Kr0m
OSNN Veteran Addict
- Joined
- 4 Dec 2001
- Messages
- 1,392
First off, I'd like to say, Good Job! on the new site, props to all of those involved.
Secondly I'd like to mention a vulnerability than can be potentially very bothersome for new users to the XP/Win2k and I think NT world. From what I've read theres no fix for it yet other than blocking port 135. I'm posting it here so any l33t script kiddie newbs or hacker newbs don't find out about it yet, at least from me. I'll post what I typed into the Private channel this morning, and I've found many links regarding this so called "new winnuke".
My Story:
[08:53] <Kr0m`> This port 135 exploit is pretty serious for unfirewalled users
[08:54] <Kr0m`> brings back the old 'winnuke' days
[08:55] <Kr0m`> oddly enough I didn't have zonealarm running yesterday, and I was idling on irc.enterthegame.com network(gaming community......
[08:55] <Kr0m`> while I was watching TV on the couch lastnight, my monitor turned on and XP was rebooting on its own, ive got reboot on critical errors disabled so I figured something was up
[08:56] <Kr0m`> once I rebooted, I turned ZAPro on, set the max settings, joined IRC again, and the chanels I was in...
[08:57] <Kr0m`> and noticed other people talking about the same thing happening to them...
[08:57] <Kr0m`> So in hopes of baiting the culpret, I publicly said that my machine rebooted on its own too, and should I run a firewall and what was a good firewall to get, and that I was running XP too..
[08:58] <Kr0m`> sure enough, within seconds ZAPro blocked attempts to port 135
[08:59] <Kr0m`> which in turn gave me the tard's IP, and with ircN, i can do /nickfind IP to match that IP to anyone that is on any channels that I'm on..
[08:59] <Kr0m`> which it did
[09:00] <Kr0m`> I /whois'd him, post his info and channels he was on, and his nickname and IP, and others joined his channels, and he said in the channel he was on something in another language with my nick, and he immediately quit irc
[09:01] <Kr0m`> at any rate, the point of this story is, anyone that isn't firewalled, theres a RPC exploit out there for people running NT,2000, XP
[09:01] <Kr0m`> no patch yet
[09:02] <Kr0m`> I've found some info which I think concerns this matter..
[09:03] <Kr0m`> http://lists.insecure.org/lists/vulnwatch/2002/Oct-Dec/0009.html
[09:03] <Kr0m`> its been detected for almost a month now, and MS hasnt supplied us a fix yet
[09:03] <Kr0m`> Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3
[09:04] <Kr0m`> obviously this isnt prone to just win2k sp3 machines
[09:05] <Kr0m`> I was going to post this into the forums, but declined to
[09:06] <Kr0m`> I want people to know about it to defend themselves, but in turn it will make the lamers out there(the ones that dont know about it yet) want to do it
[09:08] <Kr0m`> The vulnerability itself is within the DCE-RPC stack of Windows 2000
[09:08] <Kr0m`> and related OS's. This vulnerability allows anyone who can connect to
[09:08] <Kr0m`> port 135 TCP to disable the RPC service. Disabling the RPC service
[09:08] <Kr0m`> causes the machine to stop responding to new RPC requests, disabling
[09:08] <Kr0m`> almost all functionality.
This was made public back in October, but I never knew about it until lastnight. I've been busy in the gaming community.
The link to info regarding this: vulnwatch
If any of you find out helpful information about this issue, please share it.
Secondly I'd like to mention a vulnerability than can be potentially very bothersome for new users to the XP/Win2k and I think NT world. From what I've read theres no fix for it yet other than blocking port 135. I'm posting it here so any l33t script kiddie newbs or hacker newbs don't find out about it yet, at least from me. I'll post what I typed into the Private channel this morning, and I've found many links regarding this so called "new winnuke".
My Story:
[08:53] <Kr0m`> This port 135 exploit is pretty serious for unfirewalled users
[08:54] <Kr0m`> brings back the old 'winnuke' days
[08:55] <Kr0m`> oddly enough I didn't have zonealarm running yesterday, and I was idling on irc.enterthegame.com network(gaming community......
[08:55] <Kr0m`> while I was watching TV on the couch lastnight, my monitor turned on and XP was rebooting on its own, ive got reboot on critical errors disabled so I figured something was up
[08:56] <Kr0m`> once I rebooted, I turned ZAPro on, set the max settings, joined IRC again, and the chanels I was in...
[08:57] <Kr0m`> and noticed other people talking about the same thing happening to them...
[08:57] <Kr0m`> So in hopes of baiting the culpret, I publicly said that my machine rebooted on its own too, and should I run a firewall and what was a good firewall to get, and that I was running XP too..
[08:58] <Kr0m`> sure enough, within seconds ZAPro blocked attempts to port 135
[08:59] <Kr0m`> which in turn gave me the tard's IP, and with ircN, i can do /nickfind IP to match that IP to anyone that is on any channels that I'm on..
[08:59] <Kr0m`> which it did
[09:00] <Kr0m`> I /whois'd him, post his info and channels he was on, and his nickname and IP, and others joined his channels, and he said in the channel he was on something in another language with my nick, and he immediately quit irc
[09:01] <Kr0m`> at any rate, the point of this story is, anyone that isn't firewalled, theres a RPC exploit out there for people running NT,2000, XP
[09:01] <Kr0m`> no patch yet
[09:02] <Kr0m`> I've found some info which I think concerns this matter..
[09:03] <Kr0m`> http://lists.insecure.org/lists/vulnwatch/2002/Oct-Dec/0009.html
[09:03] <Kr0m`> its been detected for almost a month now, and MS hasnt supplied us a fix yet
[09:03] <Kr0m`> Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3
[09:04] <Kr0m`> obviously this isnt prone to just win2k sp3 machines
[09:05] <Kr0m`> I was going to post this into the forums, but declined to
[09:06] <Kr0m`> I want people to know about it to defend themselves, but in turn it will make the lamers out there(the ones that dont know about it yet) want to do it
[09:08] <Kr0m`> The vulnerability itself is within the DCE-RPC stack of Windows 2000
[09:08] <Kr0m`> and related OS's. This vulnerability allows anyone who can connect to
[09:08] <Kr0m`> port 135 TCP to disable the RPC service. Disabling the RPC service
[09:08] <Kr0m`> causes the machine to stop responding to new RPC requests, disabling
[09:08] <Kr0m`> almost all functionality.
This was made public back in October, but I never knew about it until lastnight. I've been busy in the gaming community.
The link to info regarding this: vulnwatch
If any of you find out helpful information about this issue, please share it.
