Re: is this a this virus or an error
On 06/03/2013 05:58 AM, g wrote: greetings konstantin and john. excuse delay in replying. i extended my 'memorial day weekend' to a 'memorial week'. On 05/24/2013 12:03 PM, Konstantin Olchanski wrote: On Fri, May 24, 2013 at 11:50:12AM -0500, g wrote: Your 2701HG-B Gateway has intercepted your web page ... Get a real gateway that just gateways without trying to be your virus checker, your nanny and your IP policeman. this one has been doing fine up until now. (Hint: most internet boxes given out by internet providers can be switched to a pass-through (aka bridge) mode, then you attach your own nanny-free NAT/Wifi box to it). that is possible with this dsl router as it has; Bridged LLC Bridged VC-Mux Routed LLC Routed VC-Mux but i would rather leave it as is as it is actually working fine with exception of this one minor hiccup. On 05/24/2013 12:34 PM, John Lauro wrote: > Linux can get viruses too including ones that could cause the symptoms > described. this is true. with most of the 'script kiddies' being linux users who dislike oos, i would not think they would try writing an oos appearing virus. too easy to track down. then again, no telling what they would do. ;-) in addition, from 'day one' of installing sl, i have 'clamav' installed and it has yet to show any problems. > Not sure what you mean by oos viruses, 'oos' = 'other operating system' > but the claim was blaster like, not the blaster virus. this is true, also. except > That said, it sounds suspicious like an attempt to get you to buy something. my feelings also. > Anyways, a virus on Linux is possible, but you can use argus or tcpdump > or a ton of other network monitoring tools on your machine and see if it > is spewing out random connections that it shouldn't be. just by noting the activity led flashing was enough to indicate to me that such was not happening. i posted to list to see if anyone might have a similar problem. i am considering installing 'argus', but my 'round2it' has not made it yet. if i really wanted to see what was going thru router, i would install another computer with 2 nic cards between dsl line and router to monitor traffic. as i have system setup now, i only allow traffic in that i have originated. i thank you both for your replies. in closing, my actual 'cure' for problem was to disable the warning. it did not seem to be working correctly as it would appear when i had from 4 to 8 tabs open in firefox. under such conditions, i really did not feel that warning was proper, because in past, i have had up to 12 tabs open and there where no warnings. Presumably, the "OOS" mentioned above is some variety of MS Windows, as in the USA, Mac OS X cannot legally be installed on a non-Apple hardware platform, and it is rare for a Mac OS X user to install any Linux as the primary operating system environment. The reality of enduser workstations in a mixed environment is that one is forced to install MS Windows. Many proprietary applications, licensed for fee (e.g., products from Intuit), are not available for Linux. Thus, one is forced to use either the nightmare of dual boot systems, or using a virtual machine under Linux (I personally use Oracle VirtualBox that is licensed for free) and installing MS Windows thereunder. My understanding is that anti-compromise software (e.g., ClamAV) must be installed on both the Linux host as well as the MS guest as a compromise of the guest could compromise some resources on the host. Free Software Foundation purists will reject any use of proprietary "non-free" software, but those of us who use the machines and are not attempting to make a socio-political statement need to run proprietary applications for certain special circumstances. Yasha Karant
Re: is this a this virus or an error
greetings konstantin and john. excuse delay in replying. i extended my 'memorial day weekend' to a 'memorial week'. On 05/24/2013 12:03 PM, Konstantin Olchanski wrote: On Fri, May 24, 2013 at 11:50:12AM -0500, g wrote: Your 2701HG-B Gateway has intercepted your web page ... Get a real gateway that just gateways without trying to be your virus checker, your nanny and your IP policeman. this one has been doing fine up until now. (Hint: most internet boxes given out by internet providers can be switched to a pass-through (aka bridge) mode, then you attach your own nanny-free NAT/Wifi box to it). that is possible with this dsl router as it has; Bridged LLC Bridged VC-Mux Routed LLC Routed VC-Mux but i would rather leave it as is as it is actually working fine with exception of this one minor hiccup. On 05/24/2013 12:34 PM, John Lauro wrote: > Linux can get viruses too including ones that could cause the symptoms > described. this is true. with most of the 'script kiddies' being linux users who dislike oos, i would not think they would try writing an oos appearing virus. too easy to track down. then again, no telling what they would do. ;-) in addition, from 'day one' of installing sl, i have 'clamav' installed and it has yet to show any problems. > Not sure what you mean by oos viruses, 'oos' = 'other operating system' > but the claim was blaster like, not the blaster virus. this is true, also. except > That said, it sounds suspicious like an attempt to get you to buy something. my feelings also. > Anyways, a virus on Linux is possible, but you can use argus or tcpdump > or a ton of other network monitoring tools on your machine and see if it > is spewing out random connections that it shouldn't be. just by noting the activity led flashing was enough to indicate to me that such was not happening. i posted to list to see if anyone might have a similar problem. i am considering installing 'argus', but my 'round2it' has not made it yet. if i really wanted to see what was going thru router, i would install another computer with 2 nic cards between dsl line and router to monitor traffic. as i have system setup now, i only allow traffic in that i have originated. i thank you both for your replies. in closing, my actual 'cure' for problem was to disable the warning. it did not seem to be working correctly as it would appear when i had from 4 to 8 tabs open in firefox. under such conditions, i really did not feel that warning was proper, because in past, i have had up to 12 tabs open and there where no warnings. -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g .
