Or, more aptly, is your system listening on TCP port 445???
Or 135, 136, 137, 138 or 139, for that matter???
The general consensus among the people who I was with all week this week whose names I will not mention here, is that the network traffic directed to these ports have increased dramatically over teh past few weeks.
Port 445 has now become the single most popular doorway for the people pushing the Sasser and Kongo worms.
If your answer is either a "no" or an "I don't know", you might want to read on through this discourse. I promise I will make every attempt to make it readable to any non-geek person. I will also provide some useful links which in turn have links to instructions on how to correct your systems and prevent them from become victims of Micro$oft's foolhardiness.
Once, when this Redmond-Washingon based company was entertaining some rather grandiose ideas of dominating the world Internet based on some very succinct statements from its Chairman, they had devised a method of moving data from PCs which were running their operating system without having to go through the hassles of logging in, verification, encryption, and such other seemingly unnecessary things among machines which belonged to the same people, and where trust was not at all an issue. They even gave it a name, NetBIOS. This was a time when they were touting "ease of use" over security and safeguarding of data.
For that very same reason, the highpriests of the Internet said they could not in good conscience allow this to become a routable protocol. Despite Micro$oft, and all its clout, and also the persuasiveness of Mr. Gates, and even their SoP of intimidation, threats to sue and go to court!!!
This did not make these highpriests bend over.
To this day, NetBIOS is not routable protocol. Why? Because it is a NON-routable protocol, not over any of the traditional transport mechanisms, the Internet Protocol, which is fondly referred to as IP or even IPX, which was more common in the Novell based systems architecture.
For reasons best known to themselves, perhaps to maintain this "ease of use" image among the public to whom heavens only know how many operating systems they have sold, and how many "upgrades" they have forced them to buy.
Micro$oft has continued to support NetBIOS on their platform, and not they even wrote the algorithms to use TCP wrappers so that it could be sent over IP embedded inside TCP packets, which are accepted by the Internet Protocol.
That is like saying:
Ohh, so you won't accept this bag of ammonium sulphate to send over in this train??? No problem, I'll put it in a box, seal it and write the name of the addressee on it so you can take it over.
That is called NetBIOS over TCP/IP Something like NetBIOS/TCP/IP
In order to do all this, though, some ports must be kept open, and more importantly, systems who are on the receiving ennd must be listening on these ports
So what do our friends in Redmond Washington do??? Remember now, "ease of use", don't make the customer do too much work now!!!
The ports are opened by default, and are listening??? By DEFAULT!!! This has suited some very dangerous people on the internet very weell indeed. Thank you ver much!!!
Port 445 has become THE single most popular port for people propagatiing, deliberately, the ugliest worms created ala Sasser, Kongo, and WhatHaveYou.
Watch out for yourselves, people!!! Otherwise, you will have only yourself to blame.
Here are the links I promised:
http://seclists.org/lists/incidents/2003/Mar/0010.html
http://ntsecurity.nu/papers/port445/
http://www.petri.co.il/what_is_port_445_in_w2kxp.htm
http://www.linklogger.com/TCP445.htm
Or 135, 136, 137, 138 or 139, for that matter???
The general consensus among the people who I was with all week this week whose names I will not mention here, is that the network traffic directed to these ports have increased dramatically over teh past few weeks.
Port 445 has now become the single most popular doorway for the people pushing the Sasser and Kongo worms.
If your answer is either a "no" or an "I don't know", you might want to read on through this discourse. I promise I will make every attempt to make it readable to any non-geek person. I will also provide some useful links which in turn have links to instructions on how to correct your systems and prevent them from become victims of Micro$oft's foolhardiness.
Once, when this Redmond-Washingon based company was entertaining some rather grandiose ideas of dominating the world Internet based on some very succinct statements from its Chairman, they had devised a method of moving data from PCs which were running their operating system without having to go through the hassles of logging in, verification, encryption, and such other seemingly unnecessary things among machines which belonged to the same people, and where trust was not at all an issue. They even gave it a name, NetBIOS. This was a time when they were touting "ease of use" over security and safeguarding of data.
For that very same reason, the highpriests of the Internet said they could not in good conscience allow this to become a routable protocol. Despite Micro$oft, and all its clout, and also the persuasiveness of Mr. Gates, and even their SoP of intimidation, threats to sue and go to court!!!
This did not make these highpriests bend over.
To this day, NetBIOS is not routable protocol. Why? Because it is a NON-routable protocol, not over any of the traditional transport mechanisms, the Internet Protocol, which is fondly referred to as IP or even IPX, which was more common in the Novell based systems architecture.
For reasons best known to themselves, perhaps to maintain this "ease of use" image among the public to whom heavens only know how many operating systems they have sold, and how many "upgrades" they have forced them to buy.
Micro$oft has continued to support NetBIOS on their platform, and not they even wrote the algorithms to use TCP wrappers so that it could be sent over IP embedded inside TCP packets, which are accepted by the Internet Protocol.
That is like saying:
Ohh, so you won't accept this bag of ammonium sulphate to send over in this train??? No problem, I'll put it in a box, seal it and write the name of the addressee on it so you can take it over.
That is called NetBIOS over TCP/IP Something like NetBIOS/TCP/IP
In order to do all this, though, some ports must be kept open, and more importantly, systems who are on the receiving ennd must be listening on these ports
So what do our friends in Redmond Washington do??? Remember now, "ease of use", don't make the customer do too much work now!!!
The ports are opened by default, and are listening??? By DEFAULT!!! This has suited some very dangerous people on the internet very weell indeed. Thank you ver much!!!
Port 445 has become THE single most popular port for people propagatiing, deliberately, the ugliest worms created ala Sasser, Kongo, and WhatHaveYou.
Watch out for yourselves, people!!! Otherwise, you will have only yourself to blame.
Here are the links I promised:
http://seclists.org/lists/incidents/2003/Mar/0010.html
http://ntsecurity.nu/papers/port445/
http://www.petri.co.il/what_is_port_445_in_w2kxp.htm
http://www.linklogger.com/TCP445.htm
