got the Slammer worm - why now?

got the Slammer worm - why now?

Post by littleboyb » Thu, 09 Sep 2004 23:03:52


My computer was recently infected with the Slammer worm and I'd like
to figure out how this happened.

I'm on dialup and use the XP firewall and Sygate firewall along with
AVG 6.0. I have them all properly configured to block port 1434 and
all the other major ports like 135. Last year when the Slammer worm
first came out my PC never got infected so I find it weird that it
just got it. I don't have several of the MS patches on my PC because
they caused several problems and I ended up having to remove them.

Anyone have any ideas why I'd being having problems with the Slammer
worm now and not last year when it was such a big thing?
 
 
 

got the Slammer worm - why now?

Post by NeoSadis » Fri, 10 Sep 2004 05:55:22


Do not use more than one software-based firewall at once is what I would
recommend.


Might be a new "strain" that can change ports. Port blocking against worms
isn't a good approach because a worm could just as easily be programmed to
use a random port, in theory. I'd recommend stronger antivirus.


Were they part of SP2? If so, what problems were those? No offense, but if
you are to use Windows, I'd recommend installing all Microsoft-recommended
patches, and then complain if they cause problems, rather than not
installing and getting infected.


--
F: When into a room I plunge, I
Sometimes find some VIOLET FUNGI.
Then I linger, darkly brooding
On the poison they're exuding.
-- The Roguelet's ABC

 
 
 

got the Slammer worm - why now?

Post by Wolfgang K » Fri, 10 Sep 2004 17:46:52


You already figured that out yourself:


Never rely on supect third party firewall placebos.

Wolfgang
 
 
 

got the Slammer worm - why now?

Post by F T » Fri, 10 Sep 2004 20:45:12


Any particular reason why you won't recommend using more than one
software-based firewall ??

>>I don't have several of the MS patches on my PC because
>> they caused several problems and I ended up having to remove them.


>Were they part of SP2? If so, what problems were those? No offense,
>but if
>you are to use Windows, I'd recommend installing all
>Microsoft-recommended
>patches, and then complain if they cause problems, rather than not
>installing and getting infected.


Some MS patches actually do cause problems (example: incompatibility
issues with alot of major vendor software with SP2). But you really
should resolve any and every issue you have with a PATCH =P (sorry if
you already tried ;))
 
 
 

got the Slammer worm - why now?

Post by littleboyb » Sat, 11 Sep 2004 13:34:14


It was a false alarm or a glitch between the firewall and anti-virus
software. It looks like someone or someone's computer infected with
that worm tried to get into my computer. The firewall stopped it and
made a log of it. Then the anti-virus software thought that the log
was infected when it wasn't. All I had to do was open my firewall and
clear the traffic, packet, and security logs and that took care of the
problem. So I never had the worm in the first place, thankfully.