[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cs-club] Why IRC is blocked on campus
---<snip>---
Would anyone care to know why IRC is blocked?
We were having a problem with computers all over campus, MIO servers, GIS lab computers, a few over in clow teaching, even our own laptop in the networking department. These computers were compromised via a vulnerability with Windows Netbios ports (like port 447 or something) wherein the attacker would get a command line going on the machine, once he/she owned the machine they would set up an IRC bot and use it to host files. Files like "big time racing" (a crappy video game) and moviez (haha, I used a 'z'). So we blocked the netbios ports and the IRC port. They should not be able to compromise more machines, but IRC is blocked to keep them from using the machines that are already compromised. For now, IRC is blocked indefinately. It seems that it will be blocked until someone can come up with a legitimate use for IRC, as right now it is seen by campus network security people as a theat. And no, chatting is not a good enough reason--use AIM (er, GAIM) or something to !
chat :)
---<snip>---
Maybe I don't understand this correctly, but couldn't you simply block Netbios, remove the IRC bot from the compromised machines, and be fine?
Secondly, why wasn't Netbios blocked from the outside anyhow? In my understanding, there should be no reason why you would need to connect to a machine outside campus using Netbios, hence why you can block it and no one cares.
I wonder if someone was trying to pull the same exploit on my laptop the other day. Four or five IPs kept sending UDP packets to ports 1025 and 1026 (Netbios) and ZoneAlarm just kept blocking them. :)
-Brian
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup