|
Posted by warf on February 4, 2007, 4:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Sebastian Gottschalk wrote:
> warf wrote:
>
>> Even when I have 'SERVER', FILE
>> PRINT SHARING, REMOTE ACCESS services disabled I still see NETBUI ports
>> 136,137,138,139,445 'listening in TCPVIEW and S&D Processes???
>
> Well, why don't you take a look at <http://ntsvcfg.de/ntsvcfg_eng.html>?
I did...twice, even emailed the admin [very nice guy] who said they only
have Deutsch pages linked for the near future. It is exactly what I
need though.
>
>> I ask becasue in an effort to disable all 'REmote access' I ineveitably
>> loose DNS Lookup or something that can't be restored short of an OS
>> REPAIR install...
>
> Then why don't you read before acting?
Vida Supra...
>
>> and that gets tiring..."wipe and rebuild"
>
> Nonsense. It's trivial to backup and restore the service configuration.
Correct me if I am wrong [like I have to offer...grin]:new versions
mal-executables are very stealthy 'and sticky' visa vi code-melt,MBR
partition hiding, kernal level misdirection of detection...ad naus.
FOR EG...while updating my firwall a newly discovered file infecting
virus [with no known repair method to date] slid in with the update TCP
traffic and settled in the Winnt\internetlogs\ZA as J.S-LAME and was
flagged during the subsequent bit level scan.
So...to what extent, if any, my files were compromised or if it had
even yet been executed is unknown. SO....i take your oft 'suggested'
advice and WIPE then REBUILD.
Are you suggestion you were remiss for that advice?
I accepted you earstwhile advice re rebuiling and:
I acted atavisticly and installed Win2000 on a spare laptop with no
useful data just so I could do a better job of noting changes AND
rebuild in far less time time than with my XP macine.
Then istill have to install,SP4,ZA,Ethereal,TCPview,Spybot,Adaware,
Dlink router setup,all the Ibuddie drivers for NICard THEN...disable a
dozenservices,remove FILE&PRINT SHARING, T-BIRD,FIREFOX and configure
the Dlink WLan [killit!] enable the Dlink WAN, clone the Mac address,
set the lame software defaults to block mobile code, not save any
.DAT,HST...nor cookies web-bugs and like ilk....then fight for an hour
to find which services I accidently disabled with names like "REMOTE
ACCESS...REMOTE DESKTOP...DNS...DHCP...TCP/NETBUI..." and so on and on.
All because i lost my innocense reading how the boys at PHRAK get their
jollies!
SO>>>>>>>maybe it's easy for you but for pleabs like me playing with the
bigleagers in kids gear [actually, irroicly the inverse is more likely!]
it is hard not to add to the problem by naivley being a server for
malcode and redirection and providing safe haven for code that should be
nuked.
>> but DHCP fails because NETBUI is innactivated If I disable it in SERVices.msc
>
> Very strange.
I thought so as well... and that is becasue I am not even sure of what I
don't know yet.[as I grin weakly and apologeticly for inflicting my
carcass on you ...sycophantly groveling for pearls of info.] Most
webpages on the subject say disable DNSlookup [or is it DNSserver?] and
DHCP if acting as a client only. My
inability to connect
My ISP provides no filtering for us...Straight to the pipe [backbone]
with our cable modems. A report on Eastlink.ca indicates a problem with
an "open DNS server" and they require DHCP for IP aquisition...which is
'maybe' why the actions of my service.msc changes are not immediate???
With Ethereal in 'promiscuous mode' it is incredible [to me] how much
broadcasting and icmp traffic there is at any one moment.
Fr,Israel,Cn,Ru,USA...and how much is lost/misdirected and how much is
actively seeking vulerable IP addresses is unknown to me but this is a fact:
Twice, while connecting my computer to the internet via an ethernetcable
and W2k [no firewall] I had a bogus popup before I could even pop in the
ZA CD....as though there is near constant broadcasting seeking open
unprotected servers to compromise.
Help?
Warf.
