From owner-freebsd-questions Sat Jul 3 2:40:52 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail0.index.com.jo (mail0.index.com.jo [212.38.128.13]) by hub.freebsd.org (Postfix) with ESMTP id 45A0314D03 for ; Sat, 3 Jul 1999 02:40:35 -0700 (PDT) (envelope-from rsodah@index.com.jo) Received: from index.com.jo ([212.38.128.88]) by mail0.index.com.jo (Netscape Messaging Server 3.62) with ESMTP id 345 for ; Sat, 3 Jul 1999 11:37:30 +0200 Message-ID: <377E5896.9BD3A896@index.com.jo> Date: Sat, 03 Jul 1999 11:38:14 -0700 From: "Rami Soudah" X-Mailer: Mozilla 4.51 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-Questions@FreeBSD.org Subject: WinNuke Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings, Last night I had a situation: NukeNabber2.9b at the Win box was crashed due to a port-scanning via nmap from the BSD box with the message: "Exception EStackOverflow in module NUKENABBER.EXE at 00004AEC Stack Overflow." "This program has preformed an illegal operation and will shutdown." at that time I was Offline (not connected to the internet) I did nmap , to know which ports are still open bash-2.02$ nmap 192.168.0.2 Starting nmap V. 1.51 by Fyodor (fyodor@dhp.com, www.dhp.com/~fyodor/nmap/) Open ports on metro (192.168.0.2): Port Number Protocol Service 53 tcp domain 129 tcp pwdgen 137 tcp netbios-ns 138 tcp netbios-dgm 139 tcp netbios-ssn Network: ISP-modem-BSD-Win In the Log File of nukenabber, I found the following: [07/02/1999 10:14:43] Connection: EARTH (192.168.0.1) on port 137 (tcp). [07/02/1999 10:14:53] Connection on port 137 (tcp) timed out waiting for data. [07/02/1999 10:14:53] Port 137 (tcp) is now disabled for 60 seconds. [07/02/1999 10:16:40] Port 137 (tcp) is re-enabled. [07/02/1999 10:18:37] Connection: EARTH (192.168.0.1) on port 53 (tcp). [07/02/1999 10:18:46] Connection on port 53 (tcp) timed out waiting for data. [07/02/1999 10:18:46] Port 53 (tcp) is now disabled for 60 seconds. [07/02/1999 10:20:34] Port 53 (tcp) is re-enabled. [07/02/1999 10:20:34] Disconnect: on port 129 (tcp). [07/02/1999 10:20:34] Port 129 (tcp) is now disabled for 60 seconds. [07/02/1999 10:20:34] Disconnect: on port 138 (tcp). [07/02/1999 10:20:34] Port 138 (tcp) is now disabled for 60 seconds. [07/02/1999 10:20:34] Connection: EARTH (192.168.0.1) on port 0 (tcp). [07/02/1999 10:21:36] Port 138 (tcp) is re-enabled. [07/02/1999 10:21:36] Port 129 (tcp) is re-enabled. Could someone tell me why thats happend? Do I need NukeNabber to protect the Win box from WinNuke? Which FireWall rules do I have to set up at my rc.firewall to protect the Win box from nuke and to close the open ports? -pons To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message