OT: MS Tried to Hack My Computer???

[Sivran]

More likely it's an MSN user infected with a worm or two, or three. No need to worry, or blame MS. :P Blame the idiot Users who directly connect their NT-based machines to the internet.

[Baron Munchausen]

Directly connect them and don't properly configure them, you mean....

You have to set your machine up with the right permissions and restrictions or you get 0wned within minutes of going Online. Most people get their broadband and connect with NETBIOS active -- which is designed for LANs, not the Internet! A properly configured system is dramatically harder to infect, especially with third party enhancements like firewalls and anti-virus software.

I've just recently installed a firewall even though I'm on dialup and I get probes to port 445 (NETBIOS) every few minutes even though I'm on a rotating dialup connection! Since I was smart enough to disable my NETBIOS before I went Online this is not a problem for me. But if even dialup lines are under constant probes, imagine how bad it must be on DSL address blocks where the hackers and worms know you have a high-speed line.

[Renegade 13]

Baron, how would I go about disabling my NETBIOS? I'm not computer illiterate, just not an advanced user and could use some help :P

Another, connected question. What does NETBOIS do, what is its normal function?

Also, you mentioned "properly configuring" your internet connection. I have a dialup connection, and if you don't mind, could you give me some pointers on how to properly configure my connection for greater security?

By the way, sorry Atrocities for hijacking your thread

[Baron Munchausen]

I am far from an expert myself. Of course, where Wind'ohs is concerned I doubt that anyone is an expert. We learn this every few days when a new Wind'ohs exploit is published.

The way Wind'ohs configures itself by 'default' -- or used to, it could be different now with Win 2000 and Win XP -- is for a LAN connection, meaning it installs a bunch of services for giving access to other computers to YOUR FILES. Not good for most people. That's what NETBIOS is about, sharing printers and files across a LAN.

It's not very difficult to fix, though. Anyone who can do the routine stuff you do to setup a dialup connection can fix this problem. Rather than type it all in myself I'll point you to the source at Gibson Research. He calls it 'Network Bondage' in a semi-humorous way because it's about protocol bindings...

http://www.grc.com/su-bondage.htm

You could find this same information from other sources, I'm sure, but that is the source I am familiar with. This is as good an explanation as any. All you need to do is follow the directions on clicking a few boxes, then reboot and you're much more secure than the default way that Wind'ohs is installed.

It wouldn't hurt to read the other pages in the 'Shields Up!' site, either.

[Renegade 13]

Thank you very much!

[Sivran]

Quote:

Baron Munchausen said:
I am far from an expert myself. Of course, where Wind'ohs is concerned I doubt that anyone is an expert. We learn this every few days when a new Wind'ohs exploit is published.

The way Wind'ohs configures itself by 'default' -- or used to, it could be different now with Win 2000 and Win XP -- is for a LAN connection, meaning it installs a bunch of services for giving access to other computers to YOUR FILES. Not good for most people. That's what NETBIOS is about, sharing printers and files across a LAN.

It's not very difficult to fix, though. Anyone who can do the routine stuff you do to setup a dialup connection can fix this problem. Rather than type it all in myself I'll point you to the source at Gibson Research. He calls it 'Network Bondage' in a semi-humorous way because it's about protocol bindings...

http://www.grc.com/su-bondage.htm

You could find this same information from other sources, I'm sure, but that is the source I am familiar with. This is as good an explanation as any. All you need to do is follow the directions on clicking a few boxes, then reboot and you're much more secure than the default way that Wind'ohs is installed.

It wouldn't hurt to read the other pages in the 'Shields Up!' site, either.

You got it backwards. Windows 9x machines come pre-configured for <i>nothing at all</i>, which means freshly-installed, a 9x box is actually plenty secure. You have to add networking once it's up, and even then, once File and Print sharing is installed you <i>then</i> have to explicitly share your directories/drives. Only then will port 139 open up and expose your file system.

By contrast 2k and XP set up networking <i>during</i> installation, which can lead to infection prior to even completing the install if connected without a router between the computer and the big, nasty, wan.

And finally, GRC is a lot of hype (just look at Gibson's credentials. He's a <i>marketting</i> guy!). You're no safer under stealth than you are with closed ports, and perhaps more vulnerable--when your system fails to respond it could be red-flagged as a "newbie GRC reader." Disabling netbios over TCP and installing NetBEUI is also unnecessary assuming you're behind a firewall or router, though it is another layer of security. Routers will block netbios connection attempts without any configuring. A software firewall will have to be configured to only allow netbios from the lan, assuming you HAVE a lan you want to share files on. If not just configure the firewall to block any traffic to and from ports 137-139 for 9x/Me and also 445 for 2k/XP.

[Baron Munchausen]

Since most people do not have firewalls and there's no way to use a hardware router with a dialup connection (unless you get the more expensive 'network modems' I guess) I think Gibson's instructions are quite useful for most people. Several 'big name' firewalls that have nothing to do with Steve Gibson default to stealth mode, so I doubt that he's completely alone in his opinion. And I really don't see why I should care what anyone probing ports on remote machines thinks of 'stealth' mode anyway.

[Atrocities]

I do have two firewalls working. The crappy XP one, and the one that came with the Cable modem which is from McAfee.

And David, this weekend I saw a real life UFO. I was down in this cannon camping with friends, and we all looked up and saw the UFO. It was a bigg'in too. It had two yellowish lights in the front, and a whole mess of em on the top part. It made such a thunders sound we all though God himself was come back to Earth to exact his holly revenge upon whicked and unfaithful.

(About six minutes later God passed us in his 1978 Ford F150 Hiboy with his light bar on, and no exhougst pipes. We were in awe.)

It occured to us, as we all sat their drinking our beer, that we was in a canyon, and to get into the canyon, you have to drive down this long narrow windy *** gravel road. Duhrrrrrrrr. "Here's your sign." - Mine read: "Beer Makes You Stupid."