[406] in resnet
Re: Windows ME Self Destructing?
daemon@ATHENA.MIT.EDU (Alex Choi)
Mon Nov 19 05:23:27 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.33.0111190217270.23045-100000@hal.rescomp.berkeley.edu>
Date: Mon, 19 Nov 2001 02:20:59 -0800
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Alex Choi <alex@RESCOMP.BERKELEY.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <a05100349b81b5131806e@[128.223.123.229]>
A Solution one of our RCCs came up with:
-------------------------------------------------
Hi everyone,
I'm sure you've all seen the chaos in the past 2 days. Basically
here's what's happened as far as I can gather. Sometime on Saturday
morning, someone decided that it'd be fun to launch a Universal Plug and
Play (UPnP) Denial of Service(DOS) attack against pretty much all of the
ResHalls (is there any way we can trace this?)
This resulted in Windows ME computers freezing, Internet Explorer
not working, OLE32.DLL errors and some other problems as well. Microsoft
classifies this as "low" in terms of serverity since we're all *supposed*
to be firewalling ports 1900 and 5000 and because only *some* OEM
manufacturers installed UPnP. Sadly, it appears that all the major ones
(Sony, Dell, etc) have UPnP enabled.
Windows XP computers have the same vulnerability but thankfully
Internet Connection Firewall runs by default so they don't have as much a
problem. In any case, there is very little information about it online so
I'm not quite sure if this problem is widespread. This probably is also
part of the reason why pings are pretty high because the network is
getting blasted with these invalid UPnP attacks.
If you're interested in more reading:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-054.asp
and click on "Technical details"
----------------------
Alex Choi
Lead Unit Supervisor
Unit 3
UC Berkeley
----------------------
On Fri, 16 Nov 2001, Norm Myers wrote:
> We are seeing a huge number of Win ME boxes that are locking up and
> not working. This was exponential on the 13th of this month. Some
> of it was due to the W32.Klez.D@mm virus but many of the computers
> show no trace of any virus. The only solution we've had is to
> reinstall the system. Anyone with any ideas?
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
