Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

whats happening here?

  • 10-08-2001 11:31pm
    #1
    Registered Users, Registered Users 2 Posts: 15,544 ✭✭✭✭


    Been using indigo for a while with no problems, tonight my firewall went nuts..below is just an example..all of them appear to be irish, i cannot capture it all, here's just a small sample..

    hacker.jpg

    [This message has been edited by Longfield (edited 11-08-2001).]

    Have a weather station?, why not join the Ireland Weather Network - http://irelandweather.eu/



Comments

  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    I don't see what they're doing, what are they sending to your machine? It must say somewhere in that firewall package.

    My first thought was it could be a port scan being hidden with lots of decoys, they just picked indigo's range and threw in lots of ips.

    It's probably nothing to worry about. What OS are you using?


  • Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    Probably code red. It attacks mostly within it's own domain, so most of code red attacks will come from your same ISP. Should of seen my modem last week! poor led light.

    Btw.. BlackICE is kack as a protection. It only blocks incoming packets. It will not block outgoing, so if you have a trojan installed on your machine your kind of screwed.


    [This message has been edited by Hobbes (edited 11-08-2001).]


  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    Yeah if it had said port 80 anywhere I'd have guessed code red. It really ought to show more information... is there anything else under those other tabs longfield?


  • Registered Users, Registered Users 2 Posts: 15,544 ✭✭✭✭Supercell


    Interesting, since the weekend switch to NTL the Irish attacks appear to have ceased (in the main) which would support the Code Red theory.
    It doesnt show what port exactly unfortunately.
    I'm running NAV2001,it should treat a trojan as a virus shouldn't it?
    I was using the Norton firewall but the updates completely ****ed me off, i have to manually resetup my network every damn week with them, just proved too frustrating.

    Have a weather station?, why not join the Ireland Weather Network - http://irelandweather.eu/



  • Registered Users, Registered Users 2 Posts: 379 ✭✭Carnate


    Is it me or are some ppl just plain thick..

    Let me educate you.

    1. CRW I/II/III does not ,i will say it again NOT attack win95/98/ME. it does attack winnt and win2k, only if you are running IIS
    (Internet Information Service/servers). hope this clears up the problem smile.gif

    btw the patch for CRW is found on Ms web site.. you will have to dload the service packs to do it and then run a 241 k file to patch the problem(srv pack is 108 megs so dont try and dload it over modem smile.gif )


    ok now for the doubters.. fire away ppl.. Hobbes u wanna go first?! :-)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    I'll second what hobbes said earlier - pretty pathetic firewall. I believe that steve gibson guy has a free firewall, www.grc.com, probably.

    Before I got into the whole linux thing, I used a firewall called Conseal on my nt box, I remember it being okay, but not free.

    Carnate: I read something depressing the other day, about how the admins of most of these code red infected machines probably don't even know they're running IIS...


  • Registered Users, Registered Users 2 Posts: 15,544 ✭✭✭✭Supercell


    Ehh Carnate, i am running win2k and IIS (doesn't the colour tone of the capture hint win2k?)
    Will the patch stop the attacks?
    But then, i'm probably one of the thick ppl :P

    Have a weather station?, why not join the Ireland Weather Network - http://irelandweather.eu/



  • Registered Users, Registered Users 2 Posts: 379 ✭✭Carnate


    First off yes the patch will protect u from CRW, secondly yes i agree that a lot(not some admins) dont even realise that they have IIs running.. case in point is IBM in mullhuddart.. they got us to go thru all winnt and win2k machines to patch em.. and long ure not thick.. well not as far as i can see.. smile.gif

    be aware tho the 19th of august should be a fun day for others!! CRW IV wink.gif


  • Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    <font face="Verdana, Arial" size="2">Originally posted by Carnate:
    ok now for the doubters.. fire away ppl.. Hobbes u wanna go first?! :-)</font>

    Your kind of correct. While it can only infect your machine if you have IIS running it doesn't stop it spamming your connection causing a kind of DoS attack.

    It's this that is the problem more then the infection.

    The number of attacks on AT+T was so high they blocked off outgoing port 80 on all thier residential customers.

    Btw. It is recommended that you install the CR protection patch regardless if you have IIS or not.

    Installing the patch, will NOT stop the attacks.



  • Registered Users, Registered Users 2 Posts: 379 ✭✭Carnate


    see told yahs!! heh heh hobbes!!


    ure right sort of 2.. it wont stop the attacks but it will stop ure pc/server resending data to target servers! smile.gif

    back to u smile.gif


  • Advertisement
Advertisement