Larry, This is my first time posting and I realize this is a bit of topic, but let me explain what happened. That was indee a virus post by someone not on the list. They were able to hijack your server. Here is something you might find of intrest, as well as others on the list. It was posted to another list I am a member of, and offers a possible answer to this problem. I use this software and it works great. Check it out. It is worth the time. Don Stevens Sender: owner-radobs@........................ From: Tom HansonTo: radobs@........................ Subject: Internet Protection Against Hackers Demonstrated X-Sender: tahanson@.......................... X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Some members of the Radobs List may have noticed an article in Friday's Columbus Dispatch, in the Business section, entitled: "Firewalls can help secure your home of office computer" The article is part of the series "On Computing" by Michael J. Himowitz My client saw this article, and asked if we could check out some of the suggestions. He is running a server on a Warner Cablemodem. We used Steve Gibson's security checking routine at www.grc.com, and found numerous holes in the security on the Microsoft NT 4.0 (Sp 4) server. We then downloaded and installed ZoneAlarm (www.zonelabs.com) and installed it. As the NT server rebooted, the ZoneAlarm package kept me busy for a while, approving the normal functions to be allowed access to the Internet, such as our Internet Information Server package, two browsers, and two email packages. There were a number of permissions requested for several functions which I did not realize were going on, but which make sense, such as permission for the SMTP package to send outgoing email. After all the permissions had been granted, we returned to our normal duties. Not more than half an hour later, an alarm went off. It turned out that a site in Korea was trying to use our server to send email. One of our people took the IP address reported by Zone Alarm, launched a browser at the site, and we got what I ** think ** was 16 bit characters. One of the employees is a native Chinese, and he recognized part of the graphics as Korean. An hour after that, the alarm went off again. This time, there were five alarms accumulated from a different address. We didn't bother following up on the address this time. I now believe I can understand why our cable modem seemed to be frantically busy much of the time, while the visits to our web site did not appear to demonstrate great amounts of activity. The ZoneAlarm package appears to be very effective. It is available for Win95, Win98 and NT, including NT Server. The package is free to private individuals and to non-profit organizations. There is a 60 day free trial period for businesses, after which we will presumably receive notice of the required fee. The ZoneAlarm site reported over 1.5 million downloads of its software. As a verification, we went back to www.grc.com, to see how the security looked now. The security check was perfect, including a message congratulating us on having secured the NetBios, which (it claimed) was a major weakness of systems tested. This package would be most useful for persons or companies who have permanent connections on the Internet. (th) Don Stevens Clear Skies! xor@........ Visit an Observatory near you! Perkins Observatory, P.O. Box 449, Delaware, OH 43015 Phone: (740) 363-1257 Fax: (740) 363-1258 www.perkins-observatory.org perkins@.......... __________________________________________________________ Public Seismic Network Mailing List (PSN-L)
Larry Cochrane <cochrane@..............>