Date: Tue, 6 Jul 1999 13:22:51 -0400 From: Christopher Michaels <ChrisMic@clientlogic.com> To: 'Rami Soudah' <rsodah@index.com.jo>, FreeBSD-Questions@FreeBSD.org Subject: RE: WinNuke Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105A7B@site2s1>
next in thread | raw e-mail | index | archive | help
You just need to firewall off ports 137-139 (tcp AND udp), you won't have to worry about winnukes anymore (although if you are properly patched you shouldn't have to worry anyway). -Chris > -----Original Message----- > From: Rami Soudah [SMTP:rsodah@index.com.jo] > Sent: Saturday, July 03, 1999 2:38 PM > To: FreeBSD-Questions@FreeBSD.org > Subject: WinNuke > > Greetings, > > Last night I had a situation: > NukeNabber2.9b at the Win box was crashed > due to a port-scanning via nmap from the BSD box with the message: > > "Exception EStackOverflow in module > NUKENABBER.EXE at 00004AEC > Stack Overflow." > "This program has preformed an illegal operation and > will shutdown." > > at that time I was Offline (not connected to the > internet) > > I did nmap <win-ip>, to know which ports are still open > bash-2.02$ nmap 192.168.0.2 > Starting nmap V. 1.51 by Fyodor (fyodor@dhp.com, > www.dhp.com/~fyodor/nmap/) > Open ports on metro (192.168.0.2): > Port Number Protocol Service > 53 tcp domain > 129 tcp pwdgen > 137 tcp netbios-ns > 138 tcp netbios-dgm > 139 tcp netbios-ssn > > > Network: ISP-modem-BSD-Win > > In the Log File of nukenabber, I found the following: > [07/02/1999 10:14:43] Connection: EARTH (192.168.0.1) on port 137 (tcp). > > [07/02/1999 10:14:53] Connection on port 137 (tcp) timed out waiting for > data. > [07/02/1999 10:14:53] Port 137 (tcp) is now disabled for 60 seconds. > [07/02/1999 10:16:40] Port 137 (tcp) is re-enabled. > [07/02/1999 10:18:37] Connection: EARTH (192.168.0.1) on port 53 (tcp). > [07/02/1999 10:18:46] Connection on port 53 (tcp) timed out waiting for > data. > [07/02/1999 10:18:46] Port 53 (tcp) is now disabled for 60 seconds. > [07/02/1999 10:20:34] Port 53 (tcp) is re-enabled. > [07/02/1999 10:20:34] Disconnect: on port 129 (tcp). > [07/02/1999 10:20:34] Port 129 (tcp) is now disabled for 60 seconds. > [07/02/1999 10:20:34] Disconnect: on port 138 (tcp). > [07/02/1999 10:20:34] Port 138 (tcp) is now disabled for 60 seconds. > [07/02/1999 10:20:34] Connection: EARTH (192.168.0.1) on port 0 (tcp). > [07/02/1999 10:21:36] Port 138 (tcp) is re-enabled. > [07/02/1999 10:21:36] Port 129 (tcp) is re-enabled. > > > Could someone tell me why thats happend? > Do I need NukeNabber to protect the Win box from WinNuke? > Which FireWall rules do I have to set up at my rc.firewall to protect > the > Win box from nuke and to close the open ports? > > > -pons > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB4401105A7B>