Re: pop up ads
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/04/02
- Next message: Pierre Courtois: "Re: Certificate service problem"
- Previous message: Karl Levinson [x y] mvp: "Re: enable security"
- In reply to: Joseph Sarosy: "Re: pop up ads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Wed, 4 Dec 2002 16:55:54 -0500
Did you read http://securityadmin.info/faq.htm#pop-ups ? The answer is
described there.
You can disable the Messenger service, but if you do, your computers are
still vulnerable to anonymous login ID enumeration from the internet. If
you don't want a firewall in front of these machines [which IMHO is crazy,
especially where you don't already know forwards and backwards how to harden
a windows computer and keep it hardened], you could disable Client for
Microsoft Networks and/or Netbios over TCP/IP on the internet-facing network
interface, and/or set the RestrictAnonymous registry value to 2 [search
www.microsoft.com/support for RestrictAnonymous for more information],
and/or use IPSec or TCP/IP Filtering or personal firewall software or a 3com
network card with integrated firewall and/or the upstream router to block
TCP and UDP 135 through 139 and 445 [or better yet, every port from 0 to
65535 TCP and UDP except for those that you are specifically using]. I am
personally not crazy about IPsec and TCP/IP filtering features that come
with Windows, as there is no logging, alerting or intrusion detection, which
makes it hard to troubleshoot when it is blocking a certain app from working
and hard to research
Then, you should continue hardening your servers using the instructions and
checklists below, because there are other vulnerabilities:
http://securityadmin.info/faq.htm#firewall [also describes how to enable
IPsec or TCP/IP filtering features of Windows if you choose to use those]
http://securityadmin.info/faq.htm#harden
Among other hardening techniques listed at the URLs above, I would highlight
the free file checking software at www.gfi.com... very helpful in detecting
intrusions, and it's free.
Really the best solution is to use a combination of all of the above, in
order to achieve defense in depth.
"Joseph Sarosy" <jsarosy@hotmail.com> wrote in message
news:ON3lDO7mCHA.672@TK2MSFTNGP08...
> Thanks for the info and we actually do have a firewall, but we have a
couple
> of servers that we want exposed to internet. Any idea how to block the
> specific problem?
> "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
> news:ucr0UZ6mCHA.1604@TK2MSFTNGP08...
> >
> > "Joseph Sarosy" <jsarosy@hotmail.com> wrote in message
> > news:eyoRLU6mCHA.1256@TK2MSFTNGP12...
> > > We have a few windows 2000 servers that are multi homed to our
internal
> > > network and to the internet with public IP addresses. Recently, we
have
> > been
> > > receiving numerous pop up ads on them through the windows messaging
> > service.
> > > How can I prevent this? I still want internal messages to get through.
> >
> > You really really really should have some sort of firewall between your
> > computers and the internet. With your current setup, hackers can
probably
> > connect to your computer, get lists of the login IDs and share names on
> your
> > computer and start guessing passwords to login. Firewalls are cheap or
> > free, so there's no excuse not to. Here are some free and not-free
> options:
> >
> > http://securityadmin.info/faq.htm#firewall
> >
> > More information:
> > http://securityadmin.info/faq.htm#pop-ups
> > http://securityadmin.info/faq.htm#harden
> >
> >
> >
> >
>
>
- Next message: Pierre Courtois: "Re: Certificate service problem"
- Previous message: Karl Levinson [x y] mvp: "Re: enable security"
- In reply to: Joseph Sarosy: "Re: pop up ads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
