<< so you dont think that this method is considered a "trick"?? >>
No, but apparently you consider something that just about everybody does everyday on a Windows machine a "trick". Claiming that the user is tricked in to installing the trojan because they rebooted, is just making you look even more desperate.
You've actually become quite funny. Maybe it's just the late hour.
Russ, NCNE
its just funny that he claimed earlier that:
running exe's on somebody's pc over the network is the same as running it locally
and
file attributes make somebody vulnerable over network
[edit]both statements are blatently false[/edit]
then later claims that all he ever said was that write access was the vulnerability (when clearly he didnt)
running exe's on somebody's pc over the network is the same as running it locally
and
file attributes make somebody vulnerable over network
[edit]both statements are blatently false[/edit]
then later claims that all he ever said was that write access was the vulnerability (when clearly he didnt)
josphstalinator earlier
for somebody to use your comp in a DOS attack you would have had to install the trojan on your machine. theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections. the user has to install it or be tricked into instaling it
josphstalinator now:
an external user could definitely rig an unsuspecting machine to run a malicious script, or to install something that he placed on it.
which is my point exactly.
Man, my head hurts
-RedFox1
for somebody to use your comp in a DOS attack you would have had to install the trojan on your machine. theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections. the user has to install it or be tricked into instaling it
josphstalinator now:
an external user could definitely rig an unsuspecting machine to run a malicious script, or to install something that he placed on it.
which is my point exactly.
Man, my head hurts
-RedFox1
No, but apparently you consider something that just about everybody does everyday on a Windows machine a "trick". Claiming that the user is tricked in to installing the trojan because they rebooted, is just making you look even more desperate.
lol. so if we ask this user "did you mean to run that program" he will say "of course, everytime i reboot i expect to see 5-10 new programs running at startup. its so exciting!"
if somebody doesnt execute the program from their own free will then its a trick. simple as that
lol. so if we ask this user "did you mean to run that program" he will say "of course, everytime i reboot i expect to see 5-10 new programs running at startup. its so exciting!"
if somebody doesnt execute the program from their own free will then its a trick. simple as that
Okay, I just glanced through this entire thread, and I had to mention something:
I thought Russ's original statement was that if you executed a trojan that was stored on computer A from computer B, computer A would be infected. That's not possible - it's simply a shared device - anything you run from that drive on your local computer will only affect your local computer. For example, if you double-clicked an MP3 on your friend's shared drive, would the MP3 start playing on his computer? Therefore, I'm with josphstalinator on that one.
On the other hand, like Russ is indicating, it _is_ possible that the person who placed the trojan on computer A could, using his write-access, rig computer A to execute the trojan upon next restart. However, I don't think that's what you guys were arguing, was it?
Correct me if I'm wrong, but that's my interpretation of this thread!
I thought Russ's original statement was that if you executed a trojan that was stored on computer A from computer B, computer A would be infected. That's not possible - it's simply a shared device - anything you run from that drive on your local computer will only affect your local computer. For example, if you double-clicked an MP3 on your friend's shared drive, would the MP3 start playing on his computer? Therefore, I'm with josphstalinator on that one.
On the other hand, like Russ is indicating, it _is_ possible that the person who placed the trojan on computer A could, using his write-access, rig computer A to execute the trojan upon next restart. However, I don't think that's what you guys were arguing, was it?
Correct me if I'm wrong, but that's my interpretation of this thread!
thought Russ's original statement was that if you executed a trojan that was stored on computer A from computer B, computer A would be infected. That's not possible - it's simply a shared device - anything you run from that drive on your local computer will only affect your local computer. For example, if you double-clicked an MP3 on your friend's shared drive, would the MP3 start playing on his computer? Therefore, I'm with josphstalinator on that one.
the argument is that as im disproving the above logic he is claiming that he never said or implied the above
the argument is that as im disproving the above logic he is claiming that he never said or implied the above
Alright, now that you're done with that, how bout helping me out with this:
A Quick & Easy Check for IRC Zombie/Bots
*************
C:\WINDOWS\Desktop>netstat -an | find ":6667"
TCP 192.168.1.100:1667 216.234.161.197:6667 ESTABLISHED
do I indeed have a bot running behind my linksys?
A Quick & Easy Check for IRC Zombie/Bots
*************
C:\WINDOWS\Desktop>netstat -an | find ":6667"
TCP 192.168.1.100:1667 216.234.161.197:6667 ESTABLISHED
do I indeed have a bot running behind my linksys?
Wait, but he did, right?
<< konichiwa,
Next time you're on your network, browse over to another PC, pick an exe file and run it. It may not work correctly on your local machine, but it will sure as hell will open on the accessed machine. >>
I'm so lost. Why are you guys fibbling over what he said or didn't say? I mean, it's right there, isn't it?
<< konichiwa,
Next time you're on your network, browse over to another PC, pick an exe file and run it. It may not work correctly on your local machine, but it will sure as hell will open on the accessed machine. >>
I'm so lost. Why are you guys fibbling over what he said or didn't say? I mean, it's right there, isn't it?
IBHack:
Do you use mircx.com? It's got a built-in IRC interface. A traceroute for that IP reveals mircx.com. No biggie, unless you're not using it
Do you use mircx.com? It's got a built-in IRC interface. A traceroute for that IP reveals mircx.com. No biggie, unless you're not using it
<< Do you use mircx.com? It's got a built-in IRC interface. A traceroute for that IP reveals mircx.com. No biggie, unless you're not using it >>
Not using mircx.com ... though the site looks familiar?
