Irish Broadband - A pipeline for viruses ?

jetsonx

A couple of months ago I was helping a friend out with their pc - it
was ridden with virues and spyware - so I did a complete FORMAT and
reinstall of XP. Brought it back to him and law and behold as soon as
the ethernet plug was is the AV said such and such virus was detected
AFTER GOING TO COMPLETELY SAFE SITES e.g. aerlingus.com boards.ie
etc. This really surprised me. The only thing funny about the setup was that the pc was statically configured Irish broadband.

Now last week, another friend was also ridden with viruses and spyware - this again called for a COMPLETE FORMAT and reinstall of XP. Again the computers AV scanner detected viruses the minute it was plugged in. Highly unusual I thought! How do you connect to the net I asked : oh Irish broadband with a statically configuted IP address, he said. Unbelievable.


I have never seen this with any other ISP. It is as if the spyware sites etc had remembered the static IP configuration and once the system was plugged back in - it was like a magnet to them.

Anyone else experience this ?

Saruman

Its possible with a static IP i suppose... not IBB's fault though.

jetsonx

I think is it IBB's fault ! why do they insist people use static IP addresses.

majiktripp

Irish broadband arent putting the virus's on the computers...theres no internet provider that does that,just the thing between the chair and the keyboard.....

Saruman

jetsonx just get your friends to use some dynamic DNS type service... just a proxy address.. might sort it.. other than that get them to request a new ip address.

as far as i know all wireless ISP's give a static IP.. i could be wrong.. it might be necessary for the technology.

jetsonx

anybody know how to change their IBB connection from static to automatic ?

Saruman

You cant... its static at the source... you would have to call IBB and get them to change it but it will still be static. Even on ADSL like eircom if you had a static IP and changed your settings to by obtain automatically.. you would ALWAYS get the static IP address unless eircom changed it.

bushy...

I think i posted somewhere before about it , afaik the yoke on yer roof is just a bridge and anything inside gets sent outside to the rest of the IBB network, really you shoud have a router/firewall between the IBB box and your pc(s).
It gets better... i was helping someone get a linux pc going on it and noticed a good few attempted connections ( windows shares type stuff , port 135/139 etc) ,so i tracerouted a few of the ips , some were pcs at the other side of the country happily saying hello,a few seconds later and you can have pc name,share name , mac address ,workgroup name n lots more if your into that
There is just so many of them tis unreal

gnashrr

jetsonx wrote:

Now last week, another friend was also ridden with viruses and spyware - this again called for a COMPLETE FORMAT and reinstall of XP.

A box being ridden with viruses and spyware never warrants a complete format. Formatting your pc is a copout.

To suggest that any ISP is at fault for the spyware and viruses is ridiculous.

Stark

Your friend needs to install a firewall and virus scanner. You'll need to do that with any computer that's connected to the net for long periods, not just one with IBB. He also needs to make sure he has security updates installed from Windows Update.

jetsonx

Stark wrote:

Your friend needs to install a firewall and virus scanner.

the firewall and AV pop-up boxes are making alerts every 3-4mins even when the browser is not open.

Stark

The browser does not need to be open for a virus to attack the machine.

jetsonx

I know that ! but this machine is being attacked at an extraordinarily high
rate.

the_syco

HAHAHAHA. Seriously, anyone I know connecting tobroadband, I tell them to get an AV, or I install one for them. At FAS, the lecture showed what happened when he dialed to an outside line. Within 4 minutes, the program he was using started to spot scanners scanning his PC, and then a virus tried to get in.

Its not the OP's ISP, its just that their PC is open o the outside world.

jetsonx

its open because its got a static IP address which I need to change - but how
do I do this ?

K.O.Kiki

Jeez man, PC connected to net = PC about to be attacked.
All you can do is create walls & trenches...

gnashrr

jetsonx wrote:

its open because its got a static IP address which I need to change - but how
do I do this ?

It's not open because you have a static address, aren't you paying attention to anything anyone has says? How are you drawing these crazy conclusions?

stevenmu

Just a guess here, with DSL most people are connecting through a NAT router which offers a certain amount of protection from random passing scans and the like, does IBB's equiptment work in a similar way, or is the PC more directly connected to the net ?

