaware, Spybot - Search & Destroy, the A/V of > your choice, fully patch the OS, install a good software firewall, and spend > some time showing your Mom some basic computing tips. Then, if that fails, > install the hardware firewall for her and see how it goes. > > Without constant monitoring though, the PC WILL become infected again, it's > just a matter of time. > > RandyW > > > > -----Original Message----- > From: Darren Kirby [mailto:bulliver@badcomputer.no-ip.com] > Sent: Wednesday, September 29, 2004 11:04 PM > To: security-basics@securityfocus.com > Subject: Windows 98 box is 'owned' > > Hello all, > > I am writing this on behalf of my Mom. She was complaining that her computer > > was sluggish, and that her HD space was getting used up faster than it > should. So I went over and fired up my trusty Linux live cd and had a look. > > Anyway, I found a directory right in C: named 'Downloads', and inside were > about 50 or so files, which were all warez, porn, windows exploits and > cracker 'howto's. Quite obviously this computer is owned, and is being used > as a warez server. I deleted the files, booted win, but they reappeared > after > about 10 minutes. The strange thing is that these files are ALL 29k, and all > > have filenames like: > > Adobe Photoshop crack.exe > Smashing the Stack.txt.exe > Eminem - full album.mp3.exe > Office 2003 full.exe > ... > On further inspection I found an identical directory at > C:/windows/Downloaded > Program Files/. God only knows how many trojans and other nasties are > sprinkled around... > > So I yanked the power cord out of her adsl modem, and told her not to plug > it > back in unless she was checking her mail. Bad advice for sure, but try > telling your mom that her computer is rooted by punk kids and it is too > cracked to have safe internet access at all. Seems that a complete OS > reinstall is in order, but it seems to me that if they can own her box once > they can own it again just as easy, which leads me to this list...I would > like to try some investigating, and try to figure out where the backdoor is, > > what exactly they are doing...and of course how to prevent it. > > Some background on myself...I am a Linux sysadmin, and have a great deal of > experience with UNIX operating systems...however, I have never run a windows > > box, and have only used one in the 'point-and-drool' sort of way. So I > really > know nothing of how the underlying OS works (or doesn't...). > > So I guess I am just asking for some opinions of the situation, and perhaps > some links to docs about this type of attack, and how to prevent it. Also, > any software along the lines of chkrootkit or other forensic tools, but for > windows would be a big help. > > TIA > -d > -- > Part of the problem since 1976 > http://badcomputer.no-ip.com > Get my public key from > http://keyserver.linux.it/pks/lookup?op=index&search=bulliver > "...the number of UNIX installations has grown to 10, with more expected..." > - Dennis Ritchie and Ken Thompson, June 1972
- Previous message: GuidoZ: "Re: FCC Asks For Comments On Internet Wiretapping"
- In reply to: GuidoZ: "Re: Windows 98 box is 'owned'"
- Next in thread: GuidoZ: "Re: Windows 98 box is 'owned'"
- Reply: GuidoZ: "Re: Windows 98 box is 'owned'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
