And... we're off.

14:15.26 - Tuesday 12th August 2003   (Link to This Entry)


The lady from the estate agents has finally left and I've got probably 10 whole minutes to myself before M realises I'm not working and gets the whip out. We've been running round like crazy since about 10am getting everything shipshape ready for the Taking of The Photos, and now I'm absolutely knackered.

The general consensus is, however, that we won't have any problem selling the house for the asking price. I'm not sure if this means it was all worth the effort or not, but it's done now, and I can collapse into a heap.

Except... we've got someone here in 10-15 mins for a quote on some new windows. Hnnngh!

MS Blaster Worm

15:15.01 - Tuesday 12th August 2003   (Link to This Entry)


No doubt you've heard the news about the new MSBlaster worm (useful pages here, here and here) that is doing the rounds and which is expected to hammer WindowsUpdate on the 16th.

It seems I am already patched, but looking at the installation history I actually had three failed WU installation attempts and had to do it manually. Coincidence? Today the WindowsUpdate site is impressively slow as panicking users create their own version of the coming DoS attack.

More on the Blaster Worm

16:50.13 - Tuesday 12th August 2003   (Link to This Entry)


About 10 minutes ago I activated the logging on the router, and it appears that I'm being scanned by three different IPs on my ISP alone, and that's on the first page out of the six pages of the log. Sheesh! In addition, none of those scanning me appear to have firewalls enabled, as I access their IPs as if they were remote drives - more open Windows fileshares and the like.

I've set the router to email me the logs as they are produced, but I think I'm gonna find a lot of compromised systems out there. I'm thinking along the lines of using the Windows Messaging Service to send popups to infected systems telling them they're infected and that they should visit a page ASAP. At least this way I may be able to get a message back to them and they might actually do something about clearing up their machines.

You've Got Worms.

18:28.14 - Tuesday 12th August 2003   (Link to This Entry)


Still playing with MS.Blaster.Worm - I've just gone through the last router log file that was sent to me and I've found 45 different IP addresses - mostly on my ISP but also some completely different - scanning me on port 135.

BootBlock has knocked up a wee app that uses NET SEND to pop up a message on the remote machine. While we were testing he was unfirewalled for about 40 seconds and - you guessed it - "NT AUTHORITY SHUTDOWN". He disappeared a few seconds later. This is how bad it's getting now - he knows someone who was on for even less than that before being scanned and shut down.

I just sent BB a list of 100+ IPs. This one's gonna run and run and run and...

Creative Commons License   This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.
newest : newer : older : oldest

[ 7 comments pending ]

Google
 
Older Posts

11-Aug-2003
We need Gravel. Lots of Gravel.
Reformat Central
We need Rain. Lots of Rain.

10-Aug-2003
More Red Hat 9 progress...
First Download - GAIM
Shrike - Red Hat Linux 9

09-Aug-2003
Going Postal

08-Aug-2003
House Hunting
Frequency

07-Aug-2003
Feel our Pain.

06-Aug-2003
eBuyer fun. Again.
Sorted. Give me some money.
Steve Gibson Probed my Ports!
Poor Lad...

05-Aug-2003
Purge the land of Infidels!
Easy come, easy go.

04-Aug-2003
Give the dog a bone.
Further Spam Musings...
Argh! Bloody typical!
Dell Rip-Off.