Re: Pop-ups, Pop-ups, etc. only on XP

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 07/15/03 

Date: Tue, 15 Jul 2003 19:59:32 GMT

In article <q2BQa.52514$OZ2.9275@rwcrnsc54>, "Justin Rovang"
<thinice@programmer.net> wrote:
>Yes, a patch for messenger so outside IP's cannot utilize it in a malicous
>manner;

You obviously haven't run a network monitor scan on the packets that come in
- they're forged, and so the source address is not necessarily outside of
your network. Any patch that works the way you suggest would occasionally
pass through messages - an unreliable patch is no patch at all.

>"It is not needed since adequate tools have always been a part of Windows
>XP.";
>Are you saying the Messenger service is not needed? Please clarify;

A patch to the Messenger service is not needed, because there's a firewall
in Windows XP.

>Adquate tools? I'd rather not enable ICF because I'm running a webserver;

A web server that isn't behind a firewall is a risk waiting to happen. You
don't have to enable ICF - you could use whatever firewall is built into
your router. Just make sure that you block all ports except for those that
your web server uses (80, 443, usually). I don't recommend allowing all
ports except those known to be a problem, because that's historically proven
to be a bad security methodology.

>And I'd rather not disable Messenger service because it comes in handy for
>it's purpose.
>I do have a firewall but it still doesn't block this misuse;
>which brings on a question... can I allow/disallow specific ports in WinXP
>without installing a 3rd party app?

Your firewall doesn't block this? Your firewall is, to put it blankly, not
much of a firewall. Now, if you're saying that you don't know how to
configure it to block this, then that's one matter, but if your firewall
can't be configured to refuse all incoming data except for those on a few
acceptable ports, then it's useless.

Even little old ICF can be configured to accept or reject packets on certain
ports.

Alun.
~~~~

Relevant Pages

  • Re: problems with KB951746
    ... Blocking legitimate IP addresses responding on ports the ... using the net will cause the firewall to block IPs more rapidly. ... I doubt the patch, or SBS, is the problem here. ... tried different forwarders, different DNS servers, and root hints only. ...
    (microsoft.public.windows.server.sbs)
  • Re: problems with KB951746
    ... Blocking legitimate IP addresses responding on ports the firewall doesn't expect will cause problems. ... What I suspect is happening is that the patch is doing what it is supposed to do. ... It is also possible, but less likely, that your ISP's DNS servers are misconfigured and are unable to reply on odd source ports. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Messenger Firewall Ports
    ... Die Grundfunktion des Windows Messenger ist ok, ... >> der Fritz Router Firewall nicht freigegeben sind. ... >> welche Ports der Windows Messenger bzw. der MSN Messenger benötigen. ... Der Funktionsumfang von UPnP kann in den erweiterten Einstellungen der ...
    (microsoft.public.de.security.heimanwender)
  • Re: A question about file transfer
    ... Win Messenger does not need to detect that or need to translate the IP. ... if the ports are not blocked by a firewall. ... Only Admin accounts ...
    (microsoft.public.windowsxp.messenger)
  • Re: Blocking IM servers
    ... it needs tcp and udp over all the dynamic ports. ... However, it can be configured to use "blind" proxy, i.e. specifying http ... proxy behind my linksys firewall router so that it doesn't want the other ... Like MSN Messenger, it can be configured to use "blind" http proxy, see ...
    (comp.security.firewalls)