Was this a security hole they exploited?

[e_dawg]

This is the first time I have seen this... advertisement, I guess you could call it. I believe it was after I left my browser open to the USOpen.org site for several hours... I come back to my computer to find this:

(IP address edited for security reasons... not that it would make a difference, I guess...)

It definitely was not a pop-up window in IE (looking at the task manager, I find an app running that says Messenger with an icon that is plain with no design -- no stylized e, just a plain window). Any ideas?

 

[time]

Another M$ weakness. That's unusual! *yawn*

http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html

My broadband ISP has already blocked NetBIOS (because of other exploits), and naturally I have a firewall. And a port blocker. :roll:

Thanks for drawing attention to this, e_dawg.

 

[Tannin]

Thanks for that link, Time. A useful one.

 

[Clocker]

Can't you just disable NetBIOS over TCP/IP?
Win2K and XP both have this setting:

 

[Stereodude]

Can't you just disable NetBIOS over TCP/IP?
Win2K and XP both have this setting:

that may or may not cause undesireable affects if you have home network or not. I think the better solution is to turn off the Windows messaging service or whatever they've called it. Then you can't receive those messages (which may also cause problems on a home network). My firewall/router blocks them, so I don't have that concern.

Stereodude

 

[e_dawg]

Can't you just disable NetBIOS over TCP/IP?

I could, but like Stereodude said, if I do that, then I cannot see computers over my LAN.

I do have a firewall/router, but this laptop is not hooked up to it. My server and desktop are behind it, though.

 

[e_dawg]

Thanks for the link, time. I knew somebody on here would know what that was.

 

[Clocker]

Can't you just disable NetBIOS over TCP/IP?

I could, but like Stereodude said, if I do that, then I cannot see computers over my LAN.

I do have a firewall/router, but this laptop is not hooked up to it. My server and desktop are behind it, though.

Thanks e-dawg! I was wondering why I could not browse my network to find my other machines! I had to manually type in the machine IPs to get to the shared folders. I had NetBIOS disabled on them. I enabled it and now all is working. Now, all I have to do is have my router forward all NetBIOS requests from the internet to a non-existent IP address on my network for security. What port number does NetBIos use? I guess I can look that up real quick but if anyone wants to throw it at me, I'll catch it..

C

 

[SteveC]

Thanks e-dawg! I was wondering why I could not browse my network to find my other machines! I had to manually type in the machine IPs to get to the shared folders. I had NetBIOS disabled on them. I enabled it and now all is working. Now, all I have to do is have my router forward all NetBIOS requests from the internet to a non-existent IP address on my network for security. What port number does NetBIos use? I guess I can look that up real quick but if anyone wants to throw it at me, I'll catch it..

C

NetBIOS over TCP/IP is ports 137-139. You router should block it automatically already (along with those pesky PASV FTP connections :wink: ). I know that mine does.

Steve

 

[Tea]

NetBIOS over TCP/IP is ports 137-139.

I think that is only for Windows. Other systems can use a different port for it. Unless my memory is playing tricks on me. Which is always possible. Not that it's likely to worry Clocker too much. :wink:

 

[e_dawg]

Clocker,

Like Steve said, your router/firewall should automatically block all ports that you don't specifically forward (assuming you are not putting anything in the DMZ). So, if you're not forwarding ports 137-139, you have nothing to worry about.

BTW, have you tried using your LMHOSTS file instead of NetBIOS? If you have static IP assignments, I think it should work. I have not tried using it in place of NetBIOS, but it's worth a shot.

Create a new lmhosts file in notepad and save it to the following directory: \WINNT\system32\drivers\etc. To be able to create it without the extension, I think you have to type "lmhosts" in the Save As box. Add your computers like this:

192.168.1.101    name of computer 1           #PRE
192.168.1.102    name of computer 2           #PRE