From: "Devon" <[EMAIL PROTECTED]>
> I actually tried this on 20 machines from my logs. It seems to have
> worked on one, and failed on 19 others. I managed to connect to all 20,
> but it appears that /scripts/root.exe wasn't available. I got an error
> message in response to the attempt.
>
> What would really help, is if the media and Microsoft would stop saying
> things like: "The vast majority of home users are not at risk for this
> exploit." (From several articles on CNN.com last week) It would be far
Very true.
> more useful if they told the public to open a dos window, and type
> netstat -p tcp and look for port 80. Hell, as long as they are looking,
Doesn't work. Here is the report from my W2K machine (addresses obscured):
>netstat -p tcp
Active Connections
Proto Local Address Foreign Address State
TCP XXXXXXXX:1047 XXXXXX.XXXXXXXX.XXX:telnet ESTABLISHED
TCP XXXXXXXX:1678 XXXXXX.XXXXXXXX.XXX:netbios-ssn ESTABLISHED
TCP XXXXXXXX:2058 XXXXXX.XXXXXXXX.XXX:netbios-ssn ESTABLISHED
TCP XXXXXXXX:2059 XXXXXX.XXXXXXXX.XXX:telnet ESTABLISHED
TCP XXXXXXXX:2797 XXXXXX.XXXXXXXX.XXX:netbios-ssn TIME_WAIT
--8<--
Note that I can HTTP in from the outside and get the default HTTP under
construction page.
Netstat -a works better:
--8<-- (With a LOT of ports edited out.)
>netstat -a
Active Connections
Proto Local Address Foreign Address State
....
TCP XXXXXXXXX:http XXXXXXXXX:0 LISTENING
....
TCP XXXXXXXXX:https XXXXXXXXX:0 LISTENING
--9<--
> they could remove some of the trojans that are probably installed. ;)
> They could then give them instructions for turning off the web servers
> they don't even know they are running.
>
> Seems to me that telling the clueless they have nothing to fear isn't
> going to make this go away.
Ah yup - and depreciation being what it is this is my $0.25 (worth less than
that aforementioned 1/50th of a dollar was when I was born.)
{^_-}
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
