?

Log in

No account? Create an account
Why port blocking is bad - 'Twas brillig, and the slithy toves did gyre and gimble in the wabe [entries|archive|friends|userinfo]
Thomas

[ website | Beware the Jabberwock... ]
[ deviantArt | the-boggyb ]
[ FanFiction | Torkell ]
[ Tumblr | torkellr ]

Links
[Random links| BBC news | Vulture Central | Slashdot | Dangerous Prototypes | LWN | Raspberry Pi]
[Fellow blogs| a Half Empty Glass | the Broken Cube | The Music Jungle | Please remove your feet | A letter from home]
[Other haunts| Un4seen Developments | Jazz 2 Online | EmuTalk.net | Feng's shui]

Why port blocking is bad [Wednesday 1st June 2005 at 11:45 am]
Thomas

boggyb
[Feeling |annoyedannoyed]

Because this is what you get if Java gets given port 3130 by Windows:

Norton blocking the "Master Paradise Trojan" (also known as Java 1.4.2_8)

And in Eclipse I was greated by the wonderful message of:

FATAL ERROR in native method: No transports initialized
err:: No such file or directory
Error [2] in connect() call!
Socket transport failed to init.
Transport dt_socket failed to initialize, rc = -1.

Thank you, Norton.
Link | Previous Entry | Share | Next Entry[ 9 pennies | Penny for your thoughts? ]

Comments:
[User Picture]From: ralesk
Wednesday 1st June 2005 at 2:32 pm (UTC)
LOLOL. Remote computer XD

Eclipse = ugh, imho, though.
(Reply) (Thread)
[User Picture]From: boggyb
Wednesday 1st June 2005 at 2:57 pm (UTC)
Yeah, I really dislike the short-sighted approach that Symantec took with the firewall - basically, it comes with a list of "well-known trojan ports" which it is set to block. Which is all very well, except a lot of those are in the random-port range, and it makes no distinction between stuff that happens entirely on localhost (almost always safe) and stuff that comes from outside. Oh, and by default if you trip its IDS then it;ll block the source for half an hour. Which gives you a very nice remote DDOS - simply send someone a ping of death or something every 25 minutes that claims to come from the google web server.

With Eclipse, I've started to rather like it - it beats the BlueJ IDE hands down (tho BlueJ is very handy for debugging objects). It does tend to chew up ~100 meg or so tho.
(Reply) (Parent) (Thread)
[User Picture]From: ralesk
Wednesday 1st June 2005 at 3:08 pm (UTC)
Eclipse sucks at Perl highlighting, sadly :| (and I found it rather uncomfy compared to, say, EditPlus) — I just went and nicked Komodo from somewhere :3
(Reply) (Parent) (Thread)
From: pewterfish
Wednesday 1st June 2005 at 3:02 pm (UTC)
Reminds me why I don't have a personal firewall any more: Norton used to mess me about, and I couldn't be bothered to kick iptables into shape when I switched OS back in '02. Now, I rely on (a) having no external services running bar SSH and (b) the gateway firewall to watch my back. No problems as yet.

Remind me again why Norton blocks connections with both endpoints on the local machine?
(Reply) (Thread)
[User Picture]From: boggyb
Wednesday 1st June 2005 at 3:07 pm (UTC)
Absolutely no idea. You actually have to explicitly allow them if you're running IIS, or strange stuff happens. Found that one the hard way - had IIS locked down to local private subnet and trusted IPs on http and ftp, and blocked everything. Then wondered why if I tried to stop/restart/admin IIS it fell over and locked. I also had to kill outbound e-mail virus scanning, as that was eating the encrypted connections OE needed to talk to the uni servers.
(Reply) (Parent) (Thread)
[User Picture]From: olego
Wednesday 1st June 2005 at 9:20 pm (UTC)
And that is why I don't use any of Norton's products any more. Sure, their disk doctor was nifty 8 years ago; but:

(1) Their virus scanner effectively halves the speed of any computer.
(2) Their firewall is a pain in the arse. I'm so far happy with my Windows firewall, because, as simple as it is, it doesn't bother me at all.
(Reply) (Thread)
From: (Anonymous)
Saturday 4th June 2005 at 1:37 am (UTC)

Worms?

I had what looked like a security breech - someone sniffing around in my computer late at night recently. I found some new files in my Program Files area, one for example was:

com_microsoft.894320_W2K_SP5_x86_WinSE_154269

I searched this file on the internet and was directed to your posting. However, I can't see any reference to that file in the text. Did you encounter something similar? Do you know anything about it? If you could send a quick email to confirm this I would really appreciate it. Thank you.

hright@telusplanet.net

CB
(Reply) (Thread)
[User Picture]From: boggyb
Saturday 4th June 2005 at 5:38 am (UTC)

Re: Worms?

No, this was just a false positive by Norton Internet Security. Norton comes configured with a list of "well-known trojan ports" which it blocks.

What happened here was that when the Java runtime (javaw.exe) asked for a free TCP port, Windows gave it one that was on Norton's block list. and so Norton blocked it, which made Eclipse (a Java development enviroment) fall over when it tried to start the debugger for my program. No trojans involved, just a trigger-happy firewall.

As to your problem, it's not something that I've seen before. The first number is the KB code for MS05-024, a patch for a remote code execution in web view. A Google for the whole file turned up nothing, but when I replaced the punctuation with spaces I got a reference on a forum to Software Update Services (specifically, about SUS going on strike and spewing out errors instead of patches). If you're running SUS then it may be worth checking the settings and relevant logs.

Apart from that I don't have any ideas. Hope you have more success than me at solving it!

(x-posted to supplied e-mail and in reply to this comment on this post)
(Reply) (Parent) (Thread)
[User Picture]From: ricold
Monday 6th June 2005 at 3:04 pm (UTC)

Re: Worms?

"just a trigger-happy firewall."

Quote of the day!
(Reply) (Parent) (Thread)