Re: Wish list

On Thu, 01 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
<f9idnSSPNdWtzRLeRVn-sQ@xxxxxxxxxx>, Newsbox wrote:

Follow up

>You are undoubtedly 100% correct. I was looking for a fairly easy, quick
>and accurate way to specific information. Your generalization is
>at least fast and correct, I believe.

[stuff tends to morph]. Normally, I don't bother about this, as the
firewall blocks UDP, and I don't offer any services to the Internet from
home. At work, I am not the firewall guy, and don't even have a login on
the firewalls. None the less, the windoze anti-virus providers, and SANS
tend to have lists that are not to far out of date. A google search will
often pick them up within a day or so of the outbreak.

The IANA port list (http://www.iana.org/assignments/port-numbers) which
is where your /etc/services file originally came from, is pretty much
useless. Malware authors do not register the ports they are using with
IANA, and there is nothing that _requires_ this service to use only that
port number. Likewise, a packet on port $FOO does not mean that it can only
be for service $BAR. A co-worker had his SSH server listening on port 70
until his ISP decided to block all servers (translates to "block all below
1024"), when he moved it to something near 31000.

>You did seem to manage to misunderstand what I did feel I wrote clearly,
>so I'm assigning you a share equal to any of my own for any misunderstanding.

I can accept that - you waved a flag in front of me - I charged. My bad.

>The woman I "love" likes to use e-mail, go shopping on-line and surf the
>web. She likes to use Microsoft Windows OS's, uses Windows at work, and
>doesn't feel comfortable with my *nix systems. And I want her to be happy.

Does she accept the idea of using something other than Internet Explorer
and Outlook Express? I no longer have a copy, but about 2 years ago, CERT
put out a recommendation to avoid using either. I'm told there are ways
that these can be made a little less risky to use, but it's only a degree of
reduction, not an absolute. Messenger spam (remember, I stopped using
windoze in 1992) supposedly is easy to fix:

-----------------
What you're seeing is the built-in Messenger service in NT/Windows 2000 and
XP for sending quick "pop up" messages across networks which spammers are
exploiting. This is not Microsoft, nor can they can control it anymore then
they can control the spam arriving in your e-mail. It's a "feature" that
Microsoft assumes you wanted, just as sharing your hard drive by default
with the world. If you don't want these messages to come up again, you can
stop this from happening by going to the Control Panel, choose Administrative
Tools (if you're using XP, you may have to click Classic View on the left).
Double-click Services, and Scroll down to "Messenger", select it, right-click
and then choose Properties. Under startup type, choose disabled and then
choose the 'Stop' button. After the service is stopped, click OK.
------- also seen as -----
Disable messenger service.
In Settings->Control Panel->Administrative Services, select Computer
Management->Services. In the right panel, right click on Messenger,
select Properties, disable it in the drop down list, click OK out.
------- also seen as -----
In Win9x, you just rename or delete the RPCSS.EXE file. Which is a
good idea anyway for variety of reasons.
-----------------

>I think you know where this is going, which is that all of these random
>attacks are interfering with my peace of mind and domestic tranquility,
>and cutting heavily into my free time. In short, Sir Moe, I am motivated.

Despite the cut-and-pastes above, I'm not into windoze, and and not the
person to advise how to configure it (other than the classic "insert a
Linux CD, and boot - you've already said that's not viable). There is
only so much you can do from the blocking end of things. If you are not
using an email filtering tool to clean stuff up before it gets handed to
a windoze box, there will be windoze problems. Yes, you can firewall to
block the ping of death or it's modern replacements, but this can't
compensate for actions of the user.

Old guy
.