[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cs-club] Why IRC is blocked on campus

To: "Brian Haynes" <deus777@earthling.net>,cs-club@list.acs.uwosh.edu
Subject: Re: [Cs-club] Why IRC is blocked on campus
From: Anthony Curreri <tony@hnet.net>
Date: Mon, 30 Sep 2002 17:53:53 -0500
Delivered-to: mailman-cs-club@list.acs.uwosh.edu
In-reply-to: <20020930174023.32410.qmail@mail.com>
List-archive: <http://lists.uwosh.edu/pipermail/cs-club/>
List-id: Computer Science Club <cs-club.lists.uwosh.edu>
List-post: <mailto:cs-club@lists.uwosh.edu>
Sender: cs-club-admin@lists.uwosh.edu

At 11:40 AM 9/30/2002 -0600, Brian Haynes wrote:

---<snip>---
Being
> that there are thousands of computers on campus, it would be impossible to
> track them all down before un blocking the port, as conceptually, someone
> would have to physically visit all machines.
---<snip>---
Ok, I was under the impression from your previous email that you alreadyknew which small set of machines were compromised.

Well those were the machines that we KNEW were compromised, but I'm surethere are others.

---<snip>---
Even if they had the manpower to visit all machines, each

> computer seems to have been compromised manually, by a person, so thereare

> no static indications of the attack.
---<snip>---
By manually, do you mean they had physical access to the machine?

No, the compromise was via the network. An off-site attacker had access toa command line, and they "manually" installed the IRC bot. I meant to saythat it wasn't some script or automated program that did it.

---<snip>---
> However, a compromised computer is known in the security world as being
> "owned".  Once a computer is owned it is not your computer anymore.  I
> believe it would be possible for someone to use a compromised computer to
> compromise other computers inside our network, because once they areinside> the netbios ports are no longer blocked from them. Does this makesense to
> anyone?
---<snip>---
No doubt it would be possible to compromise machines from inside thenetwork. You mentioned in your previous email that the exploit on theNetbios port allowed for a command-line. What prevents someone frominside the network from using this exploit to do something on otherpeople's machines besides IRC?
     -Brian

NOTHING! Be a good user, run a firewall. The Internet is a scaryplace. As a side note, XP seems to have some sort of firewalling builtin. I wonder if anyone has played with it? I use a hardware firewall, soI haven't bothered.


Tony

--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

_______________________________________________
Computer Science Club's mailing list
cs-club@list.acs.uwosh.edu

Follow-Ups:
- Re: [Cs-club] Why IRC is blocked on campus
  - From: Rene Horn <rhorn@freeshell.org>

References:
- Re: [Cs-club] Why IRC is blocked on campus
  - From: "Brian Haynes" <deus777@earthling.net>

Prev by Date: [Cs-club] Legos Robots Solve Rubix Cube
Next by Date: Re: [Cs-club] Why IRC is blocked on campus
Previous by thread: Re: [Cs-club] Why IRC is blocked on campus
Next by thread: Re: [Cs-club] Why IRC is blocked on campus
Index(es):
- Date
- Thread