[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Monday 17 Nov 2003 11:27 am, Bailey Mark wrote:
Erm I don't understand why Windows is being blamed for port-scans on your router? Port scans will happen regardless of OS...
I advertised my presence by trying to do something a bit shady.. Windows was successfully attacked and the whole thing escalated.
The only factor, possibly, is that the sites that were generating all the popups could only do so via IE/Windows and if Frank was on a static IP, these sites could have forked some port scans, possibly even passing on details to other friendly sites (via the linked popups) - making his IP more of a target than before? Don't know how likely that really is, but it's possible I suppose.
It's quite easy to code a popup that always opens another one if you try and close it. The only way to stop them is to close the new one before it gets a chance to download the next set of Javascript. With a fast broadband connection, that becomes quite a challenge.
Or the rogue software that was downloaded without Frank's knowledge - that could easily call home to a nefarious site that would respond with a port scan to try to drop a trojan etc. Maybe that's what the virus-checker stopped.
From Frank's email:
Two viruses were found but fortunately the virus monitor had denied access to run them. Six or seven rougue applications had been installed and it was not until I had gone through the registry with a fine tooth comb that I was reasonably happy I had got rid of "most" of it.
Maybe a third virus slipped past the virus checker? Certainly, something untoward was being executed because of all the Registry setting changes. It doesn't take much for one of those 6-7 applications to 'call home'.
What internet connection does your router use, Frank?
Were you using a Windows firewall?
What level of alerts were you getting prior to your experiment?
Have the alerts died down yet? (Now that you're back behind a Linux box.)
Do you have a static IP? (Have you changed it!?)
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.