I need to access secure resources from a library. This is done using a web browser (Internet Explorer 6 works OK) configured to use a proxy server on port 80. This has always worked in the past. However, around the time Comcast switched over, I lost the proper functionality of the proxy server and I can't access the secure resources. I can ping the proxy server and Internet Explorer doesn't give me an error message when set to use the proxy. However, my log-in screen doesn't come up and I am blocked from the secure resources. After reading some of the posts on this site, I checked to see if Comcast was using a proxy server and sure enough they are. I suspect that their proxy is somehow preventing me from using the proxy I need to use to access the secure resources. Does anyone know how to work around this problem? I would be really grateful to get some help as I am totally stumped.

By the way, I also began having problems accessing a network using a Cisco VPN at about the same time. Could this be a related problem?

I have spoken with Comcast . . . but you know the story . . . these people are nice (sometimes) when they are reading their cue cards, but they get testy real quick when you go beyond the simplest question. Start talking proxys and VPN and they get downright nasty. I guess this is what happens when you've got a monopoly (Aargh!). They also don't answer my e-mail . . .

Any help, would be much appreciated . . .

Thanks, all! :rolleyes:

Mike

E-mail: speedguide@mike.mailshell.com

There's a good reason why you can't connect to the IP address you're trying to:

Are you familiar with the Code Red virus?

Here's an explanation:

The worm sends its code as an HTTP request. The HTTP request exploits a known buffer-overflow vulnerability, which allows the worm to run on your computer. The malicious code is not saved as a file, but is inserted into and then run directly from memory.

Once run, the worm checks for the file C:\Notworm. If this file exists, the worm does not run and the thread goes into an infinite sleep state.

If the file C:\Notworm does not exist, then new threads are created. If the date is before the 20th of the month, the next 99 threads attempt to exploit more computers by targeting random IP addresses. To avoid looping back to infect the source computer, the worm will not make HTTP requests to the IP addresses 127.*.*.* .

If the default language of the computer is U.S. English, further threads cause Web pages to appear defaced. First, the thread sleeps two hours and then hooks a function, which responds to HTTP requests. Instead of returning the correct Web page, the worm returns its own HTML code.

The HTML displays:

Welcome to http:// www.worm.com !
Hacked By Chinese!

This hook lasts for 10 hours and is then removed. However, reinfection or other threads can rehook the function.

Two versions of this worm have been seen in the wild. The second version does not cause the webpages to be defaced.

Also, if the date is between the 20th and 28th of the month, the active threads then attempt a Denial of Service attack on a particular IP address by sending large amounts of junk data to port 80 (Web service) of 198.137.240.91, which was www.whitehouse.gov. This IP address has been changed and is no longer active.

Finally, if the date is later than the 28th of the month, the worm's threads are not run, but are directed into an infinite sleep state. This multiple-thread creation can cause computer instability.


In short, you'll find a lot of places with port 80 simply closed because protecting yourself against the bug is tricky, very tricky.

If you really need to access this information, get ahold of the library, not your ISP, as your library is the one in charge of this site, and your ISP has nothing to do with it.

Here's some more information, that you should take the time to read about:


According to Qwest, some DSL subscribers who are using Cisco modems series 675 and 678 may have had their modems affected by this worm. For additional information, go to:

http://www.qwest.com/dsl/customerservice/coderedvirus.html

Additional information on problems related to the worm and Cisco hardware or software is available at:

http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml
Hewlett-Packard Jet Direct cards listening on port 80 may also suffer a denial of service.




Removal instructions:

SARC has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm and CodeRed II. To obtain the CodeRed removal tool, please click here.

If for any reason you cannot use or obtain the CodeRed removal tool, you must remove this worm manually.

To manually remove the worm:


1. Download, obtain and apply the patch from the following Web site:

http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

Alternatively, you can download and install the Cumulative Patch for IIS available at:

http://www.microsoft.com/technet/security/bulletin/MS01-044.asp

2. Restart the computer.



Additional information:

Symantec offers multiple options to check for this threat and the underlying vulnerability:

Home users:

Symantec Security Check is a tool which allows you to determine if your computer is at risk. Click here to begin a free online scan.
"FixCodeRed Assessment Tool" is a free tool which allows you to determine if your computer is at risk. If the vulnerability is found, the tool will scan memory to determine whether the worm is present. Click here to download the tool onto your computer.
Norton Internet Security is Symantec's integrated security and privacy suite which has been updated with a new rule that blocks suspected outbound data traffic from the IIS server. This new rule can be applied to Norton Internet Security by running LiveUpdate.

I would seriously consider getting yourself checked of the virus (see the link in the above reply), and see if that might be causing your problem. Although it might not be, it's worth a shot, and most certainly wouldn't hurt.

Your problem has nothing to do with viruses or worms.

Comcast has elected to use a transparent proxy server that has made most secure sites unreachable. Your only hope is that they admitted yesterday that they were capturing and storing user traffic, including sites visited, passwords, and credit card numbers. The backlash is going to be horrible. They may be forced to drop the proxies.

Kip

It will be interesting to see how this plays out. I wouldn't mind if the proxys get axed....or at least can be 'optional'. I was promised that these things weren't going to be used abusively by some folks pretty high up the ladder. Sure....they're used to monitor site hits and for marketing profiling....without being associate with individuals, but this isn't a new phenomena. If they are actually capturing private information and associating this information with individuals....well....they deserve whatever backlash they get.

At this point I haven't seen any proof that this is actually ocurring or otherwise. Professionally, I didn't have a choice about installing it (the proxy server), but personally I feel that it's a borderline breach of privacy by its very nature. If Comcast is going beyond caching and is abusing this thing, then we can only hope that it won't set a precedent for other MSOs to follow.

Time will tell...