and yet another threat

[kinmel]

It appears that worm is spreading across the net this weekend .... http://www.theregister.co.uk/2011/08/28/morto_worm_spreading/


Use Gibson Research's free on-line test  "Shields Up" to check you are safe from this worm  ...  https://www.grc.com/x/ne.dll?bh0bkyd2.

Accept the safety messages and "proceed", then enter 3389 on the next page and select "User specified custom port probe".  The results are clearly explained.

For a full check select "All service ports" instead.

[Technical Ben]

Test says I'm stealthed. Which is nice.
AFAIK there are 3 results.
1) Stealthed. Best result. It means your computer does not even reply to the request such as "is anyone there" so the virus/attack does not even know if you are there.
2) Blocked. The second best result. The computer tells the attacking PC, "No". But from this, the attacker at least knows you are there now.
3) Fail. The attack is accepted and processed by the computer.

[davej99]

It appears that worm is spreading across the net this weekend .... http://www.theregister.co.uk/2011/08/28/morto_worm_spreading/

Use Gibson Research's free on-line test  "Shields Up" to check you are safe from this worm  ...  https://www.grc.com/x/ne.dll?bh0bkyd2.

Accept the safety messages and "proceed", then enter 3389 on the next page and select "User specified custom port probe".  The results are clearly explained.

For a full check select "All service ports" instead.

Thanks for that, Alan, especially the grc link. 

Not being at all expert in these matters, the grc site is both informative and reassuring. I seem to be stealthy, perhaps more by luck than judgement. Thanks for alerting us to the remote desktop protocol vulnerability and the grc test facility.

Dave

[davej99]

This is probably a naive question, but the GRC site tells me I have a unique machine name. It looks like cust###-dsl**-***-**.idnet.net where **-***-**-### is my unique IP address. I guess this is just a name derived from my IP address and it does not represent any exposure. Though I wonder who creates it. As GRC say "it can be used to persistently identify you as long as you use this ISP" and this has always bothered me a bit.

Cheers, Dave.

[Rik]

IDNet generates the hostname, you can view it in your profile.

[davej99]

Thanks, Rik.

Does the name it have to contain the IP address and could this name be varied? There is so much data gathered by the search providers and others that it is hard to be legitimately private; that is, not bombarded by targetted advertising. I delete all cookies, pages, history etc when closing IE, but I still feel I am being data mined.

(How are you BTW, haven't spoken to you in ages?)

[Rik]

Hi Dave

AFAIK, IDNet will not provide custom host names within the basic service, but if you have a domain registered, you could ask them to alter the DNS records to point to that - though there may be a charge.

I'm fine, thanks, enjoying my semi-retirement but unable to stay away completely.

[Inkblot]

Long time ago now but IDNet did provide a reverse DNS for me when I was running my own mailserver. I simply put the MX record into DNS and they changed the reverse DNS to match, this was a few years ago but there was no charge at the time.

[Rik]

Thanks, Inky.

[Simon]

Fully stealthed here. 

[Rik]

I didn't like to mention it.

[DarkStar]

A bit more info here:

https://blogs.technet.com/b/mmpc/archive/2011/08/28/new-worm-targeting-weak-passwords-on-remote-desktop-connections-port-3389.aspx

[pctech]

Fully stealthed here too and all non essential services are disabled.

[Rik]

Those passwords are just asking for trouble, aren't they. 

[Lance]

Long time ago now but IDNet did provide a reverse DNS for me when I was running my own mailserver. I simply put the MX record into DNS and they changed the reverse DNS to match, this was a few years ago but there was no charge at the time.

I had my rDNS changed for the same reason about 4/5 months back and there was no charge at that time either.

[sparkler]

* sparkler tries logging into idnetters accounts using the password 12345 XD

[Technical Ben]

Forumites go on a pub crawl thanks to sparklers generosity and banking details...