Internal IP Exposed [making progress]

OK since it only happens on my pc it has to be some software I installed
right? So, put on various firewalls and no suprises ie let the usual
access the internet browser, ftp, mail, etc ie the usual. No rogue apps.
Heck, I even removed my pinger [dont need it anymore anyway] and tclock
[which fetches time]

STill no joy. So, lets look in add/remove. Hmmm, java web start is there
and java2. Two separate lines. I know I never independently installed
java so I uninstalled both and wala. No Exposed internal IP at the test
site. So the java via any one of the 4 browsers I use was sending out my
internal pcs IP.

I seem to recall firefox saying something about java during the install
but I could be mistaken. Firefox still works but Im going to put in on
again full install to see if it's the thinggy that put that version of
java on as it's the only major thing I've added in months.

Anyway, thanks for all your help. ie just talking about it with you
folks made it more interesting of a niggle to kill.

 

My wild guess is that you will get Java2.

 

Actually no. But when I put in Firefox fresh and went to that testing
website it did
say a plugin was required, and wala, it was the java plugin, afterwards
yep, same thing
until I took the plugin out. It was java 5.0 ie not simply a plug in for
firefox but for
the system.

My guess is that my teen was using my pc and hit one of his game pages
and it said

"cannont view or whatever as you dont have the pluging or file or
whatever" and he
hit OK and installed it. Personally I never install special stuff for
viewing webpages,
tho I do, of course, install ware to view stuff pages have to offer on
occasion.

Of course I'm using an old os here with no security updates

 

Java in some form is pretty much a necessity though for web browsers these
days, IMHO. Either in the form of MS's outdated Java VM or Sun's Java VM
plugin. Without it, you sacrifice much in the way of functionality, no
matter what browser you use.

 

I have installed SpyBot and AdAware as suggested.
I had the resident version of SpyBot running when i was on the web,
and after i logged off, i had it scan, and it found the following:
DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-57989841-152049171-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-11-17 Includes\Dialer.sbi
2004-11-17 Includes\Hijackers.sbi
2004-11-17 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-11-17 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-11-17 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-11-17 Includes\Trojans.sbi
************ end copy ************

This is the 3rd or 4th time this has happened, and there was no
warning during the session; why?
AdAware was not running during the session.
I was using NetScape 6.2 at the time, running in Win2K.
I have never seen this problem (or any others) in Win98SE running
Netscape 4.7, which is why i am loath to "upgrade" to the latest and
greatest stuff.
I use Win2K as sort-of a test-bed, since it has more tools that are
very useful; eg: ctl-alt-del brings up a task list or process list, so
one can dynamically kill a known bot program.

 

The DSO exploit detection in spybot is a bug. The DSO exploit was patched by
MS long ago. Spybot keeps complaining about the registry entry because it
fails to put valid data in there when it "fixes" the entry, so then it keeps
re-detecting a problem. In reality, the registry settings are irrelevent as
long as you are patched up properly with windows updates. Nothing to worry
about. They will fix this bug in the next release version of spybot.

 

Thanks; i discovered that i do not have to be on the net; that every
time i boot to Win2K (wher SpyBot is installed), it makes that
complaint.
However, i use the "raw" Windows 2000 Professional 1-2 CPU OEM
version.
I stay away from any and all patches, because of all of the problems
caused by them.
I think that "the better the devil you know, than the devil you do not
know".

 

Not very wise at all.


Have a nice one...

Trent

Budweiser: Helping ugly people have sex since 1876!

 

.... Are you implying you installed Win2k, and have yet to install /any/
updates for it? If so, are you completely insane?

 

One of my many OSes i use is Win98SE, unpatched with Netscape 4.7 and
i get maybe one virus per 6 months.
Last year, in Win2K with IE 5.0 and all patches i got bombarded within
15 minutes on the net.
Wiping the drive and re-installing an unpatched Win2K gave me about 10
percent of the problems; switching to Netscape 4.7 got me to zero.
"Upgrading" to Netscape 6.2 got me back to virii etc comparable to IE.
So, as long as one can do at least 90 percent of net related work
using "obsolete" programs, without having to deal with garbage, my
question is: "are you insane using the latest and so-called greatest?".

 

Since 2001 when I really started using the Internet, I have kept Win 2K
Pro, Win2K Adv Server and XP Pro machines patched with the latest and
greatest. I have gotten the Code Red worm because I didn't know what was
happening on the Internet with IIS and one ad Trojan in that time period
on the Win 2K machines.

It does make one wonder due to your above statements about you protecting
and securing any MS O/S period.

It's too rediculous. ;-)

Duane

 

"get" as in become infected? Or do you merely mean "receive" in your email?

If you mean "receive" viruses, then that has nothing to do with the email
client you are using. It has everything to do with who, and how many people
have your email address.

The problem is that you are concentrating only on the browser aspect, and
ignoring other vulnerbilities in the OS itself. Win2K (like XP) has had it's
share of vulnerabilities that are completely independent of the browser
being used. Using a completely unpactched OS, and thinking you are protected
by just using Netscape 4.7 or some other outdated browser is doing nothing
but fooling yourself into a false sense of security. Patch that box Robert.
Just because you have been lucky and not been infected is no reason to
assume you are protected by avoiding critical pathes. I use the latest IE,
have always done so, have always maintained my patches, and I've NEVER been
infected by a virus. Oh I've recieved a many viruses in emails, but that has
nothing to do with what email client *I* use. They would contain those
viruses if I had been using Netscape's email client, or Eudora, etc. and if
I clicked on the infected attachment, those alternative email clients would
afford me no better protection against the unwise choice of opening that
attachment. Attributing your "bombardment" of viruses to having a patched OS
is just not logical. Leaving it unpatched is what makes you more vulnerable.
What you state as your reasoning, simply makes no sense.

 

Interesting point really. From one, ie me, who uses _real_ old stuff and
hardly ever
gets toasted by malware. Actually I havn't been toasted at all,
honestly, in the last
few years the only virus that was put on my system was when I viewed an
html email
using _my really old copy_ of pegusus. NO damage tho, I saw it lock,
then scanned, then
simply deleted the bugger. I dont run an anti-virus 24/7 either.

 

Good point also.

 

It would appear that your experience and mine are incontrast with what
Thor mentions.
Crazy or insane; i go on the basis of my personal experience.
If i was rich, i would hire 3 programmers to write a "clone" to one of
the Windows (maybe Win2000?) with the idea of minimal bugs and eazy
fixes; and it would go into the PD for review.
The buffer overflow problems that have existed in Windows products
would not be repeated; why M$ has allowed such beginning programmer
no-nos to exist from the git-go is criminal.
The OS would have a dinky kernal; would fit on a floppy and be as 100
percent bullet-proof as possible.
All support the user would see would be programs on top of that; the
user can choose what is loaded or not (similar to Win2K program task
list).
Only *all* of the programs would be listed (in Win2K, some are still
hidden), and if a user clicked to end one it would do so *immediately*
and not take minutes it if all (Win2K at times has a habit of taking a
looooong time to end a task, and sometimes does not end it).
There would be a complete explaination as to what each and every
OS-related program does - a "help" available via a right click
"properties" or similar.
This way a user is not left guessing what is kosher and what is not.
OS-related directories would be super-locked to everybody except the
administrator, and the administrator would be unable to get on the web.
Web and user work directories would be isolated from OS related
directories - and vice-versa; one would have to work hard (at minimum)
to move anything from one area to another.

 

MS has thrown out the book with how things have been done in the past with
its .Net Standards and the MS O/S and a lot of things have been corrected
or improved. Of course it will take sometime to be fully implemented but
things will start to change noticeably.

Duane

 

The nasty boys take advantage of "loopholes". ie messenger service in
XP, folks that have their MS email program set to auto open up anything,
the average joe often just
doent realize that by simply clicking on something you can get toasted.
How about when you go to a webpage and it says you need such and such to
properly view this page?

Of course there are things like shockwave and such but you never know
what will be installed really ie if its not something standard. Another
way to get toasted.

 

Nobody should hold their breath...

 

I am already using the stuff and I have taken 4 weeks of .Net company paid
training here recently and I have been in the books like ADO.Net, ADV .Net
Remoting, C# Business Objects, just to name a few, the last three weeks
hard getting up to speed. I'll start developing .Net applications and doing
things the new way after returning from my Turkey-day holiday/vacation. Of
course, these vast changes in how MS has done everything in the past will
take time to make it to the home user. But it's coming and you can count on
it happening due to the Sun/MS fallout about JAVA that forced MS to come up
with .Net and they have thrown out the book and re-done everything.

You need to get rid of Win 98 as it will be obsolete and dead even though
..Net will run on it. ;-)

If you're in the US, then have a happy Turkey-day. I have got to hit the
road.

Duane