[huskerlug] Re: Firestarter

On Saturday 23 August 2003 01:06 pm, you wrote:
> Firestarter is indeed easy and seems to work pretty well.
>
> The first thing I noticed is that I'm now blocking ms-rpc
> from computers all over the us and even as far as brazil.=20
> Is this an indication of infected pcs, or does windows
> normally sprinkle these packets randomly across the net?
>
> I know when my wife turns on here XP machine, it has
> always caused the light on my dsl router to blink at a
> constant rate of a blink about every second and a half.
>
> We use two layers of security for her XP machine as far a
> e-mail.  First, it all gets scanned with f-prot on my
> machine, and second, she is only allowed to use web-based
> mail.  She is also not allowed to use IE.  I also check
> daily for updates.
>
> I also downloaded the McAfee from software.unl.edu.  Now
> all of her documents are scanned twice: once by f-prot on
> my machine and then my McAfee.
>
> Thus we have a perfectly working XP machine as long as we
> don't leave it on too long. It still crashes at night if
> we forget to shut it off.  I think it has something to do
> with power management.  It ran Linux for quite a while
> before we got married and didn't have this problem.
>
>
> David.

I run FireStarter too.   I notice that msec (MDK 9.1)=20
inteferes with it.  msec has some entries on cron.  Even=20
when you have Mandrake Security in the MCC turned off these=20
scripts still perform some functions.   Anyway, I have my=20
firewall set to give 100% stealth on all ports, which is=20
verified by several internet port scanning services.  =20
Things work well for awhile, then a symptom appears:  I can=20
open KMail and being a new msg, but when I open the address=20
book the addressbook hangs.  If I let it along for some time=20
it may appear, or it may not.  But, if I use the Firestarter=20
icon in the system tray and stop the firewall the=20
Addressbood displays immediately.  I then restart the=20
firewall using the icon.    Another app that hangs is=20
Konqueror.  It will display but the left panel (directory=20
tree) will not display on Konq appears to hang.  Again,=20
momentarily stopping the firewall till it appears allows it=20
to open.

A side note:  One reason I am running Firestarter is to see=20
what kind of attacks are occuring on my system.  All of them=20
are various attacks on WinXX targets.  The most common is=20
the ICMP ping attack (Internet Computer Message Protocol),=20
the occasional ms-sql attack, the 17300 port attack, and=20
only one attack on the 111 port (Sunrpc), an obvious attempt=20
to determine if my box is a Unix or Linux platform.

>
> Oh, and remember, Linux doesn't get virii because it is
> too primative. Once it gets enhanced with the rich
> funtionality of Microsoft's advanced scripting host, Linux
> will be just as powerful as Windows.

There is one -- It has a msg similar to this
"Please forward this email to everyone in your addressbook,=20
then execute the follow command as root:  'rm -rf /' "
It work too well without user assistance.  :-)

> Does it run in wine?  Can I please get a virus? Can I? Oh,
> please, can I?
>

A while back I had a SirCam virus come into my KMail and out=20
of curiosity I opened it up.  To my surprise it fired!   It=20
turned out I had a WINE mime set to fire WinXX executables. =20
I explored my fake C:\ drive and found the payload exe in=20
the Systems subdirectory and in the recycle bin.  It was=20
real easy to examine with hexedit.  Then I deleted it.   =20
Since then I don't mime EXE, COM or BAT extensions.

=2D-=20
=2D=20
Remember, the Ark was built by amateurs; the Titanic by=20
professionals
GrayGeek

----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

Other related posts: