Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Windows XP SP2 Hell - Beware!

  1. Oct 26, 2004 #1
    Hi all

    Not sure if this has been discussed here but installing SP2 trashed my PC!

    After installing SP2, the PC said to restart to finish the process, but then on restart refused to boot! I have spent a week 'googling', searching, rebuilding, trying, retrying, to get it fixed.

    Microsoft warns that this can happen on Intel 'Prescott' chips on certain motherboards (not well publicised) but I have an Athlon chip!

    XP refused to 'Repair Install' when booted from the CD as it couldn't recognise the original Installation, so would only put in a new installation deleting my old data.

    Recovery Console refused to work without a password (I have never set one!)

    Removing the Hd and putting it in a different PC got me my data back, and eventually by transferring over data from the 'Repair' folder to the windows system32 folder I eventually got XP to recognise my old install and do a repair install.

    However, the user names had disappeared on reboot and I couldn't log on as anyone!

    With safe mode I overcame this, but then found that the modem was unrecognised and couldn't be used. Modem options were 'greyed' out!

    I had to edit the registry to repair this fault, then edit the BIOS to get the non-working USB ports going again.

    The floppy disc icon disappeared from my computer and although I got this back by editing the BIOS again, it still refuses to work - insisting that I insert a disc even when I have done so. Searching through Google shows the Floppy problem to be a common one (even without SP2) but with no known solution.


    Anyway - Please be warned, SP2 works well on many PCs' but trashes some. It has wasted a week of my life and reduced my PC's capability. I now really understand why so many people detest Microsoft so much....

    You've been warned - don't install SP2!
     
  2. jcsd
  3. Oct 26, 2004 #2

    graphic7

    User Avatar
    Gold Member

    I, or anyone else that I know, have had any problems with SP2. In fact, I consider the security and IE enhancements to be of the utmost importance.
     
  4. Oct 26, 2004 #3
    If you or your friends haven't had a problem - thats nice. However,that isn't hardly the whole computer world is it! Actually, I consider the use of my computer to be of the utmost importance!

    Here is one issue that Microsoft admit: Reboot error


    Also, try putting "SP2 problem" (without quotes) into Google - it finds over 1,000,000 pages!! And this is for a new package that has just been released!

    Pah!
     
  5. Oct 26, 2004 #4
    Hate to be devils advocate... well actually I dont :-)

    http://www.internetnews.com/ent-news/article.php/3425011

    100 million downloads of SP2.....

    I think a fairer comparsion using google would be "with" quotes becuase without you will be picking up www pages with just "Microsoft" or "Problem" not nessesarily both!!!

    I feel you pain tho Adrian... I heard that if your PC reboots while doing the upgrade you could b screwed like yourself!

    SP2 is better... But I would still Remove IE and that poxy little firewall is still not worth talking about...
     
  6. Oct 26, 2004 #5

    graphic7

    User Avatar
    Gold Member

    The firewall has actually turned into a real firewall in my opinion. The firewall now has the ability to block TCP and UDP ports, not to mention ICMP protocol (still no IGMP), with some rather decent logging features. My only complaint about the firewall (I don't use it anyways - no need) is it still doesn't do TCP or UDP forwarding. I suppose Microsoft has a deal with Cisco or Linksys to keep it that way.
     
  7. Oct 26, 2004 #6
    Its not a firewall its an application to block ports!! Thats it

    What layer and how many layers (OSI) of traffic is it inspecting? 1..... (Layer4)
    Firewalls in my opinion have to deep scan packets to check for any anomolies, they have to work at various levels... Do you think that the port blocker in SP2 will stop your PC being ddosed? Nope... Do you think it would know if someone was TCP sequence prediction attacking you? No... It is not a firewall it is a port blocker... Something you can do on Linux and Unix out of the box!

    The desktop 'firewall' in sp2 is not a Firewall!

    This is a firewall:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4094/index.html
    And this:
    http://www.checkpoint.com/products/vpn-1_pro/index.html

    This is NAT you are talking about (actually PAT)
     
    Last edited: Oct 26, 2004
  8. Oct 26, 2004 #7

    graphic7

    User Avatar
    Gold Member

    I'm aware of what I'm talking about. If you put a Cisco on a cable connection, or anything non-fiber, it's not going to make a difference whether the router knows it it's getting packets up the ass.
     
  9. Oct 27, 2004 #8
    I do not follow you?

    Cable, dsl, atm, ethernet, WLAN, ect ect all still run IP through internet the only difference is the physical layer within the protocol...

    Dont understand what you are getting at here
     
  10. Oct 27, 2004 #9
    If you only have a standard residential broadband connection, then no router is going to be able to protect you from a ddos attack.
     
  11. Oct 27, 2004 #10

    graphic7

    User Avatar
    Gold Member

    And depending on the magnitude of the DDOS attack (and they are getting higher these days), no router 4 or 5 hops up could withstand the attack, either.
     
  12. Oct 27, 2004 #11
    Adrian, did you end up reformating or did you get SP2 to work for you?
    Also what mother board do you have?
     
  13. Oct 27, 2004 #12
    Ahh Masta_coda is a bit more understandable....

    Anyway Ingress and Regress filtering at your border Routers will stop DDOS :-) which doesnt nessesarly have to be on fiber....

    Anyway that is not what I was getting at. I was getting at SP2 firewall not being one, it is a port blocker.. Albetit making Windows a better product but it still isnt a firewall....
     
    Last edited: Oct 27, 2004
  14. Oct 27, 2004 #13

    graphic7

    User Avatar
    Gold Member

    I've seen a few cases where Qwest (back in the days when they owned the "boarder routers") attempted to stop major DDOS attacks - most were unsuccessful. And as you so put it the "border routers" are going to be owned by the ISP's which do have fiber. You're hard to understand.

    My point is though that you're not going to run Windows XP SP2 as a "real" firewall (a home user doesn't need a "real" firewall to begin with), and certainly any business would do the same. Therefore, a free firewall that blocks ports - what more could you ask for? If it blocks ports, logs, and blocks specific protocols (ICMP), what can't it do that any cheapie Linksys router/firewall could do?

    In fact, my friend has a cheapie Linksys router, but it can't forward any ports on UDP.

    And the reason I'm emphasizing fiber in all of my posts is because fiber does have the highest bandwidth of any traditional medium.
     
    Last edited: Oct 27, 2004
  15. Oct 28, 2004 #14
    OK, But why do you think that quest "owned" the border routers... A border router is just a router between 2 A.S.'s (autonomous systems) typically these routers are owned by ISP's and Large companies and Goverment Orgs (there are LARGE ISP outside of the states you know!)... Becuase these companies typically own large blocks of Public IP's.... But any company that owns Public Blocks (in this new world of CIDR) can regress/ingress filter at there AS border.

    If an ISP or company were to filter ingress and regress as I said then they would not be suspectable to the worst DDOS attacks, ie spoofed IP ddos attacks because all packets entering the A.S. from another A.S. without the correct source IP address (IE an address from the neighbouring AS) would be dropped... Thus you elinimate DDOS... ISP have known this for a long time and for some reason decline to activate this service, no idea why!

    Any other type of DDOS without spoofed IP address could be handled by Access lists and can be recovered from far easier.

    Lets say you have a large company with a large bank of Publics in a block, (lets say 11.1.1.0/20) and you connect to your ISP (all beit level3 or something, fiber) then you could very easily have a Serial connection to one of there border routers... this is why I said it doesnt ness. have to be on Fiber!

    I aggree SP2 port block is not a firewall :-) But it is a good asset to have on your PC, I also do not use it....I also would not say that the cheapie linksys routers (with firewall builtin) are not Firewalls... But what these things can do that sp2 firewall cant is NAT! thus hiding your PC even more
     
  16. Oct 28, 2004 #15

    graphic7

    User Avatar
    Gold Member

    Let's just say I have experience contacting Qwest the ISP of my employer's ISP. On one occasion, Qwest could do nothing because of the shear load of traffic (and the many IP's that were responsible, 10,000+) the routers were handling. Qwest does receieve government contracts, by the way.

    The worst DDOS attacks, are the ones that are from a mass number of systems - usually residential cable and DSL. That specific attack I referred to bombarded the ISP with 15gbps, with one hell of a SYN/UDP flooder.
     
    Last edited: Oct 28, 2004
  17. Oct 28, 2004 #16
    Sure... but typically DDOS use IP maskerading techniques... If you DO NOT accept packets that have false IP address then you do not suffer....

    Look at RFC2267 for more details
     
  18. Oct 28, 2004 #17

    graphic7

    User Avatar
    Gold Member

    The specific DDOS attack(s) that I'm referring to did not use any sort of masquerading technique. Qwest could do nothing, and my employer's ISP was put down.

    And no, DDOS attacks do not typically use masquerading techniques. There's no need for it if you control a mass amount of systems.
     
    Last edited: Oct 28, 2004
  19. Oct 28, 2004 #18
    Just curious how you know this? What data did you look at? Is this just an educated guess? If this was such a large attack it would most probably gotten media attention, I would love to see some news cuttings if you have any... (Or just some links to back your research into DDOS would be nice)

    I will honestly say that I do not know which are most prolific Spoofing or non spoofing attacks, and will take your word for it as it seems you have done lots of research...

    However I remember the biggest DDOS which did hit the papers was one in 2002 if I am not mistake that went for all 13 Root servers, and if I rememeber correctly the IP addresses were spoofed...

    http://www.internetnews.com/dev-news/article.php/1486981

    Here is a link to M$ website which also says common DDOS are empolying spoofing techniques

    http://www.microsoft.com/technet/security/bestprac/ddosatku.mspx

    Which doesnt supprise me as long as ingress and regress filter is turned off on BGP routers then doesnt make a difference and will be more effective if you cant trace the ip back....

    *waits to see Graphic7's research*
     
  20. Oct 28, 2004 #19

    graphic7

    User Avatar
    Gold Member

    Well, if you look at any of the source for any of the latest Win32 worms, you will indeed see the SYN/UDP flooders are not doing any type of masquerading. They simply don't need to. I doubt you have any field experience with these sorts of attacks, and that's quite understable. Your basing your facts off of media coverage, and I can tell you from experience that some of the largest attacks will not receive media coverage because of the sensitivity of the situation.

    You obviously are not understanding the concept here. The Win32 worms do not care if anyone will be able to trace the IP back. The infected systems are residential and if you do any 'netstat -an''s you will in fact notice that the IRC server they are connected to is 127.0.0.1. This is in part that the ARP tables have been altered. To iterate my point, masquerading is no longer needed because of the capability to harvest a mass number of systems.
     
    Last edited: Oct 28, 2004
  21. Oct 28, 2004 #20
    Not all win32 worms are DDOS agents... And I believe you also have no experience in this field, contery to your claims.... I do have experience in a large corporate network and I look after BGP routers, I also look after other border network equpitment...

    Why do you think I do not understand the concept? You are arrogant to even presume anything about me graphic!
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Windows XP SP2 Hell - Beware!
  1. Windows XP Pro SP2 (Replies: 1)

  2. Windows XP SP2 problem (Replies: 6)

  3. Windows XP of Vista (Replies: 30)

  4. Windows XP problems (Replies: 5)

Loading...