Re: 832894 phish fix -- TCP broken

From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 14:21:14 -0700

Most likely the problem was there before the patch and the reboot was a
coincidence. Since you don't have the issue anymore we can't help
troubleshoot but there could have a plethera of things to look at. Thanks
for posting at least I guess to let people know to be carefuly?!?!? I cannot
telnet to 127.0.0.1 25 either on my Exchange server ............... 

-- 
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Clyde" <b26440510@DELETEyahoo.com> wrote in message
news:fol220tpqa9m8n8ihd0aohsh67bc238hoj@4ax.com...
> System: Win2K Pro on 2.4P4 1GB RAM.  Used as server for internet apps
> (email, web, ftp, etc).  Been running good for many years.  No new
> software installed for many months.
>
> I installed Windows Update 832894 on my Win2K SP4 box yesterday.  When
> it asked if I wanted to restart, I said no.  After I restarted later
> that evening, when I opened my email client it could not connect to my
> email server which runs on this machine (machine A).  I opened up a
> terminal window and tried to connect to port 25 -- connection refused.
> I tried to connect to port 80 (running a webserver on this machine
> also) -- connection refused.
>
> I tried to telnet from machine B to machine A to port 25 -- connection
> accepted, same with port 80 from B to A.
>
> I opened up my FTP client on machine A and tried to connect to the FTP
> server running on machine A -- can't connect.  Telnet to port 21
> showed connection refused.
>
> Connections to the outside world from box A worked fine -- I can go to
> google, etc..  The problem only happens when trying to access a port
> on machine A from machine A.
>
> I checked my Ghost image files and the latest one I had was from
> 10/2003 so I tried fixing the current install.
>
> Patch 832894 shows no information for rolling the patch back.  It does
> not show up in Add/Remove.
>
> Made a ghost image of my current Win2K partition.  Tried uninstalling
> SP4 -- connection refused.  Reinstalled SP4 -- connection refused.
> Tried repairing IE6 -- connection refused.  Tried uninstalling and
> installing IE6 -- connection refused.  Tried repairing Win2K from CD
> -- connection refused.
>
> Finally restored my Ghost image from 10/03 and everything works.
>
> I called MS' virus and security number 800-PCSECURITY.  Unfortunately
> the lady on the other end didn't seem to understand at all.  She kept
> telling me to contact my ISP and they could issue me a new IP number,
> blah, blah.  After a few more minutes, she said that it sounded like
> an ISP issue and I told her that 127 addresses don't get outside the
> local network so the ISP didnt have anything to do with it.  Then she
> said if I ever got the virus removed, and I informed her that the
> patch was to fix vulnerabilities, it had nothing to do with viruses.
>
> She eventually gave me a ticket number (146276720) and said it would
> be sent to escalation and they'd call back.  Then I called MS support
> and eventually got to Win2K support.  Told them the symptoms.  They
> said they could check if the patch could cause it but if not they'd
> charge me for support.  I told them I was simply trying to let MS know
> that there could be an issue with the patch.
>

Relevant Pages

  • Re: indent(1) support for gcc(1) 0b prefix
    ... I'm using avr-gcc from the ports and relying on the 0b prefix notation ... (patch attached). ... system does not support this syntax, and AFAIK, only the avr-gcc port ... Create another port, say avr-indent, that is not more than a copy ...
    (freebsd-hackers)
  • Re: [RFT] major libata update
    ... The above patch doesn't do anything. ... Single master device configuration, no slave device. ... the phantom device is finally detected by ata_dev_identify. ... SATA port. ...
    (Linux-Kernel)
  • Re: [PATCH] Option to disable AMD C1E (allows dynticks to work)
    ... I will keep testing this patch with upcoming git ... provide a DMI based port 0x80 I/O delay override. ... Certain laptops experience trouble from our port 0x80 ... +static inline void slow_down_io ...
    (Linux-Kernel)
  • Re: Event ID 6161 for HP 6840
    ... patch related to an exposure via the print spooler service. ... download which offers the option of a local port. ... >> There were no problems with the install and the printer works find so long ... >> 3) All machines on the network can connect to the printer via Internet ...
    (microsoft.public.windowsxp.print_fax)
  • Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
    ... The patch changes the default behavior of dns so that queries are responded to from random ports rather than always from the same port Reversing the patch merely returns you to the previous default behavior. ... IOW, there is a separate vulnerability in dns, which Dan has not yet revealed, that allows you to take advantage of the non-random nature of query responses. ...
    (Full-Disclosure)