My guess is everyone who is not behind a firewall. Man I just want to kill somebody. This vulnerability is one of the worse ones yet. THe University of WI had to block certain ports at the main router on campus to give tech support people a chance to catch up with applying patches. About 10 of our machines got compromised graemlins/jpshakehead.gif Oh yeah you folks at home with DSL\Cable who have not installed a personal firewall (hardware or software) are most definitely targets.

http://www.microsoft.com/security/security_bulletins/ms03-026.asp

[ August 04, 2003, 01:07 PM: Message edited by: Gman ]

We recently upgrade to Novell Netware 6. Some of the management of our network can now be done over the internet/intranet.

I asked my co-worker, if he was able to access this portion of the manegement system from his home, he said yes.

Good job Novell!!!!!!!!!!

Peace

What do you mean by "compromised"?? What happened??......JMJ

*never* run a production-server without a firewall..... i often decide to not run a security-patch because of all the caveats reported.... a well-configured firewall is a very nice thing to have in such cases....

about home-configs: XP has a default activated firewall which resolves a lot of these dangers... for non Xp installation i suggest using something like Zonelabs..

Olaf

Originally posted by JMJ:
What do you mean by "compromised"?? What happened??......JMJ Compromised means that the hacker was able to exploit the vulnerability and gain access at a system level to the pc. They were able to transfer certain programs and then reboot the machine to activate them. Programs such as ftp servers and remote control programs. Basically they can do "anything" they want with the machine at this point.

Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by JMJ:
What do you mean by "compromised"?? What happened??......JMJ Compromised means that the hacker was able to exploit the vulnerability and gain access at a system level to the pc. They were able to transfer certain programs and then reboot the machine to activate them. Programs such as ftp servers and remote control programs. Basically they can do "anything" they want with the machine at this point. </font>[/QUOTE]Yikes! I think we had that happen to the system at work. They just replaced everything. The computers were operating like they were possessed. We finally couldn't even use them. Nothing worked. Could this be why??.......JMJ

Originally posted by O'love:
*never* run a production-server without a firewall..... i often decide to not run a security-patch because of all the caveats reported.... a well-configured firewall is a very nice thing to have in such cases....

about home-configs: XP has a default activated firewall which resolves a lot of these dangers... for non Xp installation i suggest using something like Zonelabs..

Olaf Big university's tend to be more relaxed with their network policies which makes them big targets. Also because of the large number of machines. Our department has purchased the firewall hardware but is about 4 months from implenmenting it fully. Our network person did block off the vulnerable ports but it was too late.

Originally posted by JMJ:
</font><blockquote>quote:</font><hr />Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by JMJ:
What do you mean by "compromised"?? What happened??......JMJ Compromised means that the hacker was able to exploit the vulnerability and gain access at a system level to the pc. They were able to transfer certain programs and then reboot the machine to activate them. Programs such as ftp servers and remote control programs. Basically they can do "anything" they want with the machine at this point. </font>[/QUOTE]Yikes! I think we had that happen to the system at work. They just replaced everything. The computers were operating like they were possessed. We finally couldn't even use them. Nothing worked. Could this be why??.......JMJ </font>[/QUOTE]If this was recently 7/16 - today then you guys probably did get hit bad. The only thing to do is reinstall the machine because it can no longer be trusted on your network.

Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by JMJ:
</font><blockquote>quote:</font><hr />Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by JMJ:
What do you mean by "compromised"?? What happened??......JMJ Compromised means that the hacker was able to exploit the vulnerability and gain access at a system level to the pc. They were able to transfer certain programs and then reboot the machine to activate them. Programs such as ftp servers and remote control programs. Basically they can do "anything" they want with the machine at this point. </font>[/QUOTE]Yikes! I think we had that happen to the system at work. They just replaced everything. The computers were operating like they were possessed. We finally couldn't even use them. Nothing worked. Could this be why??.......JMJ </font>[/QUOTE]If this was recently 7/16 - today then you guys probably did get hit bad. The only thing to do is reinstall the machine because it can no longer be trusted on your network. </font>[/QUOTE]Thanks for the info......JMJ ;)

GMAN, have you updraded all of your systems to 2000 or XP?

Because we're running Netware on our servers, we have to slowly upgrade our workstations because of policy issues that have yet to be fixed when working with 2000 and XP under a Netware environment.

We still use Windows 95 and 98 because of this issue.


Peace

speaking of firewalls, what is everyone running at their work sites?....i just installed Astaro (http://www.astaro.com/) a couple of months ago and have been thoroughly impressed....

peace,
-g-

Hi Gman,

Firewall?? I mentioned we needed a hardware firewall to my VP of Technology 6 months ago and he gave me the "deer in the headlights" look and said no we don't need one. After spending 2 weeks with an outside consultant @ 130 bucks/hr who said the same thing, we will be getting one soon. graemlins/jpshakehead.gif
Knock wood, We haven't had this problem as of yet, but colleges are the hardest hit by hackers I just found dameware on my ldap server because the script kiddies are looking for a home for their bootleg mp3's and movies.
Also FYI if your running 3d studio max software don't install win 2k service pack 4, it makes it inoperable unless theres a patch for it created recently. I had to almost argue with one of the people here to wait before putting that one on.

As for home cable/dsl users, I recommend getting a router w/firewall built in.

Whoever invented dameware and psexec should be AR15firing.gif

Originally posted by GROOVE VICTIM:
GMAN, have you updraded all of your systems to 2000 or XP?

Because we're running Netware on our servers, we have to slowly upgrade our workstations because of policy issues that have yet to be fixed when working with 2000 and XP under a Netware environment.

We still use Windows 95 and 98 because of this issue.