.
|
|
Posted by Sebastian Gottschalk on February 4, 2007, 5:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options
warf wrote:
> Sebastian Gottschalk wrote:
>> warf wrote:
>>
>>> Even when I have 'SERVER', FILE
>>> PRINT SHARING, REMOTE ACCESS services disabled I still see NETBUI ports
>>> 136,137,138,139,445 'listening in TCPVIEW and S&D Processes???
>>
>> Well, why don't you take a look at <http://ntsvcfg.de/ntsvcfg_eng.html>?
>
> I did...twice, even emailed the admin [very nice guy] who said they only
> have Deutsch pages linked for the near future. It is exactly what I
> need though.
The one specified page I linked is written in English, so is the script.
Only the website linking the content of the script to the specific services
sadly is only in German.
Thus, what about now finally understanding that this script does exactly
what you want?
>>> and that gets tiring..."wipe and rebuild"
>>
>> Nonsense. It's trivial to backup and restore the service configuration.
>
> Correct me if I am wrong [like I have to offer...grin]:new versions
> mal-executables are very stealthy 'and sticky' visa vi code-melt,MBR
> partition hiding, kernal level misdirection of detection...ad naus.
I though you just referred to yourself fucking up the service configuration
by experimenting.
> and settled in the Winnt\internetlogs\ZA as J.S-LAME
JS-Lame sounds like a JavaScript which does some non-malicious, but
annoying (thus lame) action. I guess its description will point this out
exactly.
> So...to what extent, if any, my files were compromised or if it had
> even yet been executed is unknown. SO....i take your oft 'suggested'
> advice and WIPE then REBUILD.
When did this discussion start off? I assumed that you've already done so.
> I accepted you earstwhile advice re rebuiling and:
> I acted atavisticly and installed Win2000 on a spare laptop with no
> useful data just so I could do a better job of noting changes AND
> rebuild in far less time time than with my XP macine.
A rebuild with an image backup is sure way faster.
> Then istill have to install,SP4,ZA,Ethereal,TCPview,Spybot,Adaware,
SP4 should have already been integrated in your Windows 2000 CD. And still
I sense at least 3 superfluos programs in that list.
> Dlink router setup,
WTF? Doesn't it have a web configuration interface?
> all the Ibuddie drivers for NICard
WTF? What a bunch of bloat is your NIC driver?
> THEN...disable a dozenservices,remove FILE&PRINT SHARING,
Yes, reasonable.
> T-BIRD,FIREFOX
Well, try SeaMonkey. :-)
> set the lame software defaults to block mobile code,
What software and which settings?
> not save any .DAT,HST
What?
>...nor cookies web-bugs and like ilk....
You're talking nonsense. Cookies aren't malicious. Web-bugs don't exist.
> then fight for an hour to find which services I accidently disabled
See? That why you should take a look at the ntsvcfg script.
> All because i lost my innocense reading how the boys at PHRAK get their
> jollies!
Then why aren't you running a Unix flavour?
>>> but DHCP fails because NETBUI is innactivated If I disable it in SERVices.msc
>>
>> Very strange.
>
> I thought so as well... and that is becasue I am not even sure of what I
> don't know yet.
Maybe you might use Regmon to track down this bug?
> With Ethereal in 'promiscuous mode' it is incredible [to me] how much
> broadcasting and icmp traffic there is at any one moment.
> Fr,Israel,Cn,Ru,USA...and how much is lost/misdirected and how much is
> actively seeking vulerable IP addresses is unknown to me but this is a fact:
> Twice, while connecting my computer to the internet via an ethernetcable
> and W2k [no firewall] I had a bogus popup before I could even pop in the
> ZA CD....as though there is near constant broadcasting seeking open
> unprotected servers to compromise.
>
> Help?
Get the patches installed before you go online. Or at least get the
vulnerable services deactivated. Or active the TCP/IP filtering or RAS
firewall.
|
|
Posted by warf on February 4, 2007, 10:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> warf wrote:
>
>> Sebastian Gottschalk wrote:
>>> warf wrote:
>>>
>>>> Even when I have 'SERVER', FILE
>>>> PRINT SHARING, REMOTE ACCESS services disabled I still see NETBUI ports
>>>> 136,137,138,139,445 'listening in TCPVIEW and S&D Processes???
