Re: Netgear portscanning me?

Chuck <skilover_nospam@xxxxxxxxxxxxxx> wrote:
http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
I referred to it incorrectly as a DNS corrupting worm because in the
environment where I work it was windows 2000 based DNS servers that were
affected. The point however is still valid. If these servers had been
properly firewalled they would not have been affected.

If these servers wouldn't have offered network services to the Internet
they should not offer, no firewalls would have been needed.

These worms are why I hacked http://www.dingens.org at this time.

The problem is not, that those servers needed firewalling. The problem
is, that Microsoft failed and have to answer for all this damage,
because it's completely moronic to offer unneeded network services
which are potentially vulnerable, and to make this the default and even
make it complicated to stop that.

To be clear:

What we're talking about is worm-rbot.cbq.

<http://www.sophos.com/virusinfo/analyses/w32rbotcbq.html>
| Name > W32/Rbot-CBQ
| Type * Worm
| How it spreads * Network shares
| Affected operating systems * Windows

BTW:

| What this worm has to do with DNS * completely nothin' ;-)

It's completely idiotic to enable network shares to the Internet. Just
disable them => no firewalling needed.

Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"
.

Relevant Pages

  • Re: Preventing exploitation with rebasing
    ... exploitation of your typical worm. ... >experienced in windows usually have little firewalling skills. ... Localized host-based hardening is fine for net-facing web servers ...
    (Bugtraq)
  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... You already have 80% of the work setup (DNS Aliases and HostHeaders) on the ... domain accounts (one for each layer) should be sufficient. ... The Application Servers are load balanced clustered, ... as the account name and SPN alias is correctly defined on both nodes. ...
    (microsoft.public.inetserver.iis.security)