|
 Bowersdmstec
join:2001-02-02
Washington, IL
| Re: Port 135?! Let me ask you this,
I run my Norton Anti Virus and keep it updated (Even though this is new, so I doubt Norton has updated itself for this as of yet) and also run my network at home behind NAT. What else can I do to take even more precautions in regards to this?
TIA,
Whiteice
[text was edited by author 2003-08-11 19:48:09] | |
|
 | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Port 135?! said by Bowersdmstec  :
Let me ask you this,
I run my Norton Anti Virus and keep it updated (Even though this is new, so I doubt Norton has updated itself for this as of yet) and also run my network at home behind NAT. What else can I do to take even more precautions in regards to this?
TIA,
Whiteice
If you are behind NAT that you are pretty much okay. If you dont have port 135 forwarded to any computers for a VPN or something (not required anyways because of the tunnelling blah blah blah).
So you should be fine. Only people running their machines with ports open like others here, or no NAT firewalls at all, would have something to worry about.
You really dont even need a software firewall with NAT but it depends on your browsing habits. OI only get email from 10 people tops, no attachments (mostly) and never any .vbs, exe. pl or whatever that can execute.
--
10,000+ Posts and counting. You aint gonna stop me!!!!w00t!! | |
|
| | 
Give Me A Break
@63.226.x.x | Dazzled by Brillance ! Quote : If you are behind NAT that you are pretty much okay.
I would call you an idiot, but based on your other posts here that would seem redundant ! | |
|
| | | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Dazzled by Brillance ! said by Give Me A Break:
Quote : If you are behind NAT that you are pretty much okay.
I would call you an idiot, but based on your other posts here that would seem redundant !
????
Um yeah okay.....NEways, I have no firewall, no antivirus software, no Windows XP patches, and I am fine. Call me an idiot if you want, but atleast Im not one with worms anonymous coward!:)
--
10,000+ Posts and counting. You aint gonna stop me!!!!w00t!! | |
|
| | | | 
MrTangent
join:2001-12-28
Earth | Re: Dazzled by Brillance ! Don't worry about him, vic382398826. Just another anonymous person. 
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength" | |
|
| | | | | |
|
| 
Maggs
Premium
join:2002-11-29
Woodside, NY
 ·RCN CABLE
| Re: Port 135?! Sounds like the football calls. Blue 80, Blue 22 Hike. I got my Linky up and running, My Norton AV fully updated, Zone Alarm going, and for safe measure, why not try a fresh & friendly DSLR port scan. Have the techies run free if I don't secure it.  GOD I hope I don't have to reformat again its been my 3rd time this month, since I installed Satan's Pack I from Windows Update.
--
Let's get right to the .
[text was edited by author 2003-08-11 23:26:19] | |
|
| | |
| |
| | 
redstepchild
Premium
join:2002-01-04
Birmingham, AL | check out the W32.Blaster.Worm diaries isc.sans.org/diary.html?date=2003-08-11
all the techy stuff you could ask for related to this worm.
--
I'm a Cable girl.. In a Cable World.....RedStepChild@dslr.net | |
|
MrTangent
join:2001-12-28
Earth
| said by vic102482 :
Whoever has any numbers below 1024 open is really asking for it!
Matter of fact whoever has any ports open is asking for it!
Yeah, how dare anyone run an FTP on port 21 or a webserver on port 80! Those fools! I can't believe anyone would want to share information! Infidels! :P
I think the better statement would be:
Matter of fact whoever runs anything by Microsoft is asking for it!
And rightly so.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength" | |
|
| vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Port 135?! said by MrTangent :
said by vic102482 :
Whoever has any numbers below 1024 open is really asking for it!
Matter of fact whoever has any ports open is asking for it!
Yeah, how dare anyone run an FTP on port 21 or a webserver on port 80! Those fools! I can't believe anyone would want to share information! Infidels! :P
I think the better statement would be:
Matter of fact whoever runs anything by Microsoft is asking for it!
And rightly so.
Blah blah blah, shame on you and nil, you guys know what I mean:p lol
If you are browsing the web with no NAT or Firewall, then you are asking for it!
Hows that? MasterMrtangent.:p
--
10,000+ Posts and counting. You aint gonna stop me!!!!w00t!! | |
|
| | |
| | | |
| | | | 
museheart
Premium
join:2002-08-11
Hazel Green, AL
| Re: Port 135?! said by vic102482 :
said by museheart :
Zone Alarm has been blocking 73.165.128.151 to port 2268 TCP Flags SYN all of two weeks now. I haven't looked it up yet, I was about to and saw this thread.
I had Linksys hooked up but due to some computer diagnostic's it isn't right now. I ended up having to re-format the hard drive.
Guess I should hook it back up post haste?
Peace,
Yeah keep the linksys on at all times. I had only 1 computer and I had a NAT box. I dont ever update my machine unless I need to. I havent updated ANY of my computers to patch the worm because I am behind NAT. The firewall is good encase it somehow makes it onto your network, you will see it trying to download the meat and potatoes to your computer. The msblast.exe alone doesnt harm your machine (or so others say), only when it can get out onto the web and start reaking havok on your connection. NATs really cant protect against outgoing connections (although you can block incoming and outgoing ports).
So I'm going to hook it up. What ports if any should I block (and how) on the Linksys?
When you say keep the Linksy's on at all times, do you mean as well as the modem? Someone told me to keep them both on all the time and I thought they were in idiot.
I used to always keep the Linksy's on but turn the modem off, sometimes un-plug it.
Thanks,
--
MuSe
Visit Fighting Back! - Quick links to the best freeware anywhere!
»home.mchsi.com/~museheart/fight.html | |
|
| Alky
join:2001-08-12
Cleveland, OH
| Hee hee! Why would anyone even own a pc for that matter? 95% of worms, virii, and nasty scripts are written for the M$ platform. The other 5% are diviied up between Mac and Linux. I haven't run a virus scanner on my Mac in years. My pc I find I'm constantly checking for all kinds of crap. I spend more time doing maintenance on it than anything else. What fun is there in that? I'm way more productive on my Mac. | |
|
| |
DogmaBast
@206.169.x.x
 from:
rchandra
| Re: Port 135?! Alky-
You are preaching to the choir here. My desk is surrounded with 2 Mac's (G3/G4 OSX) and 1 Intel Linux (RedHat 9) Desktop, 1 Linux RedHat Notebook.
(almost) Everyone in my office building is running around like heads with their chickens cut off. Some offices have high-end firewalling using outboard NetScreen & IPIX iron, but the worm still got through.
Here is the funny part; I had a scheduled sales presentation (remote data disaster recovery services) today and one of the "competitors" whose pitch was 2 hours before mine ran my meeting late...his laptop PP presentation wouldn't fly...his PC laptop kept going into a forced shutdown. My StarOffice demo ran like clockwork.
Why people continue to put up with this "platform" escapes me. | |
|
| | |
| 
murdok6100
Avatar. Get It, Avatar?
join:2002-06-20
| said by MrTangent :
Matter of fact whoever runs anything by Microsoft is asking for it!
And rightly so.
Oh but of course (good one!)
Murdok610 | |
|
geierr
Computer Nut
Premium
join:2001-07-07
Yakima, WA
·Charter Pipeline
| All of my ports are blocked using Norton Internet Security. Have been using this firewall for over two years now. A port check via the Symantec website lists all of my ports as "stealth." Anyone who uses the Internet, especially via a broadband connection is foolish to not be using a firewall.
--
Robert L. Geier | |
|
| cableblows3
join:2001-06-17
Indianapolis, IN
| Re: Port 135?! said by geierr :
All of my ports are blocked using Norton Internet Security. Have been using this firewall for over two years now. A port check via the Symantec website lists all of my ports as "stealth." Anyone who uses the Internet, especially via a broadband connection is foolish to not be using a firewall.
good reading and a port scan
»grc.com/np/pa-features.htm
»grc.com/default.htm | |
|
| | 
FLea973
Premium
join:2001-02-27
Morristown, NJ
clubs:
| Re: Port 135?! cableblows3 ] said by »grc.com/np/pa-features.htm :
The steadily decreasing security of the industry's most prevalent operating system (Microsoft Windows) warrants more comprehensive testing.
A good read... a humorous one too - and to think Microsoft is "focusing" on making very secure software... funny I felt safer when they weren't focusing on it. | |
|
x____
join:2003-02-13
____
clubs:
| A lot of home users don't use NATs like linksys because they only have one PC and they don't download software like Zone Alarm because they aren't aware they need it.
I just cleaned this off of two systems today (not my own).
First was around 3pm the second was around 6pm. | |
|
| wtansill
Ncc1701
join:2000-10-10
Falls Church, VA | Re: Port 135?! Well, my SMC Barricade is blocking things nicely... Lots of log hits, no responses to the originating queries...
--
That which does not kill me merely prolongs the agony. | |
|
hubs187
join:2003-01-21
Lisle, IL
| i got hit by it this morning.....if ive already been infected is there anytihng i can do to get it out...or quarentined?.....i put up my built in windows firewall is that enough.....now how do i stop it form infecting other computers from mine? please respond | |
|
| x____
join:2003-02-13
____
clubs:
| Re: Port 135?! Disable system resore if using XP or Windows ME.
Open registry editor, go to:
HKEY_Local_Machine
Software
Microsoft
Windows
Current Version
RUN
delete the entry for Windows Update which has a value that executes MSBLAST.EXE
Restart in safe mode, delete the file MSBLAST.exe from C:\Windows\System32
or
C:\Winnt\system32
Reboot and then apply the patch from Windows Update and update antivirus software. | |
|
biggoofball
join:2003-07-07
Clarkson, KY | I will have to check my system...thanks for the info | |
|
|
Neophyte101
All Your E-Mail Are Belong To Us
join:2002-01-02
Deep River, CT
| quote:
Matter of fact whoever has any ports open is asking for it!
Yeah ok... did you even realize that if you NEVER EVER had ports open you would NEVER EVER be able to do anything on the internet? Web browsers open ports to transfer data... so do IM clients, FTP clients, multiplayer games and every other piece of software that transfers data over a network. | |
|
| vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: Port 135?! said by Neophyte101 :
quote:
Matter of fact whoever has any ports open is asking for it!
Yeah ok... did you even realize that if you NEVER EVER had ports open you would NEVER EVER be able to do anything on the internet? Web browsers open ports to transfer data... so do IM clients, FTP clients, multiplayer games and every other piece of software that transfers data over a network.
See above smarty pants.;)
--
10,000+ Posts and counting. You aint gonna stop me!!!!w00t!! | |
|
jgoldring
join:2002-03-11
Burlington, ON | For christ sakes...take your hit (IF ANY!)
MS has patches out that make up for most common problems. Port 135? Yes, and anything around that!! Netbios is an issue, MS knows it and you are just re-starting a simple problem to begin with.
J. | |
|
|
Maggs
Premium
join:2002-11-29
Woodside, NY | Re: Port 135?! MS Patches fudged my PC 3 times. I would be careful installing Service Pack 1, or Satan's Paradise 1 as I call it for messing up my PC 3 times.
--
Let's get right to the . | |
|
jennjen
join:2003-08-12
Rohnert Park, CA
| I'm sorry.. but I'm not too computer literate. I have the worm and it keeps replicating itself in my system. I delete the file (msblast.exe) but it comes back again and again. I must not have a firewall up. Can someone please guide me through the procedure?
thank you. | |
|
| crazylike
join:2003-08-12
canada
|  you need to lock the door
you could do a search for files ending in .sah .bak .pid .bat these files are common to sdbots and to msblast.exe as there seems to be 3 parts to this bot 1st a ftp 2nd a irc xdccbot 3rd a self contained scanner and auto rooter very fancy piece of programming to bad i found all three peices man people will be mad at me lol | |
|
crazylike
join:2003-08-12
canada
| people just goto the computer management and then to the sub dir user and group accounts close and password all you accounts and delete the ones the windows makes at instal.
then go find the msblast as you call it its actually a sdbot you can remove it by finding the host folder it usually is c:winnt/system32/drivers/etc or c:/winnt/system32/config
best idea is look for folders that just do not belong eg Certserv or Jobs Cpuidle these folder will be in system32 folder so look there they will be hidden folders and files look in the reg and edit the HKEY which controls rundll32.exe Microsoft does know about this pronlem but chooses not to fix it | |
|
|
|
|
·
·