portland independent media center  
images audio video
newswire article commentary global

corporate dominance | police / legal | technology

SMB_over\ip scaning is being used to spoof ip addresses

This is an advisory about the latest tool used to spoof ip addresses for potential attacks from the repuglican brown shirts.
The use of this spoofing software is coming from linus or unix machines and they are utilizing level3.net backbone network to launch these scans. On macintosh machines they are coming through tcp port 445. I don't know what port windows users would find this type of scan coming into their computers, but if you can block this type of scaning you should do so as soon as possible if you don't want those brown shirt neanderthal repuglicans taking over your personal computer.

If you think your ISP will be helpful think about it--they don't care!!!!!!!! One has to consider who their CEO's are giving money to during this election cycle!
Uhhh 24.Feb.2004 16:38

Linus Torvalds for President

I think you mean LINUX, not "Linus."

Me thinks 24.Feb.2004 17:09

James

You have no clue of what you speak.

You need to see a therapist. Or something. This is not your typical 'BEWARE COINTELPRO'-type paranoia. This is something different. COINTELPRO is one thing. It's odd, very odd. Cointelpro posts, that is. But they're one thing. This is another. This is weird stuff, crazy.

Everyone is utilizing level3.net's backbone. They own a substantial portion of the network through which your packets flow. Get over it.

Similarly, everyone is port scanning you. They want to see whether you're running Windows. If you are, they want to see how many unpatched vulnerabilities you have. If you have any, they would really like to send spam -- probably to me -- through you.

They don't want to look at your Indymedia rants. They don't want the nudie pictures of your wife, or loved one. They don't want to know what you're searching Google for. And I guess they're hardly interested in your witty Nerve.com personals ad.

All they want to do is spam -- me.

It sounds like you're concerned, which is good. It sounds like you've got a personal firewall running, which is good. You're taking security seriously. You've taken the important precautions. Your actions, I'm sure, have led to a measureable decline in the amount of spam I receive. I'm very grateful.

But now I think you need to calm down, put the Mother Jones down and consider getting into therapy.

More info 24.Feb.2004 22:34

Mulberry Sellers

There are currently a number of worms that attempt to copy themselves to vulnerable computers using port 445- which is used by Windows 2000 for filesharing.

These pages:

 http://isc.incidents.org/show_comment.html?id=43

 http://isc.incidents.org/port_details.html?port=445

contain information about how this port is used in newer versions of Windows, and some info about vulnerabilities associated with Windows sharing services.

To find out specifics about some of the worms that are out there, go to:

 http://www.symantec.com/search/

And enter "port 445" (include the quotation marks) in the search box.

The odds are that the traffic you're seeing is generated by computers infected by one of these little gems- computers owned by users just like yourself, who probably have no idea that their machines are scanning for other vulnerable computers.

Blaming level3 because some of this traffic propagates over their backbone is exactly as logical as blaming the builders of a road because the getaway car for a robbery drove on that road; just as in the case of the road there are a lot of legitimate uses for resource-sharing services, so expecting an ISP at any level to block traffic to particular port numbers indiscriminately makes as much sense as expecting a highway department to ban, say, all Mazda Miatas from the roads because someone once used one for a nasty purpose.

And assuming that your worm-generated traffic can be attributed to "brownshirt Rethuglicans is even more illogical. As much as I loathe Repubs, I have to recognize that it's impossible to draw any inferences about the political opinions of the sort of asshole who writes and releases viruses and worms by viewing the results of their work.