Re: win xp firewall

From: Marshall Place (punktdawg@cox.net)
Date: 05/07/02 

From: "Marshall Place" <punktdawg@cox.net>
Date: Tue, 07 May 2002 18:11:29 GMT

"ThePsyko" <thepsyko@itookmyprozac.com> wrote in message
news:Xns9206AD73C8E9EIWishIWas@marashouse.org...
> On 06 May 2002 in that fucked up hellhole known as
> alt.hackers.malicious, an identity claiming to be Marshall Place spewed
> forth news:FJzB8.33819$9c5.1330353@news2.west.cox.net:
>
> > Even if you automated it using a batch the net send cmd will not crash
> > a computer. Trust me a friend of mine and I tested it. The messenger
> > service is mainly for people on large scale networks so admins can
> > notify when the network is going down, etc. If you are just on the
> > internet you don't need the service to be on but to go as far as to
> > say it's a security flaw is the thought of somebody with a script
> > kiddie mindset and doesn't understand what the cmd and service is used
> > for. So microsoft turned it on by default woopidy do, that doesn't
> > mean it wasn't there before. Just disable the service.
> >
> > All well,
> > Marshall
> >
>
> Hiya marshall... by definition, a Denial of Service "attack" doesn't have
> to crash the system, just interfere with the users ability to utilize
> system resources. Closing popup after popup would, IMO, qualify since
> you really can't get anything done with popups constantly coming to the
> foreground. I also never referred to it in particular as a 'security
> flaw' - my statement was that if a "firewall" is coded to let those
> packets through, what else is it letting through? How well do you trust
> MS ?? My entire point was that I personally don't trust the XP *cough*
> firewall...
>
> The problem with the messenger service being 'on' by default is that most
> people don't realize it's there, what it's for, or how to disable it. It
> didn't matter before because it was only included in NT and 2K.. not
> exactly your typical "home user" platforms (which XP is marketed as).
>
> And on a side note, the XP "firewall" does not, in any way, on any level,
> filter IPv6 traffic... and M$ designed it that way on purpose.. why? I
> dunno.. they had their reasons.. and that's good enough for me to not
> trust the XP firewall...
>
> --
> ThePsyko
> Public Enemy #7
> "God told me to skin you alive"
>
> http://prozac.iscool.net

The firewall is not ment to block services that are already on. Granted it
is not sufficient security it is still security.
As for Vinny's response you're right most people don't know what services
are. much less how to turn them off. Endless popups on individual's comps is
not a security concern. It is a loophole that script kiddie pranksters will
use. If someone's marriage results in a divorce due to net sends there's
obviously already some serious trust issues going on. There are people
trading valid credit card numbers on IRC and you are worried about net send
messages and XP's crappy built in firewall, which on previous OS's they
didn't even include any security. I don't know I am not defending Microsoft
but hell it just doesn't seem like that big of a deal, when attachments
could be executed through outlook without the user doing anything, that
seemed like a big deal. Net send messages. We'll live, nothing is damaged.
Let the kiddies have their laughs. Maybe if they do enough, they will grow
up.