>>> Well, why don't you take a look at <http://ntsvcfg.de/ntsvcfg_eng.html>?
>> I did...twice, even emailed the admin [very nice guy] who said they only
>> have Deutsch pages linked for the near future. It is exactly what I
>> need though.
>
> The one specified page I linked is written in English, so is the script.
> Only the website linking the content of the script to the specific services
> sadly is only in German.
>
> Thus, what about now finally understanding that this script does exactly
> what you want?
Ungh, I took for granted that running someone elses code to accomplish a
task i 'could' do manually was sloppy and invited malware?
I think I also just read that security rule #1 was " If you are running
unknown code you have already lost control" I know very little of ANY of
the code on my machine so...I ask you, "is it safe"
[Marathon man, Dustin Hoffman]
>>>> and that gets tiring..."wipe and rebuild"
>>> Nonsense. It's trivial to backup and restore the service configuration.
>> Correct me if I am wrong [like I have to offer...grin]:new versions
>> mal-executables are very stealthy 'and sticky' visa vi code-melt,MBR
>> partition hiding, kernal level misdirection of detection...ad naus.
>
> I though you just referred to yourself fucking up the service configuration
> by experimenting.
yes...that is why I seek your help... to allow me to access the internet
somewhat safely whilst edifying myself as to the vagueries of
I-protocal[s]...and M$ weaknesses.
>> and settled in the Winnt\internetlogs\ZA as J.S-LAME
>
> JS-Lame sounds like a JavaScript which does some non-malicious, but
> annoying (thus lame) action. I guess its description will point this out
> exactly.
Well I can't wait for the VBS-blowjob virus to go wild!
snip..
> SP4 should have already been integrated in your Windows 2000 CD. And still
> I sense at least 3 superfluos programs in that list.
no, it is an older OEM disk...It lacks USB2.0, So I take my saved SP4
upgrade I got before M$ made us pull pur pants down and take a shot of
code to make sure we own the OS install.
BTW...I drop the defenses reluctantly and incrementally to enable manual
update [upgrade] from M$ but still don't pass the 'wideopenvulnerable
enough to allow your upgrade' test.
>
>> Dlink router setup,
> WTF? Doesn't it have a web configuration interface?
Yes it does. If you understand :MAC address and cloning same, protcols,
SSID, WLAN/WAN/LAN, ad-infinitum...AND don;t allow their farmed out tech
support to mislead you about when the WAN is actually activated, it is
probably a snap to make it secure...AND functional. I now know
192.168.0.1 like I know my birthdate!
>
>> all the Ibuddie drivers for NICard
>
> WTF? What a bunch of bloat is your NIC driver?
SIS drivers have a lot of applets.
>> THEN...disable a dozenservices,remove FILE&PRINT SHARING,
>
> Yes, reasonable.
Ok,I'm feelin on track now!
>
>> set the lame software defaults to block mobile code,
ZA, Dlink setup utility requires J-script enabled or it won't update
settings.....it just makes you think it does.
>
> What software and which settings?
>
>> not save any .DAT,HST
>
> What?
I'm just making a point; I dislike all the tracking of everything I
type,save,see,use,start,stop,plugin etc, So Disable password saving,
history,remember lastfile etc.
>> ...nor cookies web-bugs and like ilk....
>
> You're talking nonsense. Cookies aren't malicious. Web-bugs don't exist.
Web-bugs do...scroll your mouse over bug-encoded webpages and watch the
script call in the lower left...OR use DOM editor. A single pixle is
enough..and it can be the same color as the background=> invisible.
Scripted cookies are certainly capable of doing maliscious things, as I
read, AND, every problem [not of my own doing by
disabling useful services] has occurred while temporarilly enabling Java
/Java-Scripting or 'mobile code' to accomplish a download or a device
configuration. I get security levels reset, host file manipulated etc...
I have been reading that the old cookie has been supplanted with a
myriad of ways to get info you or I would likely not volunteer if given
a choice before it happened.
I doubt you are didactically 'out of date' on mal-techniques datamining
and exploits, so what are you getting at? Seriously, I know only
what I read from security dedicated websites...and less from opinion
columns and NGs unless public scrutiny exposes a fake professor.
>> then fight for an hour to find which services I accidently disabled
>
> See? That why you should take a look at the ntsvcfg script.
Well then I ask you; is that not the same as installing utilities from
websites? [like going sans condom, eventually something comes.... alive!
a
>> All because i lost my innocense reading how the boys at PHRAK get their
>> jollies!
>
> Then why aren't you running a Unix flavour?
I bought a MANDRAKE kit and realized that it was only safer because I
'could' get to know the code intimately [unlike M$ code]. In
otherwords, it is only safer if I REALLY understand what I'm doing. I
plan to install it on a separate laptop specifically for learning, and
learing about the free V-OS I have as well.
Until then, I am still working on making windows work for me. [country
song in the works]
>>>> but DHCP fails because NETBUI is innactivated If I disable it in
SERVices.msc
>>> Very strange.
>> I thought so as well... and that is becasue I am not even sure of what I
>> don't know yet.
>
> Maybe you might use Regmon to track down this bug?
Does regmon track registry changes? ZA alerts me to ALLOW/DISALLOW every
instance of a program, module or process before it makes a registry
change. There are still many changes that slip by unannounced though;
must be at the kernal level?[ring1?] Even Spybot Teatimer stops
responding to registry changes after a few days.
I have a beef with all commercial security software [to date]; in order
to allow people with even less knowledge than I to get running they
allow some questionable defaults on install. FOR EG; both Mcafee and
Symantic allow every already on your computer 'trusted' status...from
spyware, datamining phonehome-ware to mal-ware. Worse, you can't
unselect many of them either.
Atleast ZA allows manual reconfiguration but who would want to allow
WEBBUGS and a dozen or so clicktracking URLs to have 'trusted' status by
default...unless they paid for that privilege!? At least they can be
removed though in ZA.
>
>> With Ethereal in 'promiscuous mode' it is incredible [to me] how much
>> broadcasting and icmp traffic there is at any one moment.
>> Fr,Israel,Cn,Ru,USA...and how much is lost/misdirected and how much is
>> actively seeking vulerable IP addresses is unknown to me but this is a fact:
>> Twice, while connecting my computer to the internet via an ethernetcable
>> and W2k [no firewall] I had a bogus popup before I could even pop in the
>> ZA CD....as though there is near constant broadcasting seeking open
>> unprotected servers to compromise.
>>
>> Help?
>
> Get the patches installed before you go online. Or at least get the
> vulnerable services deactivated. Or active the TCP/IP filtering or RAS
> firewall.
I saw that applet. Would I enable filtering of TCP,UDP,IP and allow only
port80 I/O, 110 In, 25 Out, 53 I/O[dns lookup]?
There an applet to ENABLE NETBIOS LOOKUP, DISABLE/BLOCK NETBIOS OVER TCP/IP
This is exactly where I eventually disable something and can't recover.
All I want is HTTP browsing, email and newsreader...maybe file download.
Is that so hard to enable without loosing DNS lookup, DHCP IP assignment
and connect ability?
I know your time is valuable.
maybe I'll try the script for now...of course i have to pull down my
pants to download and then run it though.
Warf.
|
|
Posted by Sebastian Gottschalk on February 5, 2007, 1:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Thus, what about now finally understanding that this script does exactly
>> what you want?
>
> Ungh, I took for granted that running someone elses code to accomplish a
> task i 'could' do manually was sloppy and invited malware?
Isn't that the reason why it's Open Source? (beside that this is by design)
>>> and settled in the Winnt\internetlogs\ZA as J.S-LAME
>>
>> JS-Lame sounds like a JavaScript which does some non-malicious, but
>> annoying (thus lame) action. I guess its description will point this out
>> exactly.
>
> Well I can't wait for the VBS-blowjob virus to go wild!
And I can't wait for an RFC for "remote-stabbing over TCP/IP"...
>> SP4 should have already been integrated in your Windows 2000 CD. And still
>> I sense at least 3 superfluos programs in that list.
> no, it is an older OEM disk...It lacks USB2.0
There a various guides on the net that describe how to convert an OEM
install disc into a retail version. But, even though, OEM disks can also
get SP4 integrated.