Re: is this a this virus or an error
The latest ClamAV that I can find pre-ported fro SL6 x86-64 is http://pkgs.repoforge.org/clamav/clamd-0.97.7-1.el6.rf.x86_64.rpm Will this RPM "override" dependencies in the "stock" SL distribution? EL (and Linux in general) does not seem to have reliable polymorphism -- the default for these sorts of dependencies generally does not seem to install a different executable/library sub-tree independent of the stock distribution except in so far as the same files (e.g., libraries) are used. However, ClamAV still appears to be pre-production (0.x, not 1.x). Is it stable and useful? Yasha Karant On 05/24/2013 03:01 PM, Clint Bowman wrote: ClamAV seems to have a good pedigree--SANS has mentioned it frequently. Clint BowmanINTERNET:cl...@ecy.wa.gov Air Quality ModelerINTERNET:cl...@math.utah.edu Department of EcologyVOICE:(360) 407-6815 PO Box 47600FAX:(360) 407-7534 Olympia, WA 98504-7600 USPS: PO Box 47600, Olympia, WA 98504-7600 Parcels:300 Desmond Drive, Lacey, WA 98503-1274 On Fri, 24 May 2013, Yasha Karant wrote: Currently, which are the "best" antivirus programs for SL 6 X86-64? I am familiar with several Linux applicable antivirus applications: Avast, BitDefender, ClamAV, AVG, amongst others, but have not tested any of these on my current environment. Any current recommendations? Yasha Karant On 05/24/2013 10:34 AM, John Lauro wrote: Linux can get viruses too including ones that could cause the symptoms described. Not sure what you mean by oos viruses, but the claim was blaster like, not the blaster virus. That said, it sounds suspicious like an attempt to get you to buy something. Anyways, a virus on Linux is possible, but you can use argus or tcpdump or a ton of other network monitoring tools on your machine and see if it is spewing out random connections that it shouldn't be. - Original Message - From: "g" To: "scientific linux users" Sent: Friday, May 24, 2013 12:50:12 PM Subject: is this a this virus or an error greetings. last night while reading articles at 'news.yahoo.com' using firefox 17.0.6, i had 3 pages opened and this message popped up; +++ Excessive Sessions Warning Error Your 2701HG-B Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions: 192.168.1.144 The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses. Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature. To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software. If you continue to see this page after closing all open Web browser windows, restart your computer. [ ] Do not show me excessive session warnings in the future +++ i have, at previous times, had 8 to 10 pages opened and not received such a notice. curious as to what such a virus infected, i looked up 'blaster' at wikipedia.org to find; +++ The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003.[1] The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. +++ i contacted bellsouth and the rep insisted that i had a virus that was causing message. when i told her that i had doubt that it was a virus, because i run linux and oos viruses do not effect linux. she insisted that "viruses have a way of creeping into a system" and that for $100, i could have an online scan run to check my system. when i mentioned that notice stated; It is strongly recommended that the devices above be scanned for potential viruses. rep insisted that meant my computer and not the dsl modem. needless to say, if she did not understand what i was trying to explain to her that i was not using oos, she has little understanding about any virus problem. so, have any readers run across above notice or know of any virus that can enter a linux system to cause such a message to appear? tia.
