Re: Source Code to Filter out WindowsMessenger POP-UPS

From: James Arrow (netw0rk_at_rol.ru)
Date: 08/30/03


Date: 30 Aug 2003 00:02:09 -0700


LanTalk XP
http://www.lantalk.net

"douglas martin" <dsmrtn@pacbell.net> wrote in message news:<05b401c36e80$d65a57a0$a301280a@phx.gbl>...
> Okay, I've closed and am testing the ports you suggested
> and will see if I lose anything besides the annoying
> POPUPS. I spent probably 2-3 weeks over a very very long
> time to get the details I did get about the ports and none
> of them said anything about just 25 and 443 (or 80 if you
> chose).
>
> Yes, my Exchange server is MSDN/Dev only - which is how I
> use it. It does not act as a relay server - at least
> according to 3rd party test sites. But I review my logs
> daily - and I see people trying, and I block them as I
> find them. Course, my ISP (very big ISP) has been shut
> down several times by AOL for allowing some of their mail
> servers to act as relays.
>
> And I do understand everyones concern about real DMZ's and
> Firewalls. To that I will just add that REAL security -
> sleep at night security - requires a real
> hardward/software/support budget - which exceeds my self
> appropriated self-education budget. But I'm an
> applications developer, not a lan, dba, or security guy.
> I know just enough to, so far, keep my system secure
> (something the company I work for has yet to do and it was
> in the top 10 nationwide for profitability last year and
> they have a huge hardware/software/support budget for
> security). There is something wrong when your
> Firewall/DMZ setup has more hardware and PC's than behind
> the firewall.
>
> So, so far, I think my little setup has been holding its'
> own by comparison to the major companies I either work for
> or do business with.
>
> But I disagree that it is wrong or a bad idea to have
> source code that performs the functions I requested. As I
> stated, a 3rd party company already offers a solution as a
> black box - and if you didn't know what it did, you
> wouldn't know you got taken advantage of. If I was
> wearing my 'security guy' hat I might take your position.
> If this was my wife's LAN and I was the security guy I
> WOULD take your position. But I'm trying to wear
> my 'developer guy" hat more than my 'security guy'
> and 'lan guy' hats. And that guy wants to try and test a
> source code solution.
>
> Some day I might be looking at a job openning requesting
> experience on something like this. It is just that simple.
>
> doug
>
>
> >-----Original Message-----
> >In article <0da501c36e48$06bc99f0$a501280a@phx.gbl>,
> >says...
> >> I have searched and searched, but I probably just don't
> >> know the vocabulary for searching for code that lets me
> >> leave a port "open" like Port 80 or Port 135-139 which
> I
> >> have open on my little lab\lan at home.
> >>
> >> I am looking for a source code solution, not another
> >> firewall, not a 3rd party utility.
> >>
> >> I'm running Win2K server with Exchange 2000 (amoung
> >> others) and need the ports open for external mail.
> >
> >You DO NOT need those ports open to run Exchange 2000
> server. You only
> >need to map an INBOUND port 25 to the E2K box to allow
> inbound email,
> >and then use OWA on the E2K box and port 443 (SSL) to get
> access to your
> >email from outside the LAN. So, in order to do what you
> want, you only
> >need to open 25 and 443 inbound to access MS Exchange
> from outside your
> >lan. If you don't want to use SSL (and god knows why
> anyone would not
> >want too, it's sooo easy to setup for OWA) you could map
> port 80 inbound
> >to the E2K server.
> >
> >Opening the other ports just means you are a LARGE TARGET.
> >
> >One other thing, unless you have a fixed IP and keep the
> server blocked
> >from open relay, you will be black listed and most ISP's
> will block any
> >mail you send from your E2K box using RBL lists.
> >
> >[snip]
> >
> >> I have a LinkSys Firewall, but it doesn't offer
> granular
> >> filtering - port is open port is closed. Also I am
> >> limited to 12 ranges of Ports, no more. Given very few
> >> Ports are in sequence, so I eat 1 range per port
> mostly.
> >> They go quick.
> >
> >Again, with the Linksys, you only need to allow 25, 80,
> 443 inbound to
> >the E2K server in order to GET email (port 25) and to
> access it from
> >outside your network (80/443).
> >
> >[snip]
> >
> >> I own and can install ISA server, but jezzzz - like
> using
> >> a wrecking ball when you just want a hammer.
> >
> >If you are running E2K from the MSDN, then it's only a
> TEST/DEVELOPMENT
> >server and can not be used for Production use. You should
> have a
> >firewall, a true firewall, in front of the E2K server. In
> fact, I would
> >put it in the DMZ in your case.
> >
> >> So far everyone wants me to solve the problem with
> >> hardware or software turnkey solutions.
> >
> >That would be because we know what we are talking about
> and have years
> >of experience designing networks and solutions for small
> businesses.
> >
> >> Now add into this the root cause of my irratation being
> >> those clowns that send POP-UPs that they admit are
> >> annoying and I have to cough up $25 to have then send
> me a
> >> tool to disable my Messenger service....!!!!
> >
> >Since you ONLY NEED 25, 80, 443 OPEN INBOUND, your
> problem will go away
> >of you close 135~139 and you won't have to do anything
> else.
> >
> >> Why doesn't MS have a sample download for this type of
> >> code?
> >
> >Because what you are wanting is not a good idea in any
> manner. There are
> >already products (Firewalls) available for this. If you
> could take a few
> >minutes to understand why you DON'T NEED TO OPEN 135~139
> INBOUND you
> >would not be asking for this.
> >
> >Mark
> >
> >--
> >--
> >spamfree999@rrohio.com
> >(Remove 999 to reply to me)
> >.
> >



Relevant Pages

  • Re: LISTENING, ESTABLISHED, CLOSE_WAIT TCP Ports & UDP Ports?
    ... properties of a process and it will show you what tcp/ip ports and services ... Beyond that I suggest you read the Windows 2003 Server Security Guide to see ...
    (microsoft.public.windows.server.security)
  • Re: Dropping syn+fin replies, but not really?
    ... Now we're required to run external security scans on some of the hosts, and they constantly come back with a "high" or "medium" severity problem: The host replies to TCP packets with SYN+FIN set. ... Since when did "pound ssl proxy" equal "aladdin web server"? ... You can let tcpdump only show specific ports and source/destination ...
    (FreeBSD-Security)
  • Re: DMZ & Security
    ... > yes, deployement price, security level (depending what ... > open ports... ... > case what sense has my DMZ? ... if I have a web server on DMZ that have to access sqlserver database ...
    (microsoft.public.security)
  • Re: OWA in DMZ
    ... security substantially by opening ports that allow malware access into your ... AD and security infrastructure. ... Exchange 2003 server in your DMZ is tantamount to militarizing it. ...
    (microsoft.public.exchange.admin)
  • Re: Security network audit
    ... you described Disaster recovery plan, but I need security audit, which means ... check my server issues and investigate for black holes, ... if a security company picks it up at the end of the day ... windows updates on all computers, check for open ports, ...
    (microsoft.public.windows.server.general)