Skud

seems to me it's a bit more open... A hardware firewall in a router sorted all my problrms with that. Need a decent firewall and av alright and thats the end of it. The router will give u a dynamic ip if you really really want. Provieded it has a DHCP server built in,which most do. You're not going to be able to change much more bout your ip.

irlrobins

stevenmu wrote:

does IBB's equiptment work in a similar way, or is the PC more directly connected to the net ?

With IBB there is no NAT, as you don't have a modem/router like a DSL or cable BB would. However most people connect a wireless router in order to share the connection, and thus have NAT firewall protection.

OP, blaming IBB for the attacks is complete shite. You'd be getting the same amount of attacks if you were with another ISP. The lack of security on the user's PC is to blame, nothing else.

Cuddlesworth

Mabye you should ask these friends what sites they are visiting? I'v been with Ibb for a year, no router or firewall for 6 months and I have never had any problems.

DemonOfTheFall

jetsonx wrote:

A couple of months ago I was helping a friend out with their pc - it
was ridden with virues and spyware - so I did a complete FORMAT and
reinstall of XP. Brought it back to him and law and behold as soon as
the ethernet plug was is the AV said such and such virus was detected
AFTER GOING TO COMPLETELY SAFE SITES e.g. aerlingus.com boards.ie
etc. This really surprised me. The only thing funny about the setup was that the pc was statically configured Irish broadband.

Now last week, another friend was also ridden with viruses and spyware - this again called for a COMPLETE FORMAT and reinstall of XP. Again the computers AV scanner detected viruses the minute it was plugged in. Highly unusual I thought! How do you connect to the net I asked : oh Irish broadband with a statically configuted IP address, he said. Unbelievable.


I have never seen this with any other ISP. It is as if the spyware sites etc had remembered the static IP configuration and once the system was plugged back in - it was like a magnet to them.

Anyone else experience this ?

It's because the users aren't using routers with NAT, so they're wide open to the internet. It's the same with any non-NATed connection.

jetsonx

so a wireless router should solve the problem ? (even though I do not
intend to have the connection wireless)


IBB modem -> Wireless router -> PC ?

trojaneater1

DemonOfTheFall wrote:

It's because the users aren't using routers with NAT, so they're wide open to the internet. It's the same with any non-NATed connection.

seems to me like he never really got rid of the original viri or trojans.....................................

jetsonx

seems to me like he never got rid of the original viri or trojans

how many viruses or trojans can you name that can survive a complete
format of a hdd - and i mean a complete format ? How many viruses or trojans can you name that can survive a complete format of the boot sector of a hard drive ? Never heard or seen such a case documented in my life.

Thomas_S_Hunterson

how many hard drives are in the computer, did you format all of them?

K.O.Kiki

krazy_8s wrote:

Mabye you should ask these friends what sites they are visiting? I'v been with Ibb for a year, no router or firewall for 6 months and I have never had any problems.

Checked for any nasties lately?

subway

http://news.com.com/Study:+Unpatched+PCs+compromised+in+20+minutes/2100-7349_3-5313402.html

20 min survival time in 2004.
ive heard its down to 4 mins these days.

get a firewall

Tom Dunne

jetsonx wrote:

how many viruses or trojans can you name that can survive a complete
format of a hdd - and i mean a complete format ? How many viruses or trojans can you name that can survive a complete format of the boot sector of a hard drive ? Never heard or seen such a case documented in my life.

I think you are missing the point. You did clean the PC by re-formatting it. But the second you connect to the net, viruses start infecting your machine. This will happen on any ISP, so it is complete rubbish to blame IBB.

As others have said, you need a firewall. Most wireless routers have them built in, hence why others here are recommending a wireless router. Here is a non-wireless router with a firewall, not bad for 30 Euro.

You should also ensure you have all the security updates too (of course you can't do that until you can connect to the net safely).

Cuddlesworth

K.O.Kiki wrote:

Checked for any nasties lately?

Daily, and the computer only turns off to re-boot. The reason Virus's would be still looking to infect his pc, is because they were looking a dodgey sites in the past and his Ip is now well known.

Explosive_Cornflake

I think the lesson here is not to have a windows machine connected directly to the the net. My router sorts all that crap out. Then I just forward the ports I want to one machine, a linux one. From there you can do most stuff over ssh.

gnashrr

I think the lesson here is that the problem can be easily solved regardless of whether or not his IP is known. All he needs is to not take extreme measures in the future like formatting his pc and install a good AV package and firewall. I recommend AVG Antivirus + Firewall. There are no viruses/spy/mal/adware that can't be gotten rid of if you put the effort in.

