Re: Message Service Pop up's
From: Lanwench [MVP - Exchange] (lanwench@heybuddy.donotsendme.unsolicitedmail.yahoo.com)
Date: 12/01/02
- Next message: Lanwench [MVP - Exchange]: "Re: Unwanted trashy sex e-mail"
- Previous message: Lanwench [MVP - Exchange]: "Re: Re-selling product"
- In reply to: Jerry Benton: "Re: Message Service Pop up's"
- Next in thread: Bill Sanderson: "Re: Message Service Pop up's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmail.yahoo.com> Date: Sun, 1 Dec 2002 12:41:12 -0500
Why not just close all ports by default, then enable any you may need open,
if there are any you truly need?
"Jerry Benton" <jcbenton@atsugi.navy.mil> wrote in message
news:1885901c2959d$d0aa21d0$8df82ecf@TK2MSFTNGXA02...
> The messenger services uses the following ports:
>
> UDP
> 135,137,138
> TCP
> 135,139,445
>
>
> >-----Original Message-----
> >
> >"Max Burke" <mlvburke@%$%#@.nz> wrote in message
> >news:#qPgJBnkCHA.2616@tkmsftngp10...
> >
> >> > image that my firewall or Router would protect us
> from this
> >> > happening. If anything I would like to close the
> port on which this
> >> > message is coming from. Is it internal or external?
> Why does it
> >> > target this one particular machine? How can I get
> rid of it? Can
> >> > anyone offer me any suggestions? Thanks....
> >
> >Your firewall isn't protecting you very well. This is a
> big vulnerability.
> >Which firewall are you using, and what is it configured
> to permit into your
> >network? Usually your firewall should be configured to
> block everything
> >originating from the internet [unless you have a web
> server or other server
> >you need to permit] and also block everything outbound
> except for those
> >services you want to permit. You should check your
> firewall logs from the
> >time of the attack to see what if anything was let in and
> why. Get support
> >from your firewall manufacturer or a support group for
> it, check the
> >settings and/or consider a different firewall.
> >
> >> Spammers have found a way to use the messenger service
> in NT, W2K, and
> >> XP to send spam....
> >> See:
> >> http://www.auburn.edu/oit/security/messengerService.html
> >
> >You really need a firewall. Just disabling the Messenger
> service like some
> >web sites recommend leaves your computer wide open.
> Firewalls like
> >www.sygate.com are free. Others are at
> >http://securityadmin.info/faq.htm#firewall
> >
> >> Another way to stop the spammers using the messenger
> service is to block
> >> access to the Internet for the service.
> >>
> >> I let the service run automatically, but have blocked
> it's access to the
> >> internet with my firewall (Zonealarm); That means it
> still runs on my
> >> network and can be used to send messages to other
> users, but cant get
> >> spam messages from the internet....
> >
> >I'm not sure blocking the messenger service from
> accessing the internet
> >would help. During this sort of spam, the messenger
> service on your
> >computer isn't trying to get out, a transmission on port
> 135 is trying to
> >get in. The typical method for blocking this sort of
> thing is to block
> >incoming messages by port number and not block a
> particular executable or
> >windows service on your computer by name.
> >
> >
> >
> >
> >.
> >
- Next message: Lanwench [MVP - Exchange]: "Re: Unwanted trashy sex e-mail"
- Previous message: Lanwench [MVP - Exchange]: "Re: Re-selling product"
- In reply to: Jerry Benton: "Re: Message Service Pop up's"
- Next in thread: Bill Sanderson: "Re: Message Service Pop up's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
