Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service
From: Neil McKellar (mckellar_at_telusplanet.net)
Date: 07/18/03
- Previous message: Tri Huynh: "[Full-Disclosure] RAV Antivirus : Buffer Overflow in Online Scanning ActiveX"
- Maybe in reply to: morning_wood: "[Full-Disclosure] Odd Behavior - Windows Messenger Service"
- Next in thread: Philip Stortz: "Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 17 Jul 2003 23:39:22 -0600
Please be patient with me while I work through this a bit. I want to be
sure I understand.
In morning_wood's original post, he said:
> Windows® networking ( TCP) and messenger service are both initialized
> before any user/admin login has taken place, and are remotely
> accessable
He went on to describe getting some Messenger spam before he's even
logged in. It's true that Messenger is a dog. And in another message,
morning_wood says:
> my post is in regaurd of Windows Messenger being accessable witthout
> any interactive login to take place
Given what Messenger typically gets used for, I don't think that's a bad
question.
But then we get this, and morning_wood isn't the only one suggesting this:
> imho it is iresponsible default behaivor for a workstation OS to
> allow remote resources / services / enumeration before any
> interactive user or administrative login.
So suppose. You're on a local network with a central authentication
service of some kind. Maybe it's a Windows domain controller, maybe
it's NIS+, maybe it's Kerberos. Whatever.
Now, we've decided to follow your advice and *not* enable any remote
resources/services/enumeration before login. Just to be clear, is there
a TCP stack yet or is this a 'resource' or 'service'? How do I actually
*do* the login against the remote authentication service without
activating some kind of service before the login?
I'm also curious about what exactly we mean by 'workstation'? If
'workstation' is a stand-alone computer and necessary peripherals (ie.
hard drive, monitor, etc.), then maybe for some value of "no services"
we can successfully get the user logged in.
If we also inlcude diskless workstations or thin-clients that boot off
the network or terminal clients (X-terminals/Windows Terminal Server),
this becomes much harder. These machines *need* to be running services
and network connected just to get booted up and display a login prompt.
I'm asking because I want to be clear about what morning_wood and others
are suggesting should be the default. If I've misunderstood, please
explain yourselves. I'm just going on what I see here.
If we're actually nitpicking about *which* services should be running,
then I think you're preaching to the choir here. :-) Yes, a lot of
stuff gets turned on by default that *nobody* needs and certainly not on
a workstation. True of a lot of Linuxes, Unixes, and Windows boxes.
-- Neil (mckellar@telusplanet.net) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Tri Huynh: "[Full-Disclosure] RAV Antivirus : Buffer Overflow in Online Scanning ActiveX"
- Maybe in reply to: morning_wood: "[Full-Disclosure] Odd Behavior - Windows Messenger Service"
- Next in thread: Philip Stortz: "Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
