Re: Dlink.com.sg intrusion with worm??

---

• From: Luther <cyw2001@xxxxxxxxxxx>
• Date: 12 Oct 2006 00:05:35 +0800

---

Dear All,

Thank you for all the comments and helps!

I thought I could get some geeks to show how to counter this intrusion.

Anyway just to point out some of the missing notes.

1. Firewall - 192.168.x.x (some got it, a private network behind a
rounter with NAT, DHCP).

2. XP-sp2 autoupdate and firewall is on.

3. ZoneAlarm-Pro3 also have problem with this site, a month back my
W98se PC with IE6, crash (BSoD) after 15 minutes browsing some of the
catalog.

4. Once I had BitDefender7 installed on the XP on top of NAV, the
Website cause the PC to standstill. As BitDefender is all in one
(Fireware, antispams, antivirus) it slowed the system too much and was
removed.

5. During that time I am the only user on my LAN? All the PC's are in
view of each other.

Questions
1. Packet filtering why and how? How much technical detail you have to
know?

2. www.dlink.com.sg will response from relatively fast to very slow as
you request more pages (3~5). It required you to enable script for both
the global and local site. Did it use some script code to attack port 21
and 1149? You should try it if you think you are better then them.

3. Someone may want to suggest that disable all unused ports. But then
some of the port may use from time to time eg ftp, smtp, NNTP, POP etc.
So what would you suggest? Will it mean that I have to enable it
everytime when use?

Thanks in Advance!
Luther
.

---

• Follow-Ups:
  • Re: Dlink.com.sg intrusion with worm??
    • From: Moe Trin

• References:
  • Dlink.com.sg intrusion with worm??
    • From: Luther
  • Re: Dlink.com.sg intrusion with worm??
    • From: mak
  • Re: Dlink.com.sg intrusion with worm??
    • From: mak
  • Re: Dlink.com.sg intrusion with worm??
    • From: Moe Trin

• Prev by Date: Re: Negative permissions WITHOUT ACLs
• Next by Date: Re: Negative permissions WITHOUT ACLs
• Previous by thread: Re: Dlink.com.sg intrusion with worm??
• Next by thread: Re: Dlink.com.sg intrusion with worm??
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: keeping ports open ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... (microsoft.public.security) Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: CEICW fails at firewall config ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ... (microsoft.public.windows.server.sbs) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) Re: Is secedit.exe left by a hacker? ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2006-10