Just so we're clear here, this wasnt ME who reported this to SNP, i just stumbled across it! I was simply curious. The anonymous poster of this seems to see "outgoing" tcp traffic in large volumes on his WinME box. He differentiates between the original CR incoming and his current outgoing. it was so odd that i thought I would ask if it was happening in more than one location. didnt think so tho... -o.p. ps: as for Gibson's XP objections, i believe his entire point revolves around Raw Sockets becoming available for HOME users. they were already accessable in win2k, and any 3rd-party hacked up 9x/NT box, but the threat was LOW because the "population" of such boxes facing the internet was low, WHEN COMPARED to the hundreds of millions who may end up running XP. Think about this: A worm like CR which spoofs it's IP -AND- floods ebay.com every month for 10 days with spoofed SYN ACK's... or worse. Just think about the @home network becoming 100% saturated with infected machines because, unlike CR which requires NT/2k w/IIS, the new variant will work against XP which joe schmoe just got at best buy on his new toy!!... you see, for now, it's only been servers to worry about. Now, ALL home systems will be just as vulnerable. > -----Original Message----- > From: Gregory_DeGennaroat_private [mailto:Gregory_DeGennaroat_private] > Sent: Monday, August 06, 2001 12:08 PM > To: OliverPat_private; VULN-DEVat_private > Subject: RE: CR II - winME? confirmation? > > > Oliver, > > This is a standard attack pattern from the worm. Check your > system for > either the ida.dll or the idq.dll. If you do not have either > of these dll > files then do not worry about it. Plus, you need to have > Internet service > running on your box. I have not seen anyone who has been > infected by this > worm > using a Windows 9x or ME machines. I do not have these > services running and > I have > recieved 306 attacks in 22 hours from the worm on my *nix firewall. > > Steve Gibson's theory is not as scary as it seems. *nix has > been using raw > sockets for years. The real issue here, is never place a > windows machine > directly on the Internet without maintaining it properly. I > would place > a good hardened firewall in front of any Microsoft machine > before connecting > to the Internet. > > Greg > > PS- What does not make sense in the article > > -----Original Message----- > From: Petruzel, Oliver [mailto:OliverPat_private] > Sent: Monday, August 06, 2001 8:01 AM > To: VULN-DEVat_private > Subject: CR II - winME? confirmation? > > > ok, this makes no sense, and ive only see it one place: > > http://www.securitynewsportal.com/article.php?sid=1367 > > I'm just wondering if this is popping up anywhere else. If > it is, then it > cant be CR2 as we know it, and it opens up a can of worms > that is scary. > Similar even, to Steve Gibson's prediction that a consumer > based OS with a > big hole would do serious damage. > > but again, since IIS is CR, then this was either a big fat > anaonymous lie, > or something different. Anyone seen any discussion on this? > > -o.p. >
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 10:42:20 PDT