[quote="krcko"]Do sad sam bio uvjeren da mi je kompjuter siguran od virusa, obzirom da postu citam na serveru. Medjutim, pojavili su se virusi koji mogu zaraziti bilo koji PC pod Windozama s pristupom internetu. Virusi iskoristavaju sigurnosnu rupu u Microsoftovim operacijskim sistemima.[/quote]
Sigurnosn[b]e[/b] rup[b]e[/b] (mnozina!), ima ih k'o blata (sada kada pada kisa...). :evil:
Daklem, slicno se ponasa M$ Blaster koji je nedavno digao prilicnu medijsku pozornost (autor (ili jedan od njih) je neki dan uhapsen).
Stvar je u tome da Windoze jako vole glumiti serverski (cit. [i]pravi, odrasli[/i]) sustav, pa su otvorene "za javnost". :shock:
Npr. ako pokrenes Apacheja, spojis se na net i nekome das svoj (privremeni!) IP, doticni moze surfati po siteu na tvom kompu. :D Prakticno za pokazati svoj uradak, ali rezultira time da je ponekad moguce pristupati tvojoj masini i kad nemas Apachea, tj. kad ne zelis da ti itko svrlja po compu. :evil:
Da bi se rijesio problem, dovoljno je onemoguciti vanjskim masinama da pristupaju tvojoj masini. Tada neces moci glumiti webserver, no to vjerojatno ni ne radis. :|
Na WinXP mozes ukljuciti built-in firewall i tamo reci da neces nikakve incoming connectione (negdje u propertiesima od dial-up konekšna s kojim se spajas). Postoji i na Home i na Pro verziji, ali nije bas na istim mjestima. :shock:
Ostale Windoze mogu instalirati neki firewall. Ima ih dosta. Ja sam trazio preko [url=http://www.google.com/search?q=free%20firewall%20windows]Googlea[/url]. Cini mi se da je [url=http://www.free-firewall.org/]Free Firewall Software[/url] prilicno referentan site.
Onaj koji bih ja sam svakako preporucio je [url=https://grc.com/x/ne.dll?bh0bkyd2]Shields UP!! — Internet Vulnerability Profiling[/url] ili, jos bolje, sve security-related s [url=http://grc.com/]tog sitea[/url]. Tip koji to vodi [b]zna[/b] svoj posao. 8)
Evo i izvjestaja moje masine (pokupljeno s tog sitea). Sve radi online, a koliko su izvjestaji jasni, procjenite iz mog primjera.
[size=18][b]File Sharing[/b][/size]
[b]Attempting connection to your computer. . .[/b]
[b]Shields UP![/b] is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an [b]Internet Server[/b] with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
[b]Your Internet port 139 does not appear to exist![/b]
[b]One or more ports on this system are operating in FULL STEALTH MODE![/b] Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. [b]But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND[/b] (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
[b]Unable to connect with NetBIOS to your computer.[/b]
All attempts to get [b]any[/b] information from your computer have [b]FAILED[/b]. (This is [b]very[/b] uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be [b]VERY SECURE[/b] since it is [b]NOT exposing ANY[/b] of its internal NetBIOS networking protocol over the Internet.
:idea: Za one koji ovdje imaju problem, najlakse je ubiti NetBIOS i/ili NetBEUI (ili tako nekako) za Internet konekcije (tj. ostaviti samo za LAN). Mada, to ni LANu ne treba (preporucam izbjegavati potpuno), ali koga veseli... :?
[size=18][b]Common ports[/b][/size]
Samo kraca verzija...
[code:1]GRC Port Authority Report created on UTC: 2003-09-11 at 23:15:35
Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
3 Ports Open
17 Ports Closed
5 Ports Stealth
---------------------
25 Ports Tested
Ports found to be OPEN were: 1002, 1025, 1720
Ports found to be STEALTH were: 21, 23, 135, 139, 445
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.[/code:1]
Dakle, imam tri otvorena porta (koji se mogu komotno zatvoriti, ali ja ne znam kako to ide pod Windozama (osim da stavim firewall)). Objasnjenje jednog od njih (opet, da se vidi koliko je to jasno sroceno): [i]This Microsoft Internet Locator Service (ILS) port appears to be open whenever Microsoft's Internet Connection Sharing (ICS) system is being used. Unfortunately, this port is apparently not needed unless Microsoft's NetMeeting is operating, though it is open anyway. It is not known what vulnerabilities will be discovered here, so arranging to close the port would be time well spent.[/i]
Detaljniji info o tom portu nalazi se [url=https://grc.com/port_1002.htm]ovdje[/url] (link pokupljen direktno iz izvjestaja).
Vise o portovima (opet link iz tog izvjestaja) ima [url=https://grc.com/su/portstatusinfo.htm]ovdje[/url]. [b]Preporucam: svakako procitati[/b] ako te zanima sigurnost tvoje masine!
:idea: Tu ima i [url=http://www.staff.uiuc.edu/~ehowes/soft7.htm][b]iscrpan popis[/b] (free i ne-free) [b]firewallova[/b][/url], kao i [url=https://grc.com/su-firewalls.htm]upute za koristenje personal firewallova[/url]. :D
Zakljucak je da mi svakako treba firewall (doma). No, sada sam slucajno pod Windozama. Mislim da sam inace siguran (jer koristim Linux). Probat cu kad se sjetim... :D
[size=18][b]All Service Ports[/b][/size]
Ispalo je da su i dalje samo ona tri otvorena.
[size=18][b]Messenger Spam[/b][/size]
Ovdje nema problema, no cini mi se da si ti spominjao da te i to muci. To je ono sto smo rijesili ubijanjem Messenger servisa... :twisted:
[size=18][b]Browser Headers[/b][/size]
Ovdje nisam saznao nista novoga (jer je to podrucje kojim sam se dosta bavio :D). Prilicno poucno za "obicne" usere, da shvate koliko su zapravo izlozeni bilo kome dok su na netu... :(
[size=18][b]Zakljucak[/b][/size]
Predji na Linux... 8)
krcko (napisa): | Do sad sam bio uvjeren da mi je kompjuter siguran od virusa, obzirom da postu citam na serveru. Medjutim, pojavili su se virusi koji mogu zaraziti bilo koji PC pod Windozama s pristupom internetu. Virusi iskoristavaju sigurnosnu rupu u Microsoftovim operacijskim sistemima. |
Sigurnosne rupe (mnozina!), ima ih k'o blata (sada kada pada kisa...).
Daklem, slicno se ponasa M$ Blaster koji je nedavno digao prilicnu medijsku pozornost (autor (ili jedan od njih) je neki dan uhapsen).
Stvar je u tome da Windoze jako vole glumiti serverski (cit. pravi, odrasli) sustav, pa su otvorene "za javnost".
Npr. ako pokrenes Apacheja, spojis se na net i nekome das svoj (privremeni!) IP, doticni moze surfati po siteu na tvom kompu. Prakticno za pokazati svoj uradak, ali rezultira time da je ponekad moguce pristupati tvojoj masini i kad nemas Apachea, tj. kad ne zelis da ti itko svrlja po compu.
Da bi se rijesio problem, dovoljno je onemoguciti vanjskim masinama da pristupaju tvojoj masini. Tada neces moci glumiti webserver, no to vjerojatno ni ne radis.
Na WinXP mozes ukljuciti built-in firewall i tamo reci da neces nikakve incoming connectione (negdje u propertiesima od dial-up konekšna s kojim se spajas). Postoji i na Home i na Pro verziji, ali nije bas na istim mjestima.
Ostale Windoze mogu instalirati neki firewall. Ima ih dosta. Ja sam trazio preko Googlea. Cini mi se da je Free Firewall Software prilicno referentan site.
Onaj koji bih ja sam svakako preporucio je Shields UP!! — Internet Vulnerability Profiling ili, jos bolje, sve security-related s tog sitea. Tip koji to vodi zna svoj posao.
Evo i izvjestaja moje masine (pokupljeno s tog sitea). Sve radi online, a koliko su izvjestaji jasni, procjenite iz mog primjera.
File Sharing
Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
Za one koji ovdje imaju problem, najlakse je ubiti NetBIOS i/ili NetBEUI (ili tako nekako) za Internet konekcije (tj. ostaviti samo za LAN). Mada, to ni LANu ne treba (preporucam izbjegavati potpuno), ali koga veseli...
Common ports
Samo kraca verzija...
Kod: | GRC Port Authority Report created on UTC: 2003-09-11 at 23:15:35
Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
3 Ports Open
17 Ports Closed
5 Ports Stealth
---------------------
25 Ports Tested
Ports found to be OPEN were: 1002, 1025, 1720
Ports found to be STEALTH were: 21, 23, 135, 139, 445
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED. |
Dakle, imam tri otvorena porta (koji se mogu komotno zatvoriti, ali ja ne znam kako to ide pod Windozama (osim da stavim firewall)). Objasnjenje jednog od njih (opet, da se vidi koliko je to jasno sroceno): This Microsoft Internet Locator Service (ILS) port appears to be open whenever Microsoft's Internet Connection Sharing (ICS) system is being used. Unfortunately, this port is apparently not needed unless Microsoft's NetMeeting is operating, though it is open anyway. It is not known what vulnerabilities will be discovered here, so arranging to close the port would be time well spent.
Detaljniji info o tom portu nalazi se ovdje (link pokupljen direktno iz izvjestaja).
Vise o portovima (opet link iz tog izvjestaja) ima ovdje. Preporucam: svakako procitati ako te zanima sigurnost tvoje masine!
Tu ima i iscrpan popis (free i ne-free) firewallova, kao i upute za koristenje personal firewallova.
Zakljucak je da mi svakako treba firewall (doma). No, sada sam slucajno pod Windozama. Mislim da sam inace siguran (jer koristim Linux). Probat cu kad se sjetim...
All Service Ports
Ispalo je da su i dalje samo ona tri otvorena.
Messenger Spam
Ovdje nema problema, no cini mi se da si ti spominjao da te i to muci. To je ono sto smo rijesili ubijanjem Messenger servisa...
Browser Headers
Ovdje nisam saznao nista novoga (jer je to podrucje kojim sam se dosta bavio ). Prilicno poucno za "obicne" usere, da shvate koliko su zapravo izlozeni bilo kome dok su na netu...
Zakljucak
Predji na Linux...
_________________ U pravilu ignoriram pitanja u krivim topicima i kodove koji nisu u [code]...[/code] blokovima.
Takodjer, OBJASNITE sto vas muci! "Sto mi je krivo?", bez opisa u cemu je problem, rijetko ce zadobiti moju paznju.
|