[Dshield] Videotron ISP

Tom Laermans tom.laermans at powersource.cx
Tue Aug 7 09:51:19 GMT 2001


>
>What's very weird is that Telenet Customers have all ports < 1024 locked 
>down (blocked at the routers) for access outside of the Telenet network. 
>Machines on the Telenet network can contact each other without problems on 
>that port. Now how did Code Red (1/2/II) break out in that network. Good 
>question, isn't it? It can't have gotten port 80 of a customer...

Problem solved... Telenet is also hosting some websites... Apparently the 
machines weren't patched. Those machines had Port 80 open from the outside, 
and also had access to the internal telenet network, so also to ports <1024.

Another thing I just realised... The Telenet customers don't represent a 
hassle to the rest of the world. Their outgoing port 80 is locked too (very 
restrictive isp, I must say, but in this case it's cool ;) ... they're 
forced to use a proxy.

So their counter measures were only for protecting their own network.. Oh 
well...

Tom

-------------------------------------------------
Web: http://www.powersource.cx --- ICQ#: 12120754
Also check this out:  http://kickme.to/sidewinder
Need some cheats?? http://www.chaos-cheatbase.com
Keep Fido&BBS Alive!     http://skynetbbs.dyns.cx
-------------------------------------------------




More information about the list mailing list