Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 03 Jul 1999 11:38:14 -0700
From:      "Rami Soudah" <rsodah@index.com.jo>
To:        FreeBSD-Questions@FreeBSD.org
Subject:   WinNuke
Message-ID:  <377E5896.9BD3A896@index.com.jo>
next in thread | raw e-mail | index | archive | help 
Greetings,

Last night I had a situation:
NukeNabber2.9b at the Win box was crashed
due to a port-scanning via nmap from the BSD box with the message:

"Exception EStackOverflow in module
NUKENABBER.EXE at 00004AEC
Stack Overflow."
"This program has preformed an illegal operation and
will shutdown."

at that time I was Offline (not connected to the
internet)

I did nmap <win-ip>, to know which ports are still open
bash-2.02$ nmap 192.168.0.2
Starting nmap V. 1.51 by Fyodor (fyodor@dhp.com,
www.dhp.com/~fyodor/nmap/)
Open ports on metro (192.168.0.2):
Port Number  Protocol  Service
53           tcp        domain
129          tcp        pwdgen
137          tcp        netbios-ns
138          tcp        netbios-dgm
139          tcp        netbios-ssn


Network: ISP-modem-BSD-Win

In the Log File of nukenabber, I  found the following:
[07/02/1999 10:14:43] Connection: EARTH (192.168.0.1) on port 137 (tcp).

[07/02/1999 10:14:53] Connection on port 137 (tcp) timed out waiting for
data.
[07/02/1999 10:14:53] Port 137 (tcp) is now disabled for 60 seconds.
[07/02/1999 10:16:40] Port 137 (tcp) is re-enabled.
[07/02/1999 10:18:37] Connection: EARTH (192.168.0.1) on port 53 (tcp).
[07/02/1999 10:18:46] Connection on port 53 (tcp) timed out waiting for
data.
[07/02/1999 10:18:46] Port 53 (tcp) is now disabled for 60 seconds.
[07/02/1999 10:20:34] Port 53 (tcp) is re-enabled.
[07/02/1999 10:20:34] Disconnect:  on port 129 (tcp).
[07/02/1999 10:20:34] Port 129 (tcp) is now disabled for 60 seconds.
[07/02/1999 10:20:34] Disconnect:  on port 138 (tcp).
[07/02/1999 10:20:34] Port 138 (tcp) is now disabled for 60 seconds.
[07/02/1999 10:20:34] Connection: EARTH (192.168.0.1) on port 0 (tcp).
[07/02/1999 10:21:36] Port 138 (tcp) is re-enabled.
[07/02/1999 10:21:36] Port 129 (tcp) is re-enabled.


Could someone tell me why thats happend?
Do I need NukeNabber to protect the Win box from WinNuke?
Which FireWall rules do I have to set up at my rc.firewall to protect
the
Win box from nuke and to close the open ports?


-pons





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?377E5896.9BD3A896>