> So I take my saved SP4
> upgrade I got before M$ made us pull pur pants down and take a shot of
> code to make sure we own the OS install.
Huh?
> BTW...I drop the defenses reluctantly and incrementally to enable manual
> update [upgrade] from M$ but still don't pass the 'wideopenvulnerable
> enough to allow your upgrade' test.
Are you talking about Windows Automatic Updates or the Windows Update
website?
>> What software and which settings?
>>
>>> not save any .DAT,HST
>>
>> What?
>
> I'm just making a point; I dislike all the tracking of everything I
> type,save,see,use,start,stop,plugin etc,
Even if this is just supposed to assist you?
>>> ...nor cookies web-bugs and like ilk....
>>
>> You're talking nonsense. Cookies aren't malicious. Web-bugs don't exist.
>
> Web-bugs do...scroll your mouse over bug-encoded webpages and watch the
> script call in the lower left...OR use DOM editor. A single pixle is
> enough..and it can be the same color as the background=> invisible.
This is no web-bug. It's something that is supposed to work like this, and
there's nothing malicious about it.
> Scripted cookies are certainly capable of doing maliscious things,
So? What specifically?
> as I read, AND, every problem [not of my own doing by
> disabling useful services] has occurred while temporarilly enabling Java
> /Java-Scripting or 'mobile code' to accomplish a download or a device
> configuration.
Interesting. Could it be that your Java VM and/or your webbrowser is
totally outdated?
> I get security levels reset, host file manipulated etc...
WTF? A non-admin user doesn't even have write access to the HOSTS file.
> I doubt you are didactically 'out of date' on mal-techniques datamining
> and exploits, so what are you getting at?
You should learn to differ between non-identifying information,
computer-identifying information and personal information, as well as who
can read it under which circumstances.
About exploits: The official statistics tell that Mozilla Firefox, if
always kept up-to-date, was at best vulnerable for 34 days for a
non-critical problem. Which could already have been worked around by
pro-active configuration.
>>> then fight for an hour to find which services I accidently disabled
>>
>> See? That why you should take a look at the ntsvcfg script.
>
> Well then I ask you; is that not the same as installing utilities from
> websites?
A script is a script is a series of commands that you can read in
cleartext. You can easily read how the script determines the Windows
version, configures the services and adds registry entries.
>>> All because i lost my innocense reading how the boys at PHRAK get their
>>> jollies!
>>
>> Then why aren't you running a Unix flavour?
>
> I bought a MANDRAKE kit
I pity you. Mandrake is about the second-worst to start off.
>>>>> but DHCP fails because NETBUI is innactivated If I disable it in
SERVices.msc
>>>> Very strange.
>>> I thought so as well... and that is becasue I am not even sure of what I
>>> don't know yet.
>>
>> Maybe you might use Regmon to track down this bug?
>
> Does regmon track registry changes?
As the name (and the description of the program) implies.
> ZA alerts me to ALLOW/DISALLOW every instance of a program,
> module or process before it makes a registry change.
If you're still running ZoneAlarm, you shouldn't wonder about anything
going wrong in your system. The registry functions filter fucking it up a
bit should be your least worries.
> FOR EG; both Mcafee and
> Symantic allow every already on your computer 'trusted' status...from
> spyware, datamining phonehome-ware to mal-ware. Worse, you can't
> unselect many of them either. Atleast ZA allows manual reconfiguration
What about using Windows' security features? Now this allows you to define
security domains and, in contrast to the addon nonsense, can actually
enforce this policy.
>> Get the patches installed before you go online. Or at least get the
>> vulnerable services deactivated. Or active the TCP/IP filtering or RAS
>> firewall.
>
> I saw that applet. Would I enable filtering of TCP,UDP,IP and allow only
> port80 I/O, 110 In, 25 Out, 53 I/O[dns lookup]?
Maybe you may want to read the documentation again. The TCP/IP filtering
only applies to inbound traffic and already works stateful. Thus, you don't
need to allow anything for TCP and UDP, and for IP you may just want 1,6
and 17.
> There an applet to ENABLE NETBIOS LOOKUP, DISABLE/BLOCK NETBIOS OVER TCP/IP
>
> This is exactly where I eventually disable something and can't recover.
