How do people get attacked by that Blaster/RPC worm?

[slycat]

I'm curious...i mean almost everyone is behind a firewall now...and even if ur on winXP...the built-in
firewall even though limited, does the job as well. And employees are talking about how their company
'puter got attacked as well...like how is that possible? I mean this is not exactly new news...people have been
blaming rpc/smb for years so like whats the hoopla all of a sudden?...and how is it NEW and suddenly
peeps are getting attacked?

someone explain to me?

 

[FoBoT]

no actually a crap load of people are NOT using any type of firewall, let alone a good one (hardware based)

and a crap load of people never bother to install security patches

 

[slycat]

well..it doesn't have to be hardware based.
i mean turning on the built-in XP one will do the job.

and the thing is i understand about home systems on dialup but companies?

 

Your porn is safe. Your wife should not worry

 

[slycat]

Originally posted by: MisterJackson
Your porn is safe. Your wife should not worry

my sources died though...so i'm kinda stuck at around 98gigs...MUST CONTINUE SEARCH....aargh..

 

[Rallispec]

i think the main thing is just that thier are so many people out there who don't install the security patches-- including network admins for companies... its just a laziness thing i guess--- or they don't know any better.

 

[dullard]

1) It got around both Zone Alarm and McAfee at my work.
2) Not all companies can give their users administrator priviledgess to download all patches. This means you have to wait for the IT person to install it. In bigger companies this means delays - and the worm gets in.
3) I got infected on one computer as I was downloading protection. It was a fresh XP install and needed the patch and Zone Alarm downloaded. While I downloaded those I was already wormed. The XP firewall didn't seem to do me any good.
4) Sadly not everyone keeps themselves up to date. Suppose you have one company with 1000 computers and one user is on vacation and didn't update it. It gets in that one doorway and then works its way through bypassing the firewall. Usually firewalls are set to allow local LANs to transfer things, and thus are useless if even one person isn't 100% updated.

 

[Spac3d]

No one in my family runs a software firewall, but we do have a Linksys router.

 

[slycat]

erm..its rpc based so ...i mean..so what if u didn't update your patches?
if rpc isn't opened it won't get through. i cannot imagine ANY company that has rpc opened.

your linksys router is THE firewall and i know for a fact the default config has inbound rpc packets dropped.
this is standard for all them soho routers/firewalls.

so..knowing that...how are people still getting it?...especially companies. i've been a systems and security network
admin for a few yrs and i know rpc is like one of the most basic of services...almost more so than http...so i still
find this pretty weird.

 

[dullard]

Originally posted by: slycat
erm..its rpc based so ...i mean..so what if u didn't update your patches?
if rpc isn't opened it won't get through. i cannot imagine ANY company that has rpc opened.

your linksys router is THE firewall and i know for a fact the default config has inbound rpc packets dropped.
this is standard for all them soho routers/firewalls.

so..knowing that...how are people still getting it?...especially companies.

Simply since by default rpc is allowed.

 

[slycat]

Simply since by default rpc is allowed.

allowed by who?

 

[FiLeZz]

I can give a prime example how.
A Laptop user takes his/her laptop home gets on his network gets the virus brings it back then we all get it

 

[dullard]

Originally posted by: slycat
allowed by who?

Suppose you are a businessman who knows nothing about computers. You buy a simple server and hook up your employees computers. The sever is hooked up to the internet. This may happen:
1) You do nothing and the rpc worm infects everyone. Who allowed this? I suppose you could blame the businessman, or I suppose you could blame the employees. Do we blame a non-existant IT person that may have helped? So is this the owners fault then for not having enough money for an IT employee? Or is it the customers fault for not buying enough product so that that the businessman has enough money to hire an IT employee? I guess I don't know who to blame.
2) The owner installs antiviral and firewall software. It is on the server and on the employees computer. One employee forgets to keep things up to date. The worm starts there and then spreads to all the rest. Again was it the employee that allowed it? Or the owner, or...
3) Everything is installed and up to date yet there is a problem and something needs to be reformatted. During the installation of a new OS, the worm gets in before the Windowsupdate site was able to complete its patch. Who allows this problem? You tell me.

 

[Bulk Beef]

Originally posted by: dullard

Originally posted by: slycat
allowed by who?

