View Full Version : New Virus???
DavidG
5th October 2005, 12:25 AM
Watch your firewalls.
I am getting a bit of hammer on ports 1028 -1030 UDP.
Look like something new.
Cliff Rogers
5th October 2005, 12:37 AM
You might be onto something there... the whole Internet has turned into a dog in the last 3/4 of an hour.
kiwigeo
6th October 2005, 08:44 PM
Watch your firewalls.
I am getting a bit of hammer on ports 1028 -1030 UDP.
Look like something new.
David, Are these ports used that much?
DavidG
6th October 2005, 08:59 PM
kiwigeo
No - These ports are not allocated but the current activity is typical virus where infected pc's try to talk to each other or ports are opened for access from outside.
Use a firewall.
Auld Bassoon
6th October 2005, 09:33 PM
Check out Steve Gibson's site at https://www.grc.com/x/ne.dll?bh0bkyd2 for port detection and blocking strategies
Cliff Rogers
7th October 2005, 12:18 AM
Those ports get used a bit for messenger spam.
vsquizz
7th October 2005, 12:22 AM
Those ports get used a bit for messenger spam.
I didn't think they even liked Spam.:rolleyes:
Cheers
DavidG
7th October 2005, 01:11 PM
Auld Bassoon
Yep. That is a good site to check yourself against.
According to them I do not exist, except for the connection I made to them.
Every one should check them selves out against all the tests.
Some may get a shock :eek: as to how open windows really is.
Dan
7th October 2005, 01:17 PM
Just spent the last couple of hours reading about Bots and Zombies (I don't exist either), very interresting stuff, good one Steve.http://www.ubeaut.biz/thumbup.gif
anthonyd
7th October 2005, 04:58 PM
Dont read too much into what steve gibson says. In the IT security world he regarded as a bit of a indian snake oil merchant. A lot of hot air and not too much behind what he says.
The shields up test is however useful for a quick test to look for open ports. But it is no means complete as you can see here: (http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed)
Here's (http://grcsucks.com/) some more interesting reading. Ok it totally on the other side of the fence, but it is always good to have both sides of the story.
DavidG
7th October 2005, 05:44 PM
anthonyd
Agreed but anything that causes a person to run a firewall has to help reduce the amount of ttraffic on the net caused by infected pc's.
My rules are:
1. Fire wall screwed down tight (sometimes sw does not work as it can not communicate)
2. Virus scanner
3. Old mail prog that NEVER opens any attachments.
4. Old mail prog that does not display html (text only)
5. NEVER run anything I did not buy or personally obtain from a reputable source.
So far I have kept clean.
Auld Bassoon
7th October 2005, 05:59 PM
Anthonyd;
An interesting alternate perspective. I wasn't trying to say that Steve Gibson was the "silver bullet" (don't much believe in those anywayhttp://www.woodworkforums.ubeaut.com.au/images/icons/icon10.gif), but I do think that he has a facility that can help the "technically poor" - and maybe prompt them to do something about their level of security.
Of course, if security is a big issue, then the answer, as always, is get an expert in the field.
Cheers!
anthonyd
7th October 2005, 11:59 PM
David,
Agreed - everyone should use a firewall. What I am just saying is that steve gibsons website can (and does) give one a false sense of security as well as a false sense of how bad the security issues are.
Regarding the former point - in some of those links I posted there have been some security experts that have tested the shield's up scan on a computer that should in most cases fail and it passed with flying colours. Then some PC's that are regarded as very secure fail his test.
As for the latter point - if you read his stories with an open mind it is all too apparent that he is attempting to scare the reader into believing that his PC is going to get hacked the minute he switches his power on.
Personally I would not trust most firewall software running on a PC that you use. The fact that you are opening mail and browsing the net with the same PC that operates the firewall software is asking for trouble.
What I do and consider more or less ideal is to have a cheap (2nd hand pentium will do) PC that runs linux and lives in a cupboard. This acts as a gateway to the internet and my pc connects through it. This way any affected mail/website that trieds to take control of my 'working' pc does not take control of the gateway PC and the firewall is not comprimised. (As an extra bonus I use the cupboard PC only to browse to online banking websites - this way I can be sure that there are no keyboard loggers logging my accoutn number and pin).
I realise that not all of you are geeks like myself who have 6 PC's scattered throughout the house (honestly they all serve a purpose;)) - so the next best alternative is to get yourself a hardware router/firewall. Easy to install and once again seperates the 'infectable' pc from the firewall. At a cost of $100 or so it is not too much of a price for the extra security plus you can now hook up more than one PC to the net (and if you spend a littel more add wireless support if you want).