Terry

krazy_8s wrote:

Daily, and the computer only turns off to re-boot. The reason Virus's would be still looking to infect his pc, is because they were looking a dodgey sites in the past and his Ip is now well known.

if this is so, how do you explain the fact that 10 minutes after switching from eircom to IBB, my pc was completely riddled with viruses.
my IP can't have been known, as it was a new one. that and the fact that i don't look at dodgy sites.

i have the viruses under control now, but it took me a good while to get to this stage. i have no computer training whatsoever, so i was basically learning as i went along. how many more of their customers have been in the same position as me?

i never had a problem at all with eircom. (except for the ridiculous price)

gnashrr

julep wrote:

if this is so, how do you explain the fact that 10 minutes after switching from eircom to IBB, my pc was completely riddled with viruses.

This is because you didn't have yor firewall and anti-virus software installed or running correctly. Blaming IBB for your poor security is stupid.

mickoneill30

julep wrote:

i have no computer training whatsoever, so i was basically learning as i went along.

I think that's the most important line in your statment. And it shows.

If I put a properly setup Windows XP machine (patched and with firewall) straight onto a network with millions of viruses (say, the INTERNET) then my PC will not get infected. Of course there are plenty of things I can do to get viruses (skip patches, surf dodgy sites using IE, run crappy software that I've got backed up that may already be infected and that's only 3 ways, there are many more).

Really if you guys are formatting machines and getting viruses straight away you should pay somebody to do it right.

Blaming an ISP or a static IP is so idiotic and really shows you don't have a clue about networking.

How do banks protect themselves or major corporations? They've got well known IP addresses and they're big targets. Do they have some mystic secret or is it because they don't use IBB?

What is your logic anyway? Do you think that because you've got a static IP or are using IBB that somehow your IP address is being attacked harder than somebody that has a dynamic IP? If you're attacked at all and your machine isn't setup correctly then you'll get infected.

Really, really simple steps for using a Windows machine on the internet.

Disconnect the network cable.
Install XP with SP2.
Make sure the firewall is on or install a third party firewall.
Install a virus checker.
Patch your XP to the latest patches (you can do this from the internet once your firewall is on). Do not surf to any other site yet.
Configure IE to setup high security. If you don't know how to do that then download Firefox or Opera and use that instead.

That's all it takes. If you can't manage that and you're still getting infected then splash out and get a professional to install it (not your mate down the road who "knows" about computers, a professional.

Extra steps for those that are more advanced are

Get a NAT router. All attacks will go to that and won't get forwarded to your PC.
Install a software firewall that checks outgoing traffic. Windows inbuilt firewall doesn't do that. It's fine for protecting your PC but if some muppet downloads a dodgy app and runs it then Windows firewall won't notify you or block the app. Many third party firewalls will.

mickoneill30

jetsonx wrote:

so a wireless router should solve the problem ? (even though I do not
intend to have the connection wireless)
?

No. NAT means that the router (wired or wireless) is configured with the publically accessible IP address. Your PC is configured with a private internet address (10.x.x.x or 192.x.x.x). Nobody on the internet can connect to a computer on the internet to one of those addresses. So if somebody tries to access your public IP the NAT router will just drop the traffic and it will never get to your PC (unless you've configured port forwarding, but that's another kettle of fish).

But when you surf out to the internet your router sends out your traffic and knows to send the reply to your PC when the response comes back. So it's a nice cheap way of protecting yourself.

Terry

mickoneill30 wrote:

I think that's the most important line in your statment. And it shows.

If I put a properly setup Windows XP machine (patched and with firewall) straight onto a network with millions of viruses (say, the INTERNET) then my PC will not get infected. Of course there are plenty of things I can do to get viruses (skip patches, surf dodgy sites using IE, run crappy software that I've got backed up that may already be infected and that's only 3 ways, there are many more).

Really if you guys are formatting machines and getting viruses straight away you should pay somebody to do it right.

Blaming an ISP or a static IP is so idiotic and really shows you don't have a clue about networking.

How do banks protect themselves or major corporations? They've got well known IP addresses and they're big targets. Do they have some mystic secret or is it because they don't use IBB?

