Home page logo

basics logo Security Basics mailing list archives

Re: Windows Messenger Pop-up spam
From: "'Ansgar -59cobalt- Wiechers'" <bugtraq () planetcobalt net>
Date: Thu, 2 Dec 2004 18:08:13 +0100


On 2004-12-01 David Gillett wrote:
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net]
On 2004-11-30 Beauford, Jason wrote:
Block those Ports!

Why? Simply disable the stupid messenger service (because obviously
it's not needed anyway). There's no need to block any port because of
messenger spam.

That would be true, if all that ever used those ports was Messenger.
But it's NOT!  The same ports are used for a bunch of stuff that you
*really* do not want to be exchanging with the wild wild net.

Block those ports, and no longer seeing Messenger spam is the
*smallest* (if most visible) way in which your system will become

I thought at least you would get my point. However, maybe I have to be
more verbose.

We were talking about messenger spam only, and therefore it's pretty
much sufficient to disable the messenger service. No other action
needed, especially not blocking any ports. Period.

But let's assume we're talking not only about messenger spam but malware
in general. Why would I rather block specific ports instead of disabling
unneeded services? In the latter case I won't *have* anything that needs
to be protected at all¹. Plus Personal Firewalls proved theirselves to
be much less reliable than one would like to think. Do I have to remind
you of the Witty worm?

Sure, you can argue that maybe the host acts as a router for some local
network (ICS or something). However, I would still have to ask: why does
he need to provide any services at all? A router is not supposed to
provide services. Period. If one needs Internet connectivity for a local
network and needs all computers as workstations, then bite the damn
bullet and buy a router. They're not *that* expensive. And of course one
would block *everything* except for the desired traffic on the network
*perimeter*, not only deny the undesired traffic on the host itself. If
there's no LAN but just a single host with Internet connection, then why
does the box need to provide any services at all? IMnsHO.

Ansgar Wiechers

² http://www.ntsvcfg.de/
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]