Re: Source Code to Filter out WindowsMessenger POP-UPS
From: douglas martin (dsmrtn_at_pacbell.net)
Date: 08/30/03
- Next message: Jerry III: "Re: microsoft update website"
- Previous message: Yogita Manghnani [MSFT]: "RE: iis 5 authentication issue"
- In reply to:(deleted message) Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Next in thread: Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Reply:(deleted message) Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Reply: James Arrow: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 15:56:52 -0700
Okay, I've closed and am testing the ports you suggested
and will see if I lose anything besides the annoying
POPUPS. I spent probably 2-3 weeks over a very very long
time to get the details I did get about the ports and none
of them said anything about just 25 and 443 (or 80 if you
chose).
Yes, my Exchange server is MSDN/Dev only - which is how I
use it. It does not act as a relay server - at least
according to 3rd party test sites. But I review my logs
daily - and I see people trying, and I block them as I
find them. Course, my ISP (very big ISP) has been shut
down several times by AOL for allowing some of their mail
servers to act as relays.
And I do understand everyones concern about real DMZ's and
Firewalls. To that I will just add that REAL security -
sleep at night security - requires a real
hardward/software/support budget - which exceeds my self
appropriated self-education budget. But I'm an
applications developer, not a lan, dba, or security guy.
I know just enough to, so far, keep my system secure
(something the company I work for has yet to do and it was
in the top 10 nationwide for profitability last year and
they have a huge hardware/software/support budget for
security). There is something wrong when your
Firewall/DMZ setup has more hardware and PC's than behind
the firewall.
So, so far, I think my little setup has been holding its'
own by comparison to the major companies I either work for
or do business with.
But I disagree that it is wrong or a bad idea to have
source code that performs the functions I requested. As I
stated, a 3rd party company already offers a solution as a
black box - and if you didn't know what it did, you
wouldn't know you got taken advantage of. If I was
wearing my 'security guy' hat I might take your position.
If this was my wife's LAN and I was the security guy I
WOULD take your position. But I'm trying to wear
my 'developer guy" hat more than my 'security guy'
and 'lan guy' hats. And that guy wants to try and test a
source code solution.
Some day I might be looking at a job openning requesting
experience on something like this. It is just that simple.
doug
>-----Original Message-----
>In article <0da501c36e48$06bc99f0$a501280a@phx.gbl>,
>says...
>> I have searched and searched, but I probably just don't
>> know the vocabulary for searching for code that lets me
>> leave a port "open" like Port 80 or Port 135-139 which
I
>> have open on my little lab\lan at home.
>>
>> I am looking for a source code solution, not another
>> firewall, not a 3rd party utility.
>>
>> I'm running Win2K server with Exchange 2000 (amoung
>> others) and need the ports open for external mail.
>
>You DO NOT need those ports open to run Exchange 2000
server. You only
>need to map an INBOUND port 25 to the E2K box to allow
inbound email,
>and then use OWA on the E2K box and port 443 (SSL) to get
access to your
>email from outside the LAN. So, in order to do what you
want, you only
>need to open 25 and 443 inbound to access MS Exchange
from outside your
>lan. If you don't want to use SSL (and god knows why
anyone would not
>want too, it's sooo easy to setup for OWA) you could map
port 80 inbound
>to the E2K server.
>
>Opening the other ports just means you are a LARGE TARGET.
>
>One other thing, unless you have a fixed IP and keep the
server blocked
>from open relay, you will be black listed and most ISP's
will block any
>mail you send from your E2K box using RBL lists.
>
>[snip]
>
>> I have a LinkSys Firewall, but it doesn't offer
granular
>> filtering - port is open port is closed. Also I am
>> limited to 12 ranges of Ports, no more. Given very few
>> Ports are in sequence, so I eat 1 range per port
mostly.
>> They go quick.
>
>Again, with the Linksys, you only need to allow 25, 80,
443 inbound to
>the E2K server in order to GET email (port 25) and to
access it from
>outside your network (80/443).
>
>[snip]
>
>> I own and can install ISA server, but jezzzz - like
using
>> a wrecking ball when you just want a hammer.
>
>If you are running E2K from the MSDN, then it's only a
TEST/DEVELOPMENT
>server and can not be used for Production use. You should
have a
>firewall, a true firewall, in front of the E2K server. In
fact, I would
>put it in the DMZ in your case.
>
>> So far everyone wants me to solve the problem with
>> hardware or software turnkey solutions.
>
>That would be because we know what we are talking about
and have years
>of experience designing networks and solutions for small
businesses.
>
>> Now add into this the root cause of my irratation being
>> those clowns that send POP-UPs that they admit are
>> annoying and I have to cough up $25 to have then send
me a
>> tool to disable my Messenger service....!!!!
>
>Since you ONLY NEED 25, 80, 443 OPEN INBOUND, your
problem will go away
>of you close 135~139 and you won't have to do anything
else.
>
>> Why doesn't MS have a sample download for this type of
>> code?
>
>Because what you are wanting is not a good idea in any
manner. There are
>already products (Firewalls) available for this. If you
could take a few
>minutes to understand why you DON'T NEED TO OPEN 135~139
INBOUND you
>would not be asking for this.
>
>Mark
>
>--
>--
>spamfree999@rrohio.com
>(Remove 999 to reply to me)
>.
>
- Next message: Jerry III: "Re: microsoft update website"
- Previous message: Yogita Manghnani [MSFT]: "RE: iis 5 authentication issue"
- In reply to:(deleted message) Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Next in thread: Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Reply:(deleted message) Leythos: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Reply: James Arrow: "Re: Source Code to Filter out WindowsMessenger POP-UPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
