Re: [LUG] Windows XP, a review ?

To: "DCLUG" <list@xxxxxxxxxxxx>
Subject: Re: [LUG] Windows XP, a review ?
From: Neil Williams <linux@xxxxxxxxxxxxxx>
Date: Mon, 17 Nov 2003 19:26:09 +0000
Reply-to: list@xxxxxxxxxxxx

On Monday 17 Nov 2003 11:27 am, Bailey Mark wrote:
> Frank Johnson wrote:
> > Aren't I glad I use Linux, you bet !
> > I could NEVER go back...Pity the poor s*ds who use this every day.
> > By the way, you should also see my router's firewall log. I had 81
> > warning emails of port scans.
> >
> > Frank.
>
> Erm I don't understand why Windows is being blamed for port-scans on
> your router?  Port scans will happen regardless of OS...

The only factor, possibly, is that the sites that were generating all the 
popups could only do so via IE/Windows and if Frank was on a static IP, these 
sites could have forked some port scans, possibly even passing on details to 
other friendly sites (via the linked popups) - making his IP more of a target 
than before? Don't know how likely that really is, but it's possible I 
suppose. 

It's quite easy to code a popup that always opens another one if you try and 
close it. The only way to stop them is to close the new one before it gets a 
chance to download the next set of Javascript. With a fast broadband 
connection, that becomes quite a challenge.

Or the rogue software that was downloaded without Frank's knowledge - that 
could easily call home to a nefarious site that would respond with a port 
scan to try to drop a trojan etc. Maybe that's what the virus-checker 
stopped. 

From Frank's email:
> Two viruses were found but fortunately the virus monitor had denied
> access to run them. Six or seven rougue applications had been installed
> and it was not until I had gone through the registry with a fine tooth
> comb that I was reasonably happy I had got rid of "most" of it.

Maybe a third virus slipped past the virus checker? Certainly, something 
untoward was being executed because of all the Registry setting changes. It 
doesn't take much for one of those 6-7 applications to 'call home'.

What internet connection does your router use, Frank?

Were you using a Windows firewall?

What level of alerts were you getting prior to your experiment?

Have the alerts died down yet? (Now that you're back behind a Linux box.)

Do you have a static IP? (Have you changed it!?)

-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

Attachment: pgp00025.pgp
Description: signature

Re: [LUG] Windows XP, a review ?
- From: Frank Johnson

References:
- RE: [LUG] Windows XP, a review ?
  - From: Bailey Mark

Prev by Date: Re: [LUG] Cheap GNU/Linux Hosting Wanted
Next by Date: Re: [LUG] Installation onto a Firewire Disk
Previous by thread: RE: [LUG] Windows XP, a review ?
Next by thread: Re: [LUG] Windows XP, a review ?
Index(es):
- Date
- Thread

Lynx friendly