Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Warning! 'shell://' with win98 ...

From: network_ops () TIDALWAVE NET (Keith McCammon)
Date: Sat, 3 Jun 2000 19:39:14 -0400

Guys,

The packet lockout after thirty minutes is almost certainly being caused by Zone Alarm.  ZA has an Internet Lock 
feature that you can set.  This lock will shut off ALL traffic after a set amount of time (I think 30 minutes is the 
default), or when the screen saver is activated.  I'dd make sure you clean all Zone Alarm values out of the registry.

Keith

---------- Original Message ----------------------------------
From: nine <nine () 14X NET>
Reply-To: nine <nine () 14X NET>
Date:         Sat, 3 Jun 2000 14:00:38 -0400


I tested this on Windows 98 SE, which in my case was running on a small
lan, with all packets going through a NetBSD gateway. After typing
shell://, I get the "Page Cannot be Displayed" (obviously), and as Alex
Schuetz said, about 30 minutes later, a reboot was needed because I could
not access the outside. It still does this about every half hour, even
after reboot. Just a confirmation.

Erik Tayler
14x Network Security
http://www.14x.net

On Sat, 3 Jun 2000, Alex Schuetz wrote:


Dear people,

I just dipped deeper into the "shell://" problem using _Windows98_
instead of WinNt/2k. For me, it causes endless problems. After exactly
30 minutes of operation, Win98 started to block every TCPIP packet,
every ping from my host resulted in an immediate "Error 10050" (whatever
that is). No packet goes in or out alive.

Trying to reproduce the error sooner by pushing forward the local time
(DOS command.com box, "time" command) after rebooting didn't help to
make the error occur "sooner". Since I tried out the "shell://" pattern
the first time, now I'll have to pray every 30 minutes that the @#!
computer will please,please keep sending/receiving my internet packets.
Oh, shit....

I also found out there were some remains in the (run/runonce/runonceEX)
registry from a firewall called ZoneAlarm. Maybe the bug somehow
triggered these remains to block everything every 30 minutes. It's just
a theory. But I'll keep you up to date as soon as I find out more.
Comments welcome.

Dazed and confused,

Alex
Previous By Date Next
Previous By Thread Next

Current thread: