teriaki Posted August 12 Report Share Posted August 12 Hey Everyone,This is OT, but since so many of us use software like Soulseek, Kazaa, etc., that requires our computers and firewalls to have certain ports open I thought I should post it.There's a new worm propagating through the internet. If you have a firewall, make sure you block ports 135, 139, and 445. This worm affects Windows 2000, NT, XP, and 2k3.I already had one machine exploited in about 4 hours time. It's hitting the internet hard and is starting to degrade general net performance.I expect it'll hit the news by morning.Good luck!(*This* bs is why I missed Screen on the Green ) Quote Link to comment Share on other sites More sharing options...
oldschoolny Posted August 12 Report Share Posted August 12 Already on the news......http://www.washingtonpost.com/wp-dyn/articles/A46233-2003Aug11.html Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 Ha! Tim made house calls to both me and krish last night to fix our computers. Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 Buried within the code of the worm is a jab at Microsoft founder Bill Gates: "I just want to say Love you San! Billy Gates why do you make this possible? Stop making money and fix your software!!" Quote Link to comment Share on other sites More sharing options...
shadygroovedc Posted August 12 Report Share Posted August 12 Originally posted by teriaki Hey Everyone,This is OT, but since so many of us use software like Soulseek, Kazaa, etc., that requires our computers and firewalls to have certain ports open I thought I should post it.There's a new worm propagating through the internet. If you have a firewall, make sure you block ports 135, 139, and 445. This worm affects Windows 2000, NT, XP, and 2k3. Luckily, I don't think I got hit.As for the ports, it's recommended to block ports 135 THROUGH 139 (TCP). Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 how do you block ports? Quote Link to comment Share on other sites More sharing options...
kken Posted August 12 Report Share Posted August 12 Originally posted by revaluation how do you block ports? if you have to ask, forget about it. seriously. Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 why, is it hard? not everyone is Korean. Quote Link to comment Share on other sites More sharing options...
kken Posted August 12 Report Share Posted August 12 Originally posted by revaluation why, is it hard? not everyone is Korean. yes, you need elite starcraft skillz.it's messing with your firewall, if you have one. eh, i suppose if you have a linksys or something it's not all that hard hehe. Quote Link to comment Share on other sites More sharing options...
shadygroovedc Posted August 12 Report Share Posted August 12 Originally posted by revaluation how do you block ports? You send in the Coast Guard. Ask Vic. They do it to his peeps all the time. Quote Link to comment Share on other sites More sharing options...
shadygroovedc Posted August 12 Report Share Posted August 12 Originally posted by kken yes, you need elite starcraft skillz.it's messing with your firewall, if you have one. eh, i suppose if you have a linksys or something it's not all that hard hehe. If you have a linksys router at home, and you kept your default properties when installing, then open your browser and point it to: http://192.168.1.1No username, but password is: "admin"Go to the "Filters" option. Depending on which version of firmware you're running on, it'll be there somewhere -- most likely under the Advanced option. You'll be able to set filters for IP addresses or Ports. Just put in the ranges of port numbers you want to filter. E.G. Put in 135 - 139. Set it to filter TCP ports. Hit apply. If you really want to have fun, tell it to block port 80 in that list. Then call me after two hours of wondering why no websites will open up. Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 starcraft!thanks shady. we dont have a router though, just straight connection from the modem to my comp. Quote Link to comment Share on other sites More sharing options...
shadygroovedc Posted August 12 Report Share Posted August 12 Originally posted by revaluation we dont have a router though, just straight connection from the modem to my comp. That's like going to a whorehouse without a condom. You might not catch anything, but why take the risk. You should at least get a software firewall. Quote Link to comment Share on other sites More sharing options...
nautilus60 Posted August 12 Report Share Posted August 12 Originally posted by teriaki It's hitting the internet hard and is starting to degrade general net performance. What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt. Quote Link to comment Share on other sites More sharing options...
revaluation Posted August 12 Report Share Posted August 12 that's exactly what I got. should say that it was initiated by a Remote Procedure Control (RPC) or something like that. Quote Link to comment Share on other sites More sharing options...
shadygroovedc Posted August 12 Report Share Posted August 12 Originally posted by nautilus60 What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt. Symantec has a Blaster Worm Removal Tool you might wanna try.http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html Quote Link to comment Share on other sites More sharing options...
teriaki Posted August 12 Author Report Share Posted August 12 Originally posted by Revaluationthat's exactly what I got. should say that it was initiated by a Remote Procedure Control (RPC) or something like that.That's the denial of service part of the exploit. The rest of the exploit will root your machine (give access to the person running the attack against your computer).Originally posted by nautilus60 What exactly does this mean? I ask, cause my machine is acting strange: when i click on the link that is suppose to open in a new window - nothing happens and i dont have pop-up blocker. Once i restart the machine it will work fine for 10 min and then doesnt. The RPC (remote procedure call) functions pretty much run everything that goes on on your computer. If it's not available, most things won't work, the most common is windows not opening.The reason it works after a restart is the attack goes away until another attacker (or the same one) starts the attack again. You would call this "rolling," where your machine is in a constant cycle of reboots.Patch your machine and put up a firewall with the 135 THROUGH 139 blocked, and 445. Quote Link to comment Share on other sites More sharing options...
kramadas Posted August 12 Report Share Posted August 12 Originally posted by revaluation Ha! Tim made house calls to both me and krish last night to fix our computers. Ya...poor guy was there a little while! I freaked out and thought that this was something RIAA had dreamed up of (unofficially of course). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.