Suppose you are a businessman who knows nothing about computers. You buy a simple server and hook up your employees computers. The sever is hooked up to the internet. This may happen:
1) You do nothing and the rpc worm infects everyone. Who allowed this? I suppose you could blame the businessman, or I suppose you could blame the employees. Do we blame a non-existant IT person that may have helped? So is this the owners fault then for not having enough money for an IT employee? Or is it the customers fault for not buying enough product so that that the businessman has enough money to hire an IT employee? I guess I don't know who to blame.
2) The owner installs antiviral and firewall software. It is on the server and on the employees computer. One employee forgets to keep things up to date. The worm starts there and then spreads to all the rest. Again was it the employee that allowed it? Or the owner, or...
3) Everything is installed and up to date yet there is a problem and something needs to be reformatted. During the installation of a new OS, the worm gets in before the Windowsupdate site was able to complete its patch. Who allows this problem? You tell me.

If you post this in P&N, they'll figure out a way to blame it on Bush.

 

[dullard]

Originally posted by: sward666
If you post this in P&N, they'll figure out a way to blame it on Bush.

And others would blame it on Clinton... (I just want to be fair and balanced).

 

[Jzero]

Originally posted by: FiLeZz
I can give a prime example how.
A Laptop user takes his/her laptop home gets on his network gets the virus brings it back then we all get it

Or connects to the VPN from their home PC.

 

[Sukhoi]

My corporation got hit hard today. The IT idiots didn't bother to do anything about the bug until it hit. Then the monkeys spent all day today updating every computer in the building so they would stop getting all the error messags. Morons.

 

[Bulk Beef]

Originally posted by: dullard

Originally posted by: sward666
If you post this in P&N, they'll figure out a way to blame it on Bush.

And others would blame it on Clinton... (I just want to be fair and balanced).

Careful. You might get sued if you keep talking like that.

 

[KingNothing]

I have a laptop that I need to update but I'm worried that if I plug it into the network here at my dorm, all the computers on the same LAN that are infected (there's a bunch of them) will infect my laptop before I can update. Can I just disable the RPC service before I connect it to the network?

 

[Dudd]

Originally posted by: dullard

Originally posted by: sward666
If you post this in P&N, they'll figure out a way to blame it on Bush.

And others would blame it on Clinton... (I just want to be fair and balanced).

I blame Gore, since he did invent the internet.

 

[Supahfreak]

Originally posted by: Spac3d
No one in my family runs a software firewall, but we do have a Linksys router.

Is that enough? I have a Router and always wondered if I should install a software-based firewall also.

FreAk

 

[Jzero]

Originally posted by: Sukhoi
My corporation got hit hard today. The IT idiots didn't bother to do anything about the bug until it hit. Then the monkeys spent all day today updating every computer in the building so they would stop getting all the error messags. Morons.

There's probably more to it than that.

 

[Sukhoi]

Originally posted by: KingNothing
I have a laptop that I need to update but I'm worried that if I plug it into the network here at my dorm, all the computers on the same LAN that are infected (there's a bunch of them) will infect my laptop before I can update. Can I just disable the RPC service before I connect it to the network?

Yeah, there are directions on MS's site to turn RPC off. Try searching the knowledge base for whatever the # of the patch is (something like 823980 IIRC).

 

[Sukhoi]

Originally posted by: Jzero

Originally posted by: Sukhoi
My corporation got hit hard today. The IT idiots didn't bother to do anything about the bug until it hit. Then the monkeys spent all day today updating every computer in the building so they would stop getting all the error messags. Morons.

There's probably more to it than that.

No, you don't understand how clueless the IT people are. It's a long-running inside joke in our department how most of the IT people have no idea what they're doing. A few people are good, but most aren't.

Here's a good story: Fairly recently the CEO got a new desktop. So they sent one of the IT people up to setup the desktop and take away the old one. Well something got screwed up and the new computer would just randomly crash. After a few days/weeks of this the CEO was getting real irritated. So IT's solution until they got a new desktop in was to leave a spare laptop in the closet and tell the CEO just to pull it out whenever the desktop crashed. Now mind you this is the CEO of a Fortune 500 corporation with over 40,000 employees.

 

[NogginBoink]

Originally posted by: KingNothing
I have a laptop that I need to update but I'm worried that if I plug it into the network here at my dorm, all the computers on the same LAN that are infected (there's a bunch of them) will infect my laptop before I can update. Can I just disable the RPC service before I connect it to the network?

Yes.