From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Sun, 5 Sep 2004 00:01:09 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600
Subject: [os2genau_digest] No. 932
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Saturday 04 September 2004
 Number  932
**************************************************

Subjects for today
 
1   Orion Solutions : P A Jenkins <pajenkins at westnet dot com dot au>
2  Re:  Broadband Internet Security : Dennis Nolan <dennik at swiftdsl dot com dot au>
3  Re:  Broadband Internet Security : Ken Laurie <ken.laurie at graeleah dot com>
4  Re:  Orion Solutions : Tom Perrett" <tomp at st dot net dot au>
5  Re:  Orion Solutions : Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>

**= Email   1 ==========================**

Date:  Fri, 03 Sep 2004 12:52:48 +0930
From:  P A Jenkins <pajenkins at westnet dot com dot au>
Subject:   Orion Solutions

Has any body here had any luck contacting Mark at Orion (ecomstation 
Australia) ?
Can not find a listing in the white pages for his telephone number, can 
not connect to his web site, would like to buy ecs 1.2 from him rather 
then os.
There is a pc networking company in Melb. Vic called Orion with a web 
page, www.orion dot com dot au but it is not him.
Has he folded???
Peter Jenkins (at port pirie)

----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Sat, 04 Sep 2004 07:51:03 +1000
From:  Dennis Nolan <dennik at swiftdsl dot com dot au>
Subject:  Re:  Broadband Internet Security

Laurie

I did as you sugested, finaly figured out what to put into the Hosts 
field ( the modem dotted quad) and this is the reply
                                                                        
HTTP/1.1 501 Not Implemented                                            
Server: WindWeb/2.0                                                     
Connection: close                                                       
Content-Type: text/html                                                 
                                                                        
Web Server Error Report:<HR>                                            
                            <H1>Server Error: 501 Not Implemented</H1>  
<P><HR><H2>URL parsing error</H2><P><P><HR><H1></H1><P>Session closed...
                                                                        
This seems to indicate a web server is active.

Har det bra

Dennis.


Ken Laurie wrote:

> Dennis
>
> ShieldsUp is a good product to use to check what is seen from the 
> Internet. If port 80 is open there could be a number of reasons:
>
>    * The port is not closed on the router, the http server may not be
>      running but the port is still open.
>    * You might have DTOC running, which defaults to port 80.
>
> You can check by telneting to the box on port 80, by using the telnet 
> program under Internet utilities. Use vt100 and I got mine to give 
> info by hitting ctrl-c and then enter. If you cannot telnet to the box 
> on port 80 then port 80 is not open. You could also try one of the 
> port scanning programs such as JPSCAN (Java) or Portscan (native os/2 
> program) to check what ports are open.
>
> Remember just because the router doesn't have port 80 explicitly open 
> it may be open by default.
>
> hth
>
> Ken
>
> Dennis Nolan wrote:
>
>> Hi all
>>
>> I come across a reference to www.grc dot com doing connection security 
>> scans, and so gave it a go.
>>
>> I went into the "ShieldsUp!" link and had it do various scanns.
>>
>> What surprised me is that I have three ports perminately OPEN
>>
>> The ports are Port 80 and Ports 254 and 255.
>>
>> Now Port 80 is the http server port, I've disabled the http server in 
>> the router/modem from the WAN side.  For now I'll keep it enabled 
>> from the  LAN  side.
>>
>> So somewhere in eCS a  http server seems to be running.
>>
>> Ports 254 and 255 are reserved, and should not be used.
>>
>> I can only think that I have allowed Remote Configuration to be 
>> installed during installation.
>>
>> Is there any way of finding out if a default eCS installation is 
>> enabeling and using these ports.
>>
>> Or am I or have I been paranoid/stupid???
>>
>> Regards
>>
>> Dennis.
>>
>>
> 
>>
>> 
>
>>
>>
>
 
>
> 

>
>

----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Sat, 04 Sep 2004 10:58:48 +1000
From:  Ken Laurie <ken.laurie at graeleah dot com>
Subject:  Re:  Broadband Internet Security

Dennis

It appears that you have a web server running. Now is this on the eCS 
box? I have found a little bit on WindWeb. It is a web server. This site 
has details on it 
http://www.roe.ac.uk/atc/projects/vista/software/VxWorks/docs/windweb/guide/c-arch.html 
, whilst this site says it has something to do with CISCO web accessible 
phone settings http://myweb.cableone dot net/xnih/download/www.txt .

After some more research I found a site that described a vulnerability 
in version WindWeb 1.0 and it is on the ADSL  bridge/router.

My advise would be to turn the WindWeb server off on the router if 
possible, unless you need it for management of the router. If you cannot 
turn it off then see if you can configure the outside of the router to 
close port 80 or redirect port 80 to a non-existing machine on the inside.

You are not being paranoid because if you are running a server on the 
router that somebody form the outside can get to then they can 
potentially hack it and take over your router or DOS the router so you 
no longer have access to the Internet. They can DOS you by crashing the 
router or re-configuring it on you. It is worse when it wasn't you that 
configured the server and you only found it by accident.

I am running my own web server (Apache on eCS), firewalled and via a 
router and I regularly check the logs and do a SheildsUp scan to make 
sure nothing has changed. BTW my server is not generally available but I 
still get scanned and have many Codered etc attacks run against it.

If you want I can help out further via private email. Just for you 
comfort I am a Security Specialist and I have a GSNA (GIAC Systems and 
Network Audit from the SANS Institute) and I spend most of my day at 
work working on IT security.

regards
Ken

Dennis Nolan wrote:

> Laurie
>
> I did as you sugested, finaly figured out what to put into the Hosts 
> field ( the modem dotted quad) and this is the reply
>                                                                        
> HTTP/1.1 501 Not 
> Implemented                                            Server: 
> WindWeb/2.0                                                     
> Connection: 
> close                                                       
> Content-Type: 
> text/html                                                 
>                                                                        
> Web Server Error 
> Report:<HR>                                            
>                            <H1>Server Error: 501 Not Implemented</H1>  
> <P><HR><H2>URL parsing error</H2><P><P><HR><H1></H1><P>Session closed...
>                                                                        
> This seems to indicate a web server is active.
>
> Har det bra
>
> Dennis.
>
>
> Ken Laurie wrote:
>
>> Dennis
>>
>> ShieldsUp is a good product to use to check what is seen from the 
>> Internet. If port 80 is open there could be a number of reasons:
>>
>>    * The port is not closed on the router, the http server may not be
>>      running but the port is still open.
>>    * You might have DTOC running, which defaults to port 80.
>>
>> You can check by telneting to the box on port 80, by using the telnet 
>> program under Internet utilities. Use vt100 and I got mine to give 
>> info by hitting ctrl-c and then enter. If you cannot telnet to the 
>> box on port 80 then port 80 is not open. You could also try one of 
>> the port scanning programs such as JPSCAN (Java) or Portscan (native 
>> os/2 program) to check what ports are open.
>>
>> Remember just because the router doesn't have port 80 explicitly open 
>> it may be open by default.
>>
>> hth
>>
>> Ken
>>
>> Dennis Nolan wrote:
>>
>>> Hi all
>>>
>>> I come across a reference to www.grc dot com doing connection security 
>>> scans, and so gave it a go.
>>>
>>> I went into the "ShieldsUp!" link and had it do various scanns.
>>>
>>> What surprised me is that I have three ports perminately OPEN
>>>
>>> The ports are Port 80 and Ports 254 and 255.
>>>
>>> Now Port 80 is the http server port, I've disabled the http server 
>>> in the router/modem from the WAN side.  For now I'll keep it enabled 
>>> from the  LAN  side.
>>>
>>> So somewhere in eCS a  http server seems to be running.
>>>
>>> Ports 254 and 255 are reserved, and should not be used.
>>>
>>> I can only think that I have allowed Remote Configuration to be 
>>> installed during installation.
>>>
>>> Is there any way of finding out if a default eCS installation is 
>>> enabeling and using these ports.
>>>
>>> Or am I or have I been paranoid/stupid???
>>>
>>> Regards
>>>
>>> Dennis.
>>>
>>>
 
>>>
>>> 

>>>
>>>
>>
> 
>>
>> 
>
>>
>>
>
 
>
> 

>
>

----------------------------------------------------------------------------------
 

**= Email   4 ==========================**

Date:  Sat, 04 Sep 2004 12:24:57 +1000 (AEST)
From:  "Tom Perrett" <tomp at st dot net dot au>
Subject:  Re:  Orion Solutions

On Fri, 03 Sep 2004 12:52:48 +0930, P A Jenkins wrote:

>Has any body here had any luck contacting Mark at Orion (ecomstation 
>Australia) ?
>Can not find a listing in the white pages for his telephone number, can 
>not connect to his web site, would like to buy ecs 1.2 from him rather 
>then os.
>There is a pc networking company in Melb. Vic called Orion with a web 
>page, www.orion dot com dot au but it is not him.
>Has he folded???
>Peter Jenkins (at port pirie)

As has been stated by others, he is overseas and is due back home
this month.

Re white pages, I just did a search on Australian White Pages
using this criteria :-

- Business
- Orion Solutions
- Wodonga
- Victoria
- Regional

and up came his directory entry.


Cheers,

Tom       <tomp at st dot net dot au>   Tom Perrett

----------------------------------------------------------------------------------
 

**= Email   5 ==========================**

Date:  Sat, 04 Sep 2004 12:35:12 +1000 (EST)
From:  "Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
Subject:  Re:  Orion Solutions

On Sat, 04 Sep 2004 12:24:57 +1000 (AEST), Tom Perrett wrote:

>On Fri, 03 Sep 2004 12:52:48 +0930, P A Jenkins wrote:
>
>>Has any body here had any luck contacting Mark at Orion (ecomstation 
>>Australia) ?
>>Can not find a listing in the white pages for his telephone number, can 
>>not connect to his web site, would like to buy ecs 1.2 from him rather 
>>then os.
>>There is a pc networking company in Melb. Vic called Orion with a web 
>>page, www.orion dot com dot au but it is not him.
>>Has he folded???
>>Peter Jenkins (at port pirie)
>
>As has been stated by others, he is overseas and is due back home
>this month.
>
>Re white pages, I just did a search on Australian White Pages
>using this criteria :-
>
>- Business
>- Orion Solutions
>- Wodonga
>- Victoria
>- Regional
>
>and up came his directory entry.

Why didn't you paste it in? Whould have been easier on all of us.

Here it is:

Orion Solutions 				
		
1 Alison Crt Wodonga 3690
	(02) 6056 5455 	
		
		
Fax
	(02) 6024 1042 			
		
Internet www.orion-solutions dot com dot au

-Chris

WarpSpeed Computers - The Graham Utilities for OS/2.
Voice:  +61-3-9307-0344   Internet:   chrisg at warpspeed dot com dot au
FAX:    +61-3-9307-0633   Web Page:   http://www.warpspeed dot com dot au
Postal: WarpSpeed Computers, PO Box 212, Brunswick, VIC 3056, AUSTRALIA


----------------------------------------------------------------------------------