> All I want is HTTP browsing, email and newsreader...maybe file download.
> Is that so hard to enable without loosing DNS lookup, DHCP IP assignment
> and connect ability?
Normally not. Maybe you should really consider uninstalling FroneAlarm?
|
|
Posted by warf on February 5, 2007, 3:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> warf wrote:
Hi Sebastian...through all the chatter I have lost the intent of your
initial
suggestion to use the De script to secure/disable my remote access. Are
you definatively saying "it is safe and contains no uninvited actions?
snip..
> And I can't wait for an RFC for "remote-stabbing over TCP/IP"...
I just realized; if we all had to sit on wet seats holding a wire
connected to line voltage and an ethernet enabled switched so that any
malicious code or commands sent
from your computer would shock the shit out of the sender ...
Remote Stabbing is pretty funny though...unless your loopback adapter
misdirects the command->home.
snip
>> So I take my saved SP4
>> upgrade I got before M$ made us pull pur pants down and take a shot of
>> code to make sure we own the OS install.
>
> Huh?
Metaphor for 'drop my protection'.
>
>> BTW...I drop the defenses reluctantly and incrementally to enable manual
>> update [upgrade] from M$ but still don't pass the 'wideopenvulnerable
>> enough to allow your upgrade' test.
>
> Are you talking about Windows Automatic Updates or the Windows Update
> website?
You make a good point...I was unaware that they are now different.
Before [goodol'days] I could manually download every security upate and
servicepack from MS.com but now...they send you a bit of Cop-code that
fails to run unless ALL defences are down [hence,the allusion to pants down]
snip...
>> I'm just making a point; I dislike all the tracking of everything I
>> type,save,see,use,start,stop,plugin etc,
>
> Even if this is just supposed to assist you?
I would have considered the original intent of cookies to be patently
'assistive'... but those days are long gone. I don't for a second
consider datamining 'assistive'. They have evolved significantly.
Data is now so valuable companies are but a few steps behind the
blackhats in implementing 'choice making software' that runs sans
consent. Cookies are not software but the ability to trigger 'features'
code is evolving rapidly....cookies are no longer benign. Supercookies
...well i am waiting to hear that justification. I don't need a law
degree to know when I've been beaten up or robbed. I don't need a
CompSci degree to know the Int-box is just the vehicle. Follow the money
Sebastien, motive and means almost certainly lead to the purps.
2points about "assitance in choice": I like to make choices and not have
them made for me, it muddys the waters of 'what's good for me'.
Secondly, see 1st point.
A the third of two points, trust has been broken so all websites are
duly bound to establish trust...And since I decide when to trust, I need
to be highly convinced.
Speaking of convincing, Are you sure the script from ntsvcfg is benign
in addition to being useful?
snip...
>> Scripted cookies are certainly capable of doing maliscious things,
>
> So? What specifically?
reset browser features and security levels for one. Grab whatever data
the browser is designed [or inadvertently designed to] hand over or allow.
I defer to your knowledge FTSoA. I am still suspicious of unstated
assitance though.
>> as I read, AND, every problem [not of my own doing by
>> disabling useful services] has occurred while temporarilly enabling Java
>> /Java-Scripting or 'mobile code' to accomplish a download or a device
>> configuration.
>
> Interesting. Could it be that your Java VM and/or your webbrowser is
> totally outdated?
No. Latest Dec 19-06 download of firefox and t-bird. Windoz updates
reluctantly on Auto[persmion] to install required.
Speakingof...Windows claims to be unable to deliver me security updates
from the website [~ms.com] and asks for full trusted status
scripting,cookies,etc activated and sends me the 'validation' exe that
fails to run [or did it,was it "assisting me" in some other
unstatedway"??? BUT, auto updates bypass all security and permissions as
long as the required services are running. So...who owns my computer?
>
>> I get security levels reset, host file manipulated etc...
>
> WTF? A non-admin user doesn't even have write access to the HOSTS file.
vidasupra
I realize I am in gray water when trying to limit permissions and
still allow software mods,registry cleaning etc..
I no doubt have vulnerabilities ..... i came here seeking help not
claiming authority.
I do know something of human nature though and needn't be an expert in
all fields to spot funkiness in areas of limited authority.
For all the banter,I am still at you mercy and seeking assitance.
The rest is entertainment and long distance connection...Or, am I
responding to a BOT? Has AI finally made the leap?
You had me going HAL.
>
>> I doubt you are didactically 'out of date' on mal-techniques datamining
>> and exploits, so what are you getting at?
>
> You should learn to differ between non-identifying information,
> computer-identifying information and personal information, as well as who
> can read it under which circumstances.
You are absolutely correct there HAL, er ah, Sebastian. Unfortunately,
the trust has been abused by so many marketers that until I learn enough
about how to distinguish I will be handycapped.
>
> About exploits: The official statistics tell that Mozilla Firefox, if
> always kept up-to-date, was at best vulnerable for 34 days for a
> non-critical problem. Which could already have been worked around by
> pro-active configuration.
True...but I am talking about my INsecurity at an even more basic level;
that of which options to disallow and which services to disable and ...
I have come to accept that a determined and clever hacker will always
have his/her way with my box....that didn't come out right!
...
> A script is a script is a series of commands that you can read in
> cleartext. You can easily read how the script determines the Windows
> version, configures the services and adds registry entries.
ok, I'll give it a go.
...
> I pity you. Mandrake is about the second-worst to start off.
You could probably pity me for more substantial reasons...like my need
to inject humor to gain acceptance, and my unfortunate physical
features, and...
>> ZA alerts me to ALLOW/DISALLOW every instance of a program,
>> module or process before it makes a registry change.
>
> If you're still running ZoneAlarm, you shouldn't wonder about anything
> going wrong in your system. The registry functions filter fucking it up a
> bit should be your least worries.
Can you give me a "F'r instance"?
Why are you so averse to ZA? of all the commercial FWs it at least
allowed me a modicum of insight into what passes twixt my puty and the
wire. Were it not for that I [most non-experts] would have no idea of
how much undisclosed persons want our data and how much mischief is on
the superhiway.
This much I will admitt, now that I see figures like 605,000 instances
reported of but a single mal-port seek in a month[day?] ...network
admins must be sick of the "ZA just notified me of a blocked attack..."
and i know from my ISP that even they don;t get any response from other
ISPs to shutdown mal~ and attack sites.
So, at least I have progressed to 'empathy' for you.
>
> What about using Windows' security features? Now this allows you to define
> security domains and, in contrast to the addon nonsense, can actually
> enforce this policy.
BINGO! That is what I really really wanted to learn from you...how do I
shut down non-essential services in W2k [or XP] and change permissions
to harden and control what leaves and enters my computer?
The rest is entertaining and I hope you enjoy it as much as I and don't
feel the need to light up after a reply...[that damned injection again!]
Seriously, my attempts have led to 'failure to connect', faliure to
launch', failure to fail... and even with all the reading I have been
doing I suspect many admins seek the same thing ...else there would be
no NG dedicated to this.
>....
>> There an applet to ENABLE NETBIOS LOOKUP, DISABLE/BLOCK NETBIOS OVER TCP/IP
that still perplexesme...
Thanks for the assitance thus far Sebastian.
Warf.
|
| Similar Threads | Posted | | Is this an accurate interpretation of this mail header? Any advice is thankful. | April 21, 2007, 8:28 pm |
| ANNOUNCE: Syngress E-Book - Sockets, Shellcode, Porting & Coding | September 1, 2006, 9:15 pm |
| netstat -a question | July 19, 2005, 4:39 pm |
| Which of these netstat connections should be banned on WinXP? | March 23, 2006, 2:57 am |
| Getting win2k admin password? | October 27, 2005, 3:06 pm |
| Win2K Complex Password Enforcement | August 1, 2005, 3:49 pm |
| win2k machine hacked with Serv-U FTP etc | May 29, 2006, 11:37 pm |
| Simple security software for Win2k | October 16, 2006, 9:49 pm |
| "process deneid" running on win2k machine | June 16, 2005, 6:16 pm |
| Re: Anti-malware on Win2K: Run as administrator or user | February 4, 2006, 6:48 am |
|
XML site map