Peace I thought I had upgraded all my machines to XP but I came across two Windows 2000 machines on friday when I was going around applying security updates. Some of the other members of my team I think have a few Windows 98 boxes they still have to support. By the way I used to be a Novell Administrator. smile.gif

Originally posted by SuzanneT:
Whoever invented dameware and psexec should be AR15firing.gif I am familiar with dameware but what is psexec ? I think I found this on one of my compromised machines.

Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by GROOVE VICTIM:
GMAN, have you updraded all of your systems to 2000 or XP?

Because we're running Netware on our servers, we have to slowly upgrade our workstations because of policy issues that have yet to be fixed when working with 2000 and XP under a Netware environment.

We still use Windows 95 and 98 because of this issue.


Peace I thought I had upgraded all my machines to XP but I came across two Windows 2000 machines on friday when I was going around applying security updates. Some of the other members of my team I think have a few Windows 98 boxes they still have to support. By the way I used to be a Novell Administrator. smile.gif </font>[/QUOTE]Once we get the User Policy issue straight, we're thinking of going to XP but not on all of our workstations. I keep telling my boss to invest more money in upgrading some of our older machines rather than buying all new computers. For one brand new Dell we purchase, we can upgrade 10 computers with faster hard drives and more memory.

Originally posted by SuzanneT:
Hi Gman,

Firewall?? I mentioned we needed a hardware firewall to my VP of Technology 6 months ago and he gave me the "deer in the headlights" look and said no we don't need one. Suzanne what I suggest you do is buy a rubber penis and carry it with you so when you next speak to the "VP of technology" slam it down on the table and then make your next suggestion. :D

dup

[ August 04, 2003, 01:56 PM: Message edited by: GrantB ]

http://www.sysinternals.com/ntw2k/freeware/psexec.shtml

This is psexec, a lightweight telnet replacement. Mark Russinovich should not be shot. Without guys like the sysinternals team, MS would be running more game than they already do.

These remote administration programs are not the problem. The problem is a shoddy security model at the architectural level. The problem is a desktop only kernel/security model shoehorned into a server role. The problem is a company with the audacity to think that they can leave backdoors for themselves in their operating systems while somehow keeping "mere mortals" out.

[ August 04, 2003, 01:56 PM: Message edited by: GrantB ]

Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by SuzanneT:
Whoever invented dameware and psexec should be AR15firing.gif I am familiar with dameware but what is psexec ? I think I found this on one of my compromised machines. </font>[/QUOTE]It's the same type of remote execution software as dameware. You need a program called delsrv.exe and/or delrp.exe to delete it from your servers.

Here's the link http://www.activewin.com/win2000/tools.shtml

Originally posted by Gman:
</font><blockquote>quote:</font><hr />Originally posted by SuzanneT:
Hi Gman,

Firewall?? I mentioned we needed a hardware firewall to my VP of Technology 6 months ago and he gave me the "deer in the headlights" look and said no we don't need one. Suzanne what I suggest you do is buy a rubber penis and carry it with you so when you next speak to the "VP of technology" slam it down on the table and then make your next suggestion. :D </font>[/QUOTE]icon_rofl.gif Gman, DO NOT tempt me!!!

Originally posted by GrantB:
http://www.sysinternals.com/ntw2k/freeware/psexec.shtml

This is psexec, a lightweight telnet replacement. Mark Russinovich should not be shot. Without guys like the sysinternals team, MS would be running more game than they already do.

These remote administration programs are not the problem. The problem is a shoddy security model at the architectural level. The problem is a desktop only kernel/security model shoehorned into a server role. The problem is a company with the audacity to think that they can leave backdoors for themselves in their operating systems while somehow keeping "mere mortals" out. You're right GrantB, psexec and dameware unfortunately have fallen into the wrong hands and their powers are no longer being used for good. I think they (microsoft)might have learned a little something from all those backdoors and eliminated a lot of them with Win 2003, I havent had the time to really play with win2k3 lately but what I like about it is it comes with security locked down straight out of the box.

Originally posted by GrantB:


.. The problem is a desktop only kernel/security model shoehorned into a server role. The problem is a company with the audacity to think that they can leave backdoors for themselves in their operating systems while somehow keeping "mere mortals" out. Starting with Windows NT 3.1 which was based on an entire new operating system whose security model and kernel was designed for network servers not the desktop. Anyway what about all the security issues with Solaris and Linux ??? Our Unix group has been hastily patches our solaris and linux machines recently because of new exploits as well.

-G

[ August 04, 2003, 02:12 PM: Message edited by: Gman ]

Hi Gman

OK I won't start up OS holy wars again, but this has been an emotional topic lately, what with this exploit being cautioned by the FBI (!) and on the cnn.com front page. I consult for a variety of clients on most popular platforms, and I won't say that any platform is completely flawless. However, my experience has lead me to have much more confidence in the security of *nix.

Being in Seattle and in the biz, you end up knowing some of the higher ups at a certain OS maker. We have had some revealing discussions with them lately re security in general and ensuring HIPAA compliance with their product for our medical industry clients (consensus: impossible). They are really worried that their company has majorly f*ed up this time and that a serious global cataclysm is iminent. It's just spooky to actually hear it from these guys, because they are normally "on the team".

... that's all. :strolls away whistling nervously with hands in pockets:

Originally posted by GrantB:
Hi Gman

...However, my experience has lead me to have much more confidence in the security of *nix.
Exactly they are all flawed. If the *nix "expertise" is available then I have much more confidence in *nix as a server operating system as well. smile.gif By the way all our file servers are solaris servers running Samba.

-G

[ August 04, 2003, 02:54 PM: Message edited by: Gman ]