Re: is this a this virus or an error
ClamAV seems to have a good pedigree--SANS has mentioned it frequently. Clint BowmanINTERNET: cl...@ecy.wa.gov Air Quality Modeler INTERNET: cl...@math.utah.edu Department of Ecology VOICE: (360) 407-6815 PO Box 47600FAX:(360) 407-7534 Olympia, WA 98504-7600 USPS: PO Box 47600, Olympia, WA 98504-7600 Parcels:300 Desmond Drive, Lacey, WA 98503-1274 On Fri, 24 May 2013, Yasha Karant wrote: Currently, which are the "best" antivirus programs for SL 6 X86-64? I am familiar with several Linux applicable antivirus applications: Avast, BitDefender, ClamAV, AVG, amongst others, but have not tested any of these on my current environment. Any current recommendations? Yasha Karant On 05/24/2013 10:34 AM, John Lauro wrote: Linux can get viruses too including ones that could cause the symptoms described. Not sure what you mean by oos viruses, but the claim was blaster like, not the blaster virus. That said, it sounds suspicious like an attempt to get you to buy something. Anyways, a virus on Linux is possible, but you can use argus or tcpdump or a ton of other network monitoring tools on your machine and see if it is spewing out random connections that it shouldn't be. - Original Message - From: "g" To: "scientific linux users" Sent: Friday, May 24, 2013 12:50:12 PM Subject: is this a this virus or an error greetings. last night while reading articles at 'news.yahoo.com' using firefox 17.0.6, i had 3 pages opened and this message popped up; +++ Excessive Sessions Warning Error Your 2701HG-B Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions: 192.168.1.144 The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses. Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature. To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software. If you continue to see this page after closing all open Web browser windows, restart your computer. [ ] Do not show me excessive session warnings in the future +++ i have, at previous times, had 8 to 10 pages opened and not received such a notice. curious as to what such a virus infected, i looked up 'blaster' at wikipedia.org to find; +++ The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003.[1] The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. +++ i contacted bellsouth and the rep insisted that i had a virus that was causing message. when i told her that i had doubt that it was a virus, because i run linux and oos viruses do not effect linux. she insisted that "viruses have a way of creeping into a system" and that for $100, i could have an online scan run to check my system. when i mentioned that notice stated; It is strongly recommended that the devices above be scanned for potential viruses. rep insisted that meant my computer and not the dsl modem. needless to say, if she did not understand what i was trying to explain to her that i was not using oos, she has little understanding about any virus problem. so, have any readers run across above notice or know of any virus that can enter a linux system to cause such a message to appear? tia.
Re: is this a this virus or an error
Currently, which are the "best" antivirus programs for SL 6 X86-64? I am familiar with several Linux applicable antivirus applications: Avast, BitDefender, ClamAV, AVG, amongst others, but have not tested any of these on my current environment. Any current recommendations? Yasha Karant On 05/24/2013 10:34 AM, John Lauro wrote: Linux can get viruses too including ones that could cause the symptoms described. Not sure what you mean by oos viruses, but the claim was blaster like, not the blaster virus. That said, it sounds suspicious like an attempt to get you to buy something. Anyways, a virus on Linux is possible, but you can use argus or tcpdump or a ton of other network monitoring tools on your machine and see if it is spewing out random connections that it shouldn't be. - Original Message - From: "g" To: "scientific linux users" Sent: Friday, May 24, 2013 12:50:12 PM Subject: is this a this virus or an error greetings. last night while reading articles at 'news.yahoo.com' using firefox 17.0.6, i had 3 pages opened and this message popped up; +++ Excessive Sessions Warning Error Your 2701HG-B Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions: 192.168.1.144 The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses. Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature. To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software. If you continue to see this page after closing all open Web browser windows, restart your computer. [ ] Do not show me excessive session warnings in the future +++ i have, at previous times, had 8 to 10 pages opened and not received such a notice. curious as to what such a virus infected, i looked up 'blaster' at wikipedia.org to find; +++ The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003.[1] The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. +++ i contacted bellsouth and the rep insisted that i had a virus that was causing message. when i told her that i had doubt that it was a virus, because i run linux and oos viruses do not effect linux. she insisted that "viruses have a way of creeping into a system" and that for $100, i could have an online scan run to check my system. when i mentioned that notice stated; It is strongly recommended that the devices above be scanned for potential viruses. rep insisted that meant my computer and not the dsl modem. needless to say, if she did not understand what i was trying to explain to her that i was not using oos, she has little understanding about any virus problem. so, have any readers run across above notice or know of any virus that can enter a linux system to cause such a message to appear? tia.