What is your logic anyway? Do you think that because you've got a static IP or are using IBB that somehow your IP address is being attacked harder than somebody that has a dynamic IP? If you're attacked at all and your machine isn't setup correctly then you'll get infected.

Really, really simple steps for using a Windows machine on the internet.

Disconnect the network cable.
Install XP with SP2.
Make sure the firewall is on or install a third party firewall.
Install a virus checker.
Patch your XP to the latest patches (you can do this from the internet once your firewall is on). Do not surf to any other site yet.
Configure IE to setup high security. If you don't know how to do that then download Firefox or Opera and use that instead.

That's all it takes. If you can't manage that and you're still getting infected then splash out and get a professional to install it (not your mate down the road who "knows" about computers, a professional.

Extra steps for those that are more advanced are

Get a NAT router. All attacks will go to that and won't get forwarded to your PC.
Install a software firewall that checks outgoing traffic. Windows inbuilt firewall doesn't do that. It's fine for protecting your PC but if some muppet downloads a dodgy app and runs it then Windows firewall won't notify you or block the app. Many third party firewalls will.

i'm really sorry for my above questions. i'm apologise if they offended you. that was not my intention.

it's just that IBB never informed me that i would need a router to avoid viruses. they just came to my house and installed the equipment. they never mentioned the word router at any point in our negotiations.
i probably should have known to get one, but apparently i'm stupid for not knowing this.
ah well, live and learn.
note to self, ask some l33t person what to do before surfing the internet ever again. they get angry with you if you (unwittingly) do something that gets you a virus.

mickoneill30

julep wrote:

if this is so, how do you explain the fact that 10 minutes after switching from eircom to IBB, my pc was completely riddled with viruses.
my IP can't have been known, as it was a new one. that and the fact that i don't look at dodgy sites.

Some problems with that statement.

You weren't running a firewall.

You weren't running an up to date virus checker.

What do you mean that your IP address was new? Viruses don't just attack you because you've surfed somewhere. They can just pick a range say 60.1.1.1 to 65.100.100.100. I don't know how many thousands of IPs sit in that range but a bot can keep scanning all those IPs for weeks (and there could be thousands of bots trying the same address ranges so you might get hit every few minutes). If the IP is firewalled or doesn't have a PC turned on then the bot just tries the next one.
And your IP is never new anyway. How do you know that the person who had it before you didn't go to dodgy sites? A user could have been using that for a year then finished up with IBB. What do you think they do with those old IP addresses? Throw them away or reuse them?

The bottom line in all of these posts is that the users connected an unprotected PC to the internet and got infected.

In this case you have 3 options.

Change to a different ISP.
Easy but it won't fix your problem

Change to a different OS.
Not so easy if you need Windows apps but it would fix your problem.

Learn how to secure Windows properly.
Easyish but many people don't have a clue.

mickoneill30

julep wrote:

i'm really sorry for my above questions. i'm apologise if they offended you. that was not my intention.

it's just that IBB never informed me that i would need a router to avoid viruses. they just came to my house and installed the equipment. they never mentioned the word router at any point in our negotiations.
i probably should have known to get one, but apparently i'm stupid for not knowing this.
ah well, live and learn.
note to self, ask some l33t person what to do before surfing the internet ever again. they get angry with you if you (unwittingly) do something that gets you a virus.

You didn't offend anybody.
You don't need a router to avoid viruses. Read my post again.
You came on saying that you were infected after 10 minutes because of IBB.
It's not the job of the ISP to protect your PC. That's your job.
If you don't want people to get annoyed then don't immediately start implying it's somebody elses fault.

astrofool

tbh, it sounds like the blaster virus, and that means that SP2 wasn't installed (which can be done while offline), make sure every patch from windowsupdate has been installed at a minimum + firewall + AV, hell, even the crappy XP firewall stops alot of stuff getting in (if not getting out).

Cuddlesworth

Calm down people, the important thing is that no animals were hurt during the Infestation of the Pc!

Terry

mickoneill30 wrote:

What do you mean that your IP address was new? Viruses don't just attack you because you've surfed somewhere. They can just pick a range say 60.1.1.1 to 65.100.100.100. I don't know how many thousands of IPs sit in that range but a bot can keep scanning all those IPs for weeks (and there could be thousands of bots trying the same address ranges so you might get hit every few minutes). If the IP is firewalled or doesn't have a PC turned on then the bot just tries the next one.
And your IP is never new anyway. How do you know that the person who had it before you didn't go to dodgy sites? A user could have been using that for a year then finished up with IBB. What do you think they do with those old IP addresses? Throw them away or reuse them?

i wasn't the one who said it was anything to do with having a an old or new ip address in the first place.
please read the full thread before attacking my post.

krazy_8s wrote:

Daily, and the computer only turns off to re-boot. The reason Virus's would be still looking to infect his pc, is because they were looking a dodgey sites in the past and his Ip is now well known.

ffs, it was just a couple of posts before mine.
did you just skim over the thread looking to attack the first post you could?
'ooh. this guy doesn't know how to use a pc. i'll pick his post to pieces'

mickoneill30 wrote:

Some problems with that statement.

You weren't running a firewall.

You weren't running an up to date virus checker.

and you know this how?

for the record, i was up to date with all windows updates and with my AV programme.

i was with eircom for 2 years and not once did i get a virus.
10 minutes with IBB, on the same pc, all i did was install the ethernet card and connect to the net, then i was hit with viruses.

Cuddlesworth

julep wrote:

ffs, it was just a couple of posts before mine.
did you just skim over the thread looking to attack the first post you could?
'ooh. this guy doesn't know how to use a pc. i'll pick his post to pieces'

???
A static Ip like IBB's can attract a lot of attention. For instance the person after me, might find himself under constant attack if I decide to go into hacker forums/irc and slag the **** out of them on my last day with it. For fun!

What is there to pick apart in my post? Mabye you should come back to this tommorow.

Terry

krazy_8s wrote:

???
A static Ip like IBB's can attract a lot of attention. For instance the person after me, might find himself under constant attack if I decide to go into hacker forums/irc and slag the **** out of them on my last day with it. For fun!

What is there to pick apart in my post? Mabye you should come back to this tommorow.

i merely used your post as reference to the fact that i wasn't the one who made the statement about new and old ip addresses.
my post was directed at mickoneill30 and not you.

irlrobins

julep wrote:

i was with eircom for 2 years and not once did i get a virus.
10 minutes with IBB, on the same pc, all i did was install the ethernet card and connect to the net, then i was hit with viruses.

That's probably because the eircom modem had firewall/NAT. The vunerability ur pc had was there when u had eircom. It just wasn't exploited. When u moved to IBB, u no longer had protection of firewall/NAT and got infected. Nothing to do with ISP or static address.

Anti

Didnt read the whole thread so dont eat me if someone already said this.

Can you not ring the isp and ask for the ip to be changed? if not why ?

gnashrr

julep wrote:

it's just that IBB never informed me that i would need a router to avoid viruses. they just came to my house and installed the equipment. they never mentioned the word router at any point in our negotiations.

They never informed you that you needed one because you don't!

Stop blaming IBB when it's not their fault.

jetsonx

julep wrote:

if this is so, how do you explain the fact that 10 minutes after switching from eircom to IBB, my pc was completely riddled with viruses.
my IP can't have been known, as it was a new one. that and the fact that i don't look at dodgy sites.

how many more users like this have got caught out badly with IBB - quite
simply its a disgrace that IBB can get away it. The only reason they get away with as far as I can see is because its the "IT" industry and they exploit people's ignorance.

It would happen in no other industry. Imagine if Toyota sold cars where you had to buy the brakes yourself with the salesman NEVER telling you this ? Imagine if Sisk built houses that where the occupants had to install their own roofs ?

From what I can see - IBB just get their workers to stick their crappy aerial on roofs and then do a runner. Simple and crudely as that. They DO NOT tell their customers that a router is essential. They DO NOT mention it in their literature. How is the ordinary person meant to know this ?

irlrobins

oh for fuck's sake for the last time it is not IBB's fault.

It is the user's responsibility to secure their PC. Router or no router! Stop talking a load of shite. Espec when it's obvious you have no clue about networks/internet.

gnashrr

IBB are not at fault, you're both full of ****. Get off my internet.

Matthewthebig

julep wrote:

i wasn't the one who said it was anything to do with having a an old or new ip address in the first place.
please read the full thread before attacking my post.

julep wrote:

my IP can't have been known, as it was a new one. that and the fact that i don't look at dodgy sites.

/cough

tbh