<< ya get zone alarm, however, if you are not using a firewall please feel free to post your ip#... im conducting a 'test' >>
what kind of "test"?
Lore-
i think the argument was over this statement:
for somebody to use your comp in a DOS attack you would have had to install the trojan on your machine. theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections. the user has to install it or be tricked into instaling it.
russ doesnt think that writing to a persons disk and waiting for them to restart constitutes a "trick" so he didnt think i knew what i was talking about
on the other hand he was all over the place so it was pretty obvious that he didnt appear as if he knew what he was talking about
i think the argument was over this statement:
for somebody to use your comp in a DOS attack you would have had to install the trojan on your machine. theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections. the user has to install it or be tricked into instaling it.
russ doesnt think that writing to a persons disk and waiting for them to restart constitutes a "trick" so he didnt think i knew what i was talking about
on the other hand he was all over the place so it was pretty obvious that he didnt appear as if he knew what he was talking about
At one point I may have visited mircx.com
I think it was for a chat with some members here. After deleting history and temp internet files, the port is no longer open.
It makes me wonder if browsing a site like that, can open port 6667 for just the sort of thing discussed in the article?
I think it was for a chat with some members here. After deleting history and temp internet files, the port is no longer open.
It makes me wonder if browsing a site like that, can open port 6667 for just the sort of thing discussed in the article?
IBHack:
Well if you visited the site and all, no big deal. I sit on IRC for days at a time I alwaws have at least one connection to a server via port 6667. It's only when you're NOT running an IRC client that you should be cautious.
I don't think Steve warned people that 6667 will show up if they use IRC... many false alarms I bet.
Well if you visited the site and all, no big deal. I sit on IRC for days at a time I alwaws have at least one connection to a server via port 6667. It's only when you're NOT running an IRC client that you should be cautious.
I don't think Steve warned people that 6667 will show up if they use IRC... many false alarms I bet.
THE USER DOES NOT HAVE TO EXECUTE IT. They only have to leave the machine open for the placement of the trojan. Unless you take definitive steps to prevent it, the machine is automatically open.
Windows 95 and 98 bind TCP/IP to file and print sharing by default. Most files are write eneabled BY DEFAULT
this is what really confuses the hell out of me. he implies here that file attributes create some sore of vulnerability.... its just so blantantly wrong
well he is long gone, i guess its time for me to go as well
Windows 95 and 98 bind TCP/IP to file and print sharing by default. Most files are write eneabled BY DEFAULT
this is what really confuses the hell out of me. he implies here that file attributes create some sore of vulnerability.... its just so blantantly wrong
well he is long gone, i guess its time for me to go as well
Gunbuster
Diamond Member
- Oct 9, 1999
- 6,852
- 23
- 81
The only way to get a trojan installed is to have directorys like windows, and the start menu shared, netbios bound to TCP/IP
So the Haxor uploads to the his trojan and puts it in the startup folder
You need to have the windows directory shared to do this right? Who shares the windows folder?
So the Haxor uploads to the his trojan and puts it in the startup folder
You need to have the windows directory shared to do this right? Who shares the windows folder?
i use atguard.
at last year's pcexpo, i looked at NIS, after knowing that symantec bought it, and did not change it much at all. and in fact made it into several products.
i harassed the rep and asked stupid questions. this was my last statement: i have a hardware firewall.
at last year's pcexpo, i looked at NIS, after knowing that symantec bought it, and did not change it much at all. and in fact made it into several products.
i harassed the rep and asked stupid questions. this was my last statement: i have a hardware firewall.
Eug
Lifer
- Mar 11, 2000
- 24,176
- 1,816
- 126
<< Okay, I just glanced through this entire thread, and I had to mention something:
I thought Russ's original statement was that if you executed a trojan that was stored on computer A from computer B, computer A would be infected. That's not possible - it's simply a shared device - anything you run from that drive on your local computer will only affect your local computer. For example, if you double-clicked an MP3 on your friend's shared drive, would the MP3 start playing on his computer? Therefore, I'm with josphstalinator on that one.
On the other hand, like Russ is indicating, it _is_ possible that the person who placed the trojan on computer A could, using his write-access, rig computer A to execute the trojan upon next restart. However, I don't think that's what you guys were arguing, was it?
Correct me if I'm wrong, but that's my interpretation of this thread! >>
OK as I see it.
Stalin was arguing it's not possible to infect a computer remotely directly. Russ said it's easily done. Initially Russ said they could execute a trojan remotely, which Stalin and others disagreed with because the program had to be executed locally even if the trojan managed to plop itself on the victim's hard drive. I am with Stalin on this. Russ and others pointed out that you didn't have to really "trick" the user to run it. You could almost guarantee the trojan would be run simply by sticking it in the Windows Startup directory. So after learning this point I'm with Russ on this one.
In other words as I interpret it, they're both right, or wrong, depending on how you look at it. I'm surprised the banter went on so long.
I had always wondered how the trojans were infecting these computers (besides the email attachment method), because the mechanism didn't seem that easy without making itself obvious. I was thinking along the lines of it substituting itself for some Windows program. Completely overlooked the Startup directory method.
OK, I have a question: I have no firewall (software nor hardware) on my computer at home. It's on 24/7 with a fast connection. If I were to put on Zone Alarm, would I be able to host a web page and web mail without any problems? How do I hopen those ports? Thanks ...
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter