Home page logo

basics logo Security Basics mailing list archives

Re: Windows Messenger Pop-up spam
From: H Carvey <keydet89 () yahoo com>
Date: 3 Dec 2004 12:07:35 -0000

In-Reply-To: <20041202180813.D10318 () planetcobalt net>

Why? Simply disable the stupid messenger service (because obviously
it's not needed anyway). There's no need to block any port because of
messenger spam.

That would be true, if all that ever used those ports was Messenger.
But it's NOT!  The same ports are used for a bunch of stuff that you
*really* do not want to be exchanging with the wild wild net.

But the thread isn't about blocking all ports and all services, it's about Messenger spam.  Turning the service off is 
a highly effective means of dealing with the situation at hand.  

If you're going to change the focus of the thread, please do so under another Subject: line.

We were talking about messenger spam only, and therefore it's pretty
much sufficient to disable the messenger service. No other action
needed, especially not blocking any ports. Period.

I thought the same thing, as well.  The original question wasn't about overall, general security...it was about 
blocking spam to the Messenger service.

But let's assume we're talking not only about messenger spam but malware
in general. Why would I rather block specific ports instead of disabling
unneeded services? In the latter case I won't *have* anything that needs
to be protected at allĀ¹. 

Agreed.  There are links on the TaoSecurity blog that point to resources for completely configuring a Windows system so 
that there is a "clean" netstat.exe output.  Besides shutting down all unnecessary services, including those that 
provide network connections, it includes how to disable DCOM.  Once the steps have been followed, why would a firewall 
be needed?

H. Carvey
"Windows Forensics and Incident Recovery"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]