Re: on-line Messenger Service exploitation in Windows XP

From: Alun Jones (alun@texis.com)
Date: 12/12/02 

From: alun@texis.com (Alun Jones)
Date: Thu, 12 Dec 2002 22:01:08 GMT

In article <evnd2GhoCHA.2392@TK2MSFTNGP12>, "Gary Flynn" <flynngn@jmu.edu>
wrote:
>The problem is a service allowing unauthenticated, unsolicited connections.
>Removing the service solves the problem.

Removing the service is beneficial if there is likely to be an attempt to
access the service from inside the firewall - you're obviously in such an
environment. I'm sitting in an office with eight computers, and one
co-worker. For Microsoft's smaller customers, and especially home users, this
is not going to be the source of any problems.

>Adding a firewall covers it up...like bandaid covering up a port.

Adding a suitably-configured firewall prevents incoming traffic on the
NetBIOS-over-IP ports. As such, it prevents outside access to other services
far more worrisome than just Messenger (which is irritating, but unless you do
everything your computer tells you to, unlikely to be a real security risk).

So, there is no "one-size-fits-all" solution. To most people who would have
to ask how to close down the hole, a firewall (or even just a decent NAT
router) will prevent unsolicited Messenger ads, as well as having the added
opportunity of preventing network shares from being open to the world.

Stopping the Messenger service, while it does stop the ads, doesn't get you
past the problem that you've apparently got an unfettered path into ports that
are traditionally very weakly protected, and have access to important system
services.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Relevant Pages

  • Re: Application Popup Messenger Service SPAM
    ... NO NO NO. Use a firewall. ... It is not a bad idea to also disable the Messenger service, ... Messenger Service pop-ups] on my computer? ... Using a firewall and disabling NetBIOS is still strongly recommended. ...
    (microsoft.public.win2000.security)
  • Re: Re: Help loggin onto messanger
    ... That won't matter, the Windows XP firewall only blocks incoming connections, not outgoing ... Microsoft MVP - Windows Messenger/MSN Messenger ... All posts unless otherwise specified are 2005 Jonathan Kay. ... If your password information is not saved, verify that you are ...
    (microsoft.public.windowsxp.messenger)
  • Re: Connection Conflicts.
    ... Up until around August or around there my Yahoo Messenger worked fine but stopped when I tried to upgrade to the next messenger. ... Joe, Thanks for the input but it didn't work. ... Try disabling the firewall. ... Click Start, Run, type SFC /SCANNOW, click OK. ...
    (microsoft.public.windowsxp.general)
  • Re: MSN Messenger 7.5 not working
    ... > at least until you can restore your normal Messenger functionality: ... If your password information is not saved, verify that you are typing ... If you use a firewall (like ZoneAlarm, Norton Internet Security ...
    (microsoft.public.windowsxp.messenger)
  • Re: POP-UPS!!
    ... > are related to this topic strongly advocates the need for a firewall. ... > I was referring strictly to the topic of the Messenger Service. ... Firewall and disable the Messenger Service in Windows XP to help protect ... I have no problem with people disabling messenger if they don't need it on ...
    (microsoft.public.windowsxp.security_admin)