Full Disclosure mailing list archives

Re: Odd Behavior - Windows Messenger Service


From: John Reilly <jr () inconspicuous org>
Date: 16 Jul 2003 20:53:07 +0100

On Wed, 2003-07-16 at 17:00, morning_wood wrote:
Its generally not considered good practice to install your host in an
open (or even partially open) network.  The host should be fully
installed, patched and configured securely before connecting.

my post is in regaurd of Windows Messenger being accessable witthout any
interactive login to take place... not that im dumb for firewalling wrong,
configuration... etc

I don't think the fact that its accessible without interactive login is
the problem - the problem is that its accepting connections from
anywhere.  It should limit to localhost or at most, hosts on the same
subnet if connected to ethernet.  And yes, I do understand your lack of
firewall - maybe I replied a bit too fast, but in my mind connecting a
windows box without firewalling is a misconfiguration  :)   Point
accepted that there is a problem though.



donnie

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: