Creepy

Security, malware, viri--you've got to keep your eyes open
Post Reply
SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/22/04, 4:58 pm

Just hooked the cable up and now I am getting popup ads that look like system messages. I know it has nothing to do with Shell City. Can't windows get a grip? Looking back I wonder if those ICMP packet hits on my firewall are these messages????
Time to put the dogs at the gate.
It is better to be here than there - SOD

AndrewB
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 2385
Joined: 12/09/01, 12:00 am
Location: USA
Contact:

Post by AndrewB » 04/24/04, 3:50 am

If you're using Win2k+, did you disable the Alerter service and Messanger service?
Keep Your Assets & ID Private! Can you afford not to?

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 04/24/04, 7:13 am

Yep, sounds like netsend spam. Disable messenger service.
http://www.andyrathbone.com/tips/netsend.html

_________________
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2004-04-24 15:16 ]</font>

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/25/04, 1:17 am

Thanks, I knew it was that service just can't believe
humans can figure a way to exploit everything.

AndrewB
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 2385
Joined: 12/09/01, 12:00 am
Location: USA
Contact:

Post by AndrewB » 04/25/04, 6:02 am

There's a very easy answer to that question, SOD. Anything that can be created by humans can be destroyed by humans because in the grand scheme of things, very few of us are *that* much smarter than anyone else. Also, w/ our ability to communicate and pool resources, its only a matter of time for 5 brains to outwit 1 if motivated enough. Therefore, never consider *anything*, either computer-related or not 100% secure.
Keep Your Assets & ID Private! Can you afford not to?

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/25/04, 8:09 am

Im not concerned about security that is not the issue, exploitation is.

AndrewB
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 2385
Joined: 12/09/01, 12:00 am
Location: USA
Contact:

Post by AndrewB » 04/25/04, 3:03 pm

they are mutually inclusive
Keep Your Assets & ID Private! Can you afford not to?

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/25/04, 7:38 pm

Security is a byproduct of exploitation. They do not include one another nor are they synergistic. Although
it may appear that way.

<font class=editedby>[ This Message was edited by: SOD on 2004-04-26 03:40 ]</font>

RedRage
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1542
Joined: 12/04/01, 12:00 am

Post by RedRage » 04/26/04, 1:35 am

I don't even know if i'd call netsend an exploit.. more of a feature that can be annoying.

It is really handy if your running a program/script on another system and want to be notified when it is done. If you do use it, its a good idea to edit your firewall to only allow certian ips in.

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/26/04, 2:03 am

Does the service run on icmp Red?

RedRage
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1542
Joined: 12/04/01, 12:00 am

Post by RedRage » 04/26/04, 3:01 pm

no icmp is mainly for diagnostics ( ping, traceroute, etc ).

to backtrack abit... if you dont use netsend, disable it. most people do not use it

SOD
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5284
Joined: 12/06/01, 12:00 am
Location: here and there

Post by SOD » 04/26/04, 4:41 pm

Thanks I did so. For a while I had a ton of ICMP requests now they have stopped. I gave the addys to the abuse dept at my IP. I wonder if they did something about it.

Post Reply