IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Problem solved (so far)
Post #123,401
by Meerkat
10/30/03 6:02:09 AM
10/30/03 7:01:08 AM
Reply
New Problem solved (so far)
Finally got Ad-Aware and AVG on there - their system had Nachi worm and MSBlaster worm. But - not any more :)

So, am dialled up on the machine right now, and have passed the 20 minute mark with flying colours. So, I don't have to hand in my Geek badge after all :-)

Thanks for your suggestions.

Edit: Spelling/typos.
John. Busy lad.
Expand Edited by Meerkat Oct. 30, 2003, 07:01:08 AM EST
Expand All History
Post #124,332
by screamer
Picture of screamer
11/5/03 4:16:51 PM
Reply
New Don't remove nachi... it's a good worm
Really... [link|http://www.microsoft.com/security/antivirus/nachi.asp|http://www.microsoft...tivirus/nachi.asp]
I found it on one of my 2k servers last week (behind three firewalls - border router and sidewinder - running MacAffee Personal Firewall) Must have been when the fscker was booting up the very first time behind the NAT... Note to Win Admins... The frigging 10 seconds before MacAffee Firewall loads is more than enough time to be hacked. Pull the plug on your servers after reboot until desired time (or disable the nic).

Speaking of W2K administration - I'm getting sick of patching W2K machines. It's a full time job. Just reading the security bulletins on a semi-weekly basis is tiresome. The server that got nachi has only 25 out, 80 and 443 open. All services (cept iis and SQL) have been turned off... How do you protect against this shit?

Think about it. The "cracker/hacker/whatever" that wrote nachi was trying to help us out... Just bitching. Never mind.
Just a few thoughts,

Screamer


But take your time, think a lot,
Why, think of everything you've got.
For you will still be here tomorrow, but your dreams may not.

Y. Islam - Father and Son
Post #124,333
by Andrew Grygus
Picture of Andrew Grygus
11/5/03 4:28:52 PM
Reply
New Remove nachi... it's a bad worm
Network administrators found Nachi created more network traffic than Blaster did and brought operations to a crawl in some cases.
[link|http://www.aaxnet.com|AAx]
Post #124,336
by Steve Lowe
11/5/03 4:40:59 PM
Reply
New It killed our network here
Effectively an internal DoS. Nice? My ass!
-----
Steve
Post #124,337
by screamer
Picture of screamer
11/5/03 4:44:37 PM
Reply
New Poor attempt at sarcasm on my part?
I'm getting the feeling that the payload of nachi is an in your face "feeling sorry for you poor bastards"... No doubt that it creates traffic. Fortunately for me, all my firewalls stopped it from showing that side of itself. Hey, at least the firewalls are good for something...
Just a few thoughts,

Screamer


But take your time, think a lot,
Why, think of everything you've got.
For you will still be here tomorrow, but your dreams may not.

Y. Islam - Father and Son
     W2KPro loses connectivity after 5 mins on dial-up. - (Meerkat) - (9) - Oct. 26, 2003, 01:02:53 AM EDT
         Try Knoppix if possible - (kmself) - Oct. 26, 2003, 01:18:30 AM EDT
         Did you try this: - (orion) - Oct. 26, 2003, 08:29:21 AM EST
         sounds like a worm -NT - (deSitter) - Oct. 26, 2003, 10:00:18 AM EST
         Does the ISP use a windoze RAS? - (boxley) - Oct. 26, 2003, 10:17:11 AM EST
         Problem solved (so far) - (Meerkat) - (4) - Oct. 30, 2003, 07:01:08 AM EST
             Don't remove nachi... it's a good worm - (screamer) - (3) - Nov. 5, 2003, 04:16:51 PM EST
                 Remove nachi... it's a bad worm - (Andrew Grygus) - (2) - Nov. 5, 2003, 04:28:52 PM EST
                     It killed our network here - (Steve Lowe) - Nov. 5, 2003, 04:40:59 PM EST
                     Poor attempt at sarcasm on my part? - (screamer) - Nov. 5, 2003, 04:44:37 PM EST

Minimal oversight is seen as more expensive and odious than frequent disaster.
58 ms