Opaki virusi
Select messages from
 # through # FAQ
[/[Print]\]

Forum@DeGiorgi -> Bućkuriš
#1: Opaki virusi Autor/ica: krcko PostPostano: 14:00 čet, 11. 9. 2003
    —
Do sad sam bio uvjeren da mi je kompjuter siguran od virusa, obzirom da postu citam na serveru. Medjutim, pojavili su se virusi koji mogu zaraziti bilo koji PC pod Windozama s pristupom internetu. Virusi iskoristavaju sigurnosnu rupu u Microsoftovim operacijskim sistemima. Generiraju nekakav overflow, nakon cega se mogu sami uploadati na racunalo i zaraziti ga. Skuzio sam da nesto ne valja upravo zato sto mi je veza naglo postala sporija.

Uspio sam ocistiti svoj komp od W32/Nachi-A virusa (programcic za ubijanje virusa moze se skinuti sa Sophosove stranice). Nakon toga je potrebno downloadati patch s Microsoftove stranice da se cijela prica ne bi ponovila. Savjetujem korisnicima Windowsa 2000 da patchiraju sistem (nakon sto su ocistili racunalo od virusa, odn. uvjerili se da jos nije zarazeno). Mislim da su u opasnosti i druge varijante Windowsa (vise informacija moze se procitati na www.sophos.com ).
#2: Re: Opaki virusi Autor/ica: vsegoLokacija: /sbin/init PostPostano: 1:10 pet, 12. 9. 2003
    —
krcko (napisa):
Do sad sam bio uvjeren da mi je kompjuter siguran od virusa, obzirom da postu citam na serveru. Medjutim, pojavili su se virusi koji mogu zaraziti bilo koji PC pod Windozama s pristupom internetu. Virusi iskoristavaju sigurnosnu rupu u Microsoftovim operacijskim sistemima.


Sigurnosne rupe (mnozina!), ima ih k'o blata (sada kada pada kisa...). Evil or Very Mad

Daklem, slicno se ponasa M$ Blaster koji je nedavno digao prilicnu medijsku pozornost (autor (ili jedan od njih) je neki dan uhapsen).

Stvar je u tome da Windoze jako vole glumiti serverski (cit. pravi, odrasli) sustav, pa su otvorene "za javnost". Shocked

Npr. ako pokrenes Apacheja, spojis se na net i nekome das svoj (privremeni!) IP, doticni moze surfati po siteu na tvom kompu. Very Happy Prakticno za pokazati svoj uradak, ali rezultira time da je ponekad moguce pristupati tvojoj masini i kad nemas Apachea, tj. kad ne zelis da ti itko svrlja po compu. Evil or Very Mad

Da bi se rijesio problem, dovoljno je onemoguciti vanjskim masinama da pristupaju tvojoj masini. Tada neces moci glumiti webserver, no to vjerojatno ni ne radis. Neutral

Na WinXP mozes ukljuciti built-in firewall i tamo reci da neces nikakve incoming connectione (negdje u propertiesima od dial-up konekšna s kojim se spajas). Postoji i na Home i na Pro verziji, ali nije bas na istim mjestima. Shocked

Ostale Windoze mogu instalirati neki firewall. Ima ih dosta. Ja sam trazio preko Googlea. Cini mi se da je Free Firewall Software prilicno referentan site.

Onaj koji bih ja sam svakako preporucio je Shields UP!! — Internet Vulnerability Profiling ili, jos bolje, sve security-related s tog sitea. Tip koji to vodi zna svoj posao. Cool

Evo i izvjestaja moje masine (pokupljeno s tog sitea). Sve radi online, a koliko su izvjestaji jasni, procjenite iz mog primjera.

File Sharing

Attempting connection to your computer. . .

Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!

One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.

All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Idea Za one koji ovdje imaju problem, najlakse je ubiti NetBIOS i/ili NetBEUI (ili tako nekako) za Internet konekcije (tj. ostaviti samo za LAN). Mada, to ni LANu ne treba (preporucam izbjegavati potpuno), ali koga veseli... Confused

Common ports

Samo kraca verzija...

Kod:
GRC Port Authority Report created on UTC: 2003-09-11 at 23:15:35

Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    3 Ports Open
   17 Ports Closed
    5 Ports Stealth
---------------------
   25 Ports Tested

Ports found to be OPEN were: 1002, 1025, 1720

Ports found to be STEALTH were: 21, 23, 135, 139, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.


Dakle, imam tri otvorena porta (koji se mogu komotno zatvoriti, ali ja ne znam kako to ide pod Windozama (osim da stavim firewall)). Objasnjenje jednog od njih (opet, da se vidi koliko je to jasno sroceno): This Microsoft Internet Locator Service (ILS) port appears to be open whenever Microsoft's Internet Connection Sharing (ICS) system is being used. Unfortunately, this port is apparently not needed unless Microsoft's NetMeeting is operating, though it is open anyway. It is not known what vulnerabilities will be discovered here, so arranging to close the port would be time well spent.

Detaljniji info o tom portu nalazi se ovdje (link pokupljen direktno iz izvjestaja).

Vise o portovima (opet link iz tog izvjestaja) ima ovdje. Preporucam: svakako procitati ako te zanima sigurnost tvoje masine!

Idea Tu ima i iscrpan popis (free i ne-free) firewallova, kao i upute za koristenje personal firewallova. Very Happy

Zakljucak je da mi svakako treba firewall (doma). No, sada sam slucajno pod Windozama. Mislim da sam inace siguran (jer koristim Linux). Probat cu kad se sjetim... Very Happy

All Service Ports

Ispalo je da su i dalje samo ona tri otvorena.

Messenger Spam

Ovdje nema problema, no cini mi se da si ti spominjao da te i to muci. To je ono sto smo rijesili ubijanjem Messenger servisa... Twisted Evil

Browser Headers

Ovdje nisam saznao nista novoga (jer je to podrucje kojim sam se dosta bavio Very Happy). Prilicno poucno za "obicne" usere, da shvate koliko su zapravo izlozeni bilo kome dok su na netu... Sad

Zakljucak

Predji na Linux... Cool
#3: Re: Opaki virusi Autor/ica: vsegoLokacija: /sbin/init PostPostano: 20:17 pet, 12. 9. 2003
    —
Ovo je prilicno svjeze, pa ako nekog zanima...

Citat:
Date: Thu, 11 Sep 2003 19:42:26 -0000
From: ***** <*****@andrew.cmu.edu>
Subject: URGENT: Another Microsoft Vulnerability Found

The following announcement is made by Carnegie Mellon Computing Services.

Microsoft announced yesterday that there is another vulnerability in Windows RPC service which could allow an attacker to take control of a computer and run any arbitrary code of their choosing.

**Please patch your Windows NT, 2000, XP, or Server machines IMMEDIATELY.**

Information about this vulnerability and the patch can be found at the following URL:

http://www.microsoft.com/security/security_bulletins/ms03-039.asp


Ili, moj uobicajeni savjet: http://www.redhat.com/, http://www.debian.org/, http://www.knoppix.net/, http://www.suse.com/,... Cool
Forum@DeGiorgi -> Bućkuriš


output generated using printer-friendly topic mod. Vremenska zona: GMT + 01:00.

Stranica 1 / 1.

Powered by phpBB © 2001,2002 phpBB Group
Theme created by Vjacheslav Trushkin