Messenger Service Pop Ups

Hi

Does anyone know which UDP and TCP ports I need to block
to stop these messenger service pop-ups??

I have Norton firewall installed, but just need to know
what to block as it does not prevent theses messages by
default.

thanks in advance for your time

Ad

Greetings --

Use the firewall to ensure UDP ports 135, 137, and 138 and TCP
ports 135, 139, and 445 are _all_ blocked. You may also disable
Inbound NetBIOS (NetBIOS over TCP/IP). You'll have to follow the
instructions from firewall's manufacturer for the specific steps.


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Adam" wrote in message
...
Hi

Does anyone know which UDP and TCP ports I need to block
to stop these messenger service pop-ups??

I have Norton firewall installed, but just need to know
what to block as it does not prevent theses messages by
default.

thanks in advance for your time

Ad

Greetings --

Please stop deliberately posting potentially harmful advice.

Disabling the messenger service is a "head in the sand" approach
to computer security that leaves the PC vulnerable to threats such as
the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Zane" wrote in message
news
Go to control panel
administrative tools
computer management
expand services and applications
click services
double click messenger
change startup type to disabled

On Thu, 16 Oct 2003 19:05:15 -0600, "Bruce Chambers"
wrote:

Greetings --

Please stop deliberately posting potentially harmful advice.

Disabling the messenger service is a "head in the sand" approach
to computer security that leaves the PC vulnerable to threats such as
the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

You are wrong. See the recent MS security bulletin:

http://www.microsoft.com/technet/tre...n/ms03-043.asp

As I have suggested OVER and OVER and OVER again, you need to disable
services that you don't need. Several, including you, asserted that I
was being ridiculous in suggesting that there just might be a
vulnerability in the Messenger service that could expose your system
as vulnerable. Now we know that it has been true. If somebody got
past your firewall, they could own your system simply if you were
running the Messenger service. The great risk involved in running it
when it's not needed is far greater than the trivial value that it
provides by being a "security alert". There are much better tools to
use for security alerts than a vulnerable, unneeded service running.



---------------------------------------
What could possibly go wrong?

Greetings --

Apparently, you're completely unfamiliar with the term
"workaround." The KB article you cite recommends disabling the
messenger service as a *workaround,* only until the necessary patch
has been certified for the user's specific environment. No where does
the KB article even imply, much less state, that disabling the
messenger service is, in and of itself, any kind of real solution.

And at no time did I say anyone was being "ridiculous" for
advising people to _only_ turn off the messenger service and take no
other precautions; deliberately malicious or dangerