mailing list archives
RE: Windows Messenger Pop-up spam
From: Steven Trewick <STrewick () joplings co uk>
Date: Mon, 6 Dec 2004 11:50:11 -0000
From: H Carvey [mailto:keydet89 () yahoo com]
Sent: 03 December 2004 12:10
To: security-basics () securityfocus com
Subject: Re: Windows Messenger Pop-up spam
In-Reply-To: <20041202173019.B10318 () planetcobalt net>
Which will merely have lulled them into a false sense of security,
since the traffic is still making it to their IP stack. For windows
boxen, this is almost as good as "game over"
You may want to give at least one reason for this opinion.
I, too, would like to see something to support this statement.
"Game over", how? Sure, the traffic still makes it to the IP
stack, I agree...but how does this result in "game over" with
respect to Messenger spam? Turn the Messenger service off
and there's nothing there to handle the input...end of story.
*That's* "game over".
Harlan, as you well know, there are *many* other things listening
to/on the subset of ports used by messenger spam, turning
off the messenger service in no way blinds/deafens the *rest* of
the RPC subsystem, where $DEITY knows how many vulns have been
(and remain to be) discovered.
Simply turning off the service in no way increases the security
of the machine, because those ports and the multiplicity of
services that use them will still be exposed, quite obviously.
Anyone sufficently addled as to run a machine exposed in this
way is also extremely unlikely to be patched up the eyeballs,
thus we have exposed *and* vulnerable services. Thus it will
be game over when the first worm reaches the machine.
As a rough guide, the last time I saw someone connect a box so
configured to the internet, it took less than five minutes
to succumb to some variety of lsass exploit, which will
have arrived via those exact same ports (135/9, 445, et al)
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only.
If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in
this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group
operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by
viruses being passed.
Re: Windows Messenger Pop-up spam Kevin Davis (Dec 02)
Re: Windows Messenger Pop-up spam Ansgar -59cobalt- Wiechers (Dec 02)
Re: Windows Messenger Pop-up spam H Carvey (Dec 03)
Re: Windows Messenger Pop-up spam H Carvey (Dec 04)
RE: Windows Messenger Pop-up spam Steven Trewick (Dec 07)
- Re: Windows Messenger Pop-up spam, (continued)