[HN Gopher] What happens if you connect Windows XP to the Intern...
___________________________________________________________________
What happens if you connect Windows XP to the Internet in 2024?
[video]
Author : rbanffy
Score : 28 points
Date : 2024-07-26 18:41 UTC (1 days ago)
(HTM) web link (www.youtube.com)
(TXT) w3m dump (www.youtube.com)
| usr1106 wrote:
| Interesting topic, but I would prefer it to be handled with more
| expertise than in this video. Seems to be a bit of unsystematic
| guessing.
|
| Also the connections opened could be watched in a router and/or
| with something like Wireshark.
| crashbrun wrote:
| Hypothesis: Running an [old, non-upgradeable OS] honeypot
| increases the probability of further scans and intrusion
| attempts on that range for awhile at least.
|
| paralax/awesome-honeypots:
| https://awesomerank.github.io/lists/paralax/awesome-honeypot...
|
| Wireshark works with tcpdump over SSH.
|
| A VM guest virtual network adapter can also be monitored from
| the VM host.
|
| But a human could spend all day trolling for VM escape exploits
| with a honeypot.
| Reubend wrote:
| Is Windows XP _on its own_ really this vulnerable to connections
| over the internet? This makes it seem like you 'll get infected
| within 10 minutes.
|
| I'm sure there are plenty of vulns in Windows XP by now, but it
| seems surprising to me that a random IP is getting scanned +
| infected + exploited within such a span of minutes just because
| it's running an old OS.
|
| It would actually be pretty interesting to see which
| vulnerabilities are used for this type of thing. Sort of the
| opposite of a 0 day, I suppose... very old, well known exploits.
| But to do that on a PC with totally stock OS software is
| impressive.
| NikkiA wrote:
| Windows by default, un-firewalled, will announce its presence
| to a network, and in old versions, that could even be the
| internet at large (back then you could even see SMB shares over
| the internet and would often see thousands of 'nearby' system).
|
| The malware he got appeared to use a PNG exploit to affect
| remote code execution once running, but we don't see what
| bootstrapped that malware into the system
| PaulCarrack wrote:
| > Windows by default, un-firewalled, will announce its
| presence to a network, and in old versions, that could even
| be the internet at large
|
| By announcements you are referring to broadcasts which are
| limited to the broadcast domain of whatever IP the ISP has
| assigned you. Plus those are largely blocked by the ISP
| beyond that.
|
| So to say that you are broadcasting to the world that you
| have an SMB share available is not true. An attacker would
| have to scan for it (i.e. make an active connection to TCP
| port 445 on your machine).
| anyfoo wrote:
| This is the correct answer. Broadcast packets do not reach
| outside of a network segment. The "thousands" of Windows
| machines OP saw were probably part of the same office
| network they were sitting in (where other mechanisms may
| actually have made more of them visible than a simple
| broadcast would, but intentionally).
|
| Sitting at home connected to the Internet over a point-to-
| point link, you'd see zero Windows machines that are not
| inside your home, now and back then.
| skipkey wrote:
| When I got my first cable modem in maybe 1995, there were
| about half a dozen of my neighbors computers in Network
| Neighborhood. Most with unprotected shares and printers.
| Basically everyone running Windows on my C block. It got
| cleaned up within a few months tho.
| codetrotter wrote:
| Saw something similar at the summerhouse of a friend
| around 2008 or 2009. Somehow the whole neighborhood was
| in one giant LAN with one another there, sharing a common
| gateway to the internet? Around 30 or some such computers
| of neighbors showed up. Super weird.
| EvanAnderson wrote:
| Pre-cable modem era, the dialup networking "adapter" in
| Windows 95 was bound to "File and Print Sharing". People
| who had both a LAN and a modem could inadvertently
| "share" with the Internet.
|
| I may or may not know something about sending print jobs
| that said "FEED ME CHEESE" in Figlet to inadvertantly
| shared printers and waiting for pings to stop coming
| back.
| toast0 wrote:
| Cable modem systems often ran with no broadcast
| filtering, and pretty big netmasks. Something like a /22
| wouldn't be uncommon.
| _trampeltier wrote:
| Un-firewalled yes, but mostly behind NAT, so just everything
| from Internet to XP would not pass NAT.
| wongarsu wrote:
| Back in the XP days it wasn't uncommon to have your only
| computer directly connected to a modem (probably ADSL or
| Cable/Coax, but dial-up was also still around).
|
| I'm not entirely sure when it became the norm for modems to
| have routers (and thus NAT) built-in, but I assume it
| coincided with the rise of smartphones around 2008. I
| certainly remember buying a separate wifi routers to
| connect to the single ethernet port of the modem even post-
| dialup.
| Izkata wrote:
| My ISP didn't switch to combination devices until
| somewhere between 2013 (only got a modem) and 2018
| (forced modem upgrade, included built-in router this
| time).
| supportengineer wrote:
| Back then (2000-2001) everyone I knew would buy a Netgear
| firewall with NAT.
|
| Maybe it was my circle of friends but it was WELL
| UNDERSTOOD not to ever connect your machine directly to
| your ISP.
|
| Common DSL providers back then were Telocity and
| Speakeasy.
| toast0 wrote:
| I came of age with Windows 95 and friends... All my IRC
| friends pretty much dialed in directly to the internet
| from our main PC. When we got cable or DSL, if you had
| one computer, it got to connect directly.
|
| Windows 98 Second Edition came with internet connection
| sharing, so you could dial up on one computer and share
| with the LAN, and I think it worked for cable/dsl with
| two NICs as well. Many of my circle ended up with a Linux
| (or BSD) box doing NAT too. There was other software to
| share on Windows if you didn't have 98SE.
| rvnx wrote:
| Totally this.
|
| You had one PC connecting to the DSL box, having directly
| a public IP, and then if you were smart you would install
| a second network card in your computer with a crossover
| Ethernet cable connecting to the second computer.
|
| Routers were super expensive, they came only later when
| internet democratized more.
| tredre3 wrote:
| All of Eric Parker's videos are faked, he installs malware
| manually for attention.
|
| In this particular video you can get a glimpse of that at 2:50,
| he forgot to close an Internet Explorer window in which he was
| searching for "XP sp3 worms".
| AmVess wrote:
| Yes. I've had a new install compromised immediately after first
| boot. This was over a poorly configured cable internet service.
| I could also see and connect to other computers in the
| neighborhood and had full access to shared resources.
|
| I did it to prove a point. ISP techs didn't believe it could
| happen. Yes, they were that bad.
|
| However, this was done at the time when every other machine
| everywhere was compromised in some way and sputtering out
| malware all the time.
|
| I have no idea what the results would be like today, but I
| suspect it would be far less dramatic because the exploits for
| XP have more than likely been offline for a long time.
| Dwedit wrote:
| Does this include all the official post-abandonment patches (from
| Microsoft POSReady), and unofficial service pack patches?
| bilsbie wrote:
| Relevant xkcd https://xkcd.com/350/
| dgeiser13 wrote:
| Does he install ZoneAlarm on it?
___________________________________________________________________
(page generated 2024-07-27 23:05 UTC)