Re: is this a this virus or an error
Linux can get viruses too including ones that could cause the symptoms described. Not sure what you mean by oos viruses, but the claim was blaster like, not the blaster virus. That said, it sounds suspicious like an attempt to get you to buy something. Anyways, a virus on Linux is possible, but you can use argus or tcpdump or a ton of other network monitoring tools on your machine and see if it is spewing out random connections that it shouldn't be. - Original Message - From: "g" To: "scientific linux users" Sent: Friday, May 24, 2013 12:50:12 PM Subject: is this a this virus or an error greetings. last night while reading articles at 'news.yahoo.com' using firefox 17.0.6, i had 3 pages opened and this message popped up; +++ Excessive Sessions Warning Error Your 2701HG-B Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions: 192.168.1.144 The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses. Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature. To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software. If you continue to see this page after closing all open Web browser windows, restart your computer. [ ] Do not show me excessive session warnings in the future +++ i have, at previous times, had 8 to 10 pages opened and not received such a notice. curious as to what such a virus infected, i looked up 'blaster' at wikipedia.org to find; +++ The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003.[1] The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. +++ i contacted bellsouth and the rep insisted that i had a virus that was causing message. when i told her that i had doubt that it was a virus, because i run linux and oos viruses do not effect linux. she insisted that "viruses have a way of creeping into a system" and that for $100, i could have an online scan run to check my system. when i mentioned that notice stated; It is strongly recommended that the devices above be scanned for potential viruses. rep insisted that meant my computer and not the dsl modem. needless to say, if she did not understand what i was trying to explain to her that i was not using oos, she has little understanding about any virus problem. so, have any readers run across above notice or know of any virus that can enter a linux system to cause such a message to appear? tia. -- peace out. in a world with out fences, who needs gates. sl5.9 linux tc.hago. g .
Re: is this a this virus or an error
On Fri, May 24, 2013 at 11:50:12AM -0500, g wrote: > > Your 2701HG-B Gateway has intercepted your web page ... > Get a real gateway that just gateways without trying to be your virus checker, your nanny and your IP policeman. (Hint: most internet boxes given out by internet providers can be switched to a pass-through (aka bridge) mode, then you attach your own nanny-free NAT/Wifi box to it). -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
is this a this virus or an error
greetings. last night while reading articles at 'news.yahoo.com' using firefox 17.0.6, i had 3 pages opened and this message popped up; +++ Excessive Sessions Warning Error Your 2701HG-B Gateway has intercepted your web page request to provide you with this important message. The following devices on your network are using a large number of simultaneous Internet sessions: 192.168.1.144 The most likely cause of this issue is a ~blaster~ type virus which has infected the device. It is strongly recommended that the devices above be scanned for potential viruses. Note that a large number of sessions may occasionally be the result of application software or gaming software installed on the device. If you believe this is the case, click the ~Do not show me excessive session warnings in the future~ to disable this feature. To access the requested Web page that was intercepted, please close all browser windows and then restart your Web browser software. If you continue to see this page after closing all open Web browser windows, restart your computer. [ ] Do not show me excessive session warnings in the future +++ i have, at previous times, had 8 to 10 pages opened and not received such a notice. curious as to what such a virus infected, i looked up 'blaster' at wikipedia.org to find; +++ The Blaster Worm (also known as Lovsan, Lovesan or MSBlast) was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003.[1] The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. +++ i contacted bellsouth and the rep insisted that i had a virus that was causing message. when i told her that i had doubt that it was a virus, because i run linux and oos viruses do not effect linux. she insisted that "viruses have a way of creeping into a system" and that for $100, i could have an online scan run to check my system. when i mentioned that notice stated; It is strongly recommended that the devices above be scanned for potential viruses. rep insisted that meant my computer and not the dsl modem. needless to say, if she did not understand what i was trying to explain to her that i was not using oos, she has little understanding about any virus problem. so, have any readers run across above notice or know of any virus that can enter a linux system to cause such a message to appear? tia. -- peace out. in a world with out fences, who needs gates. sl5.9 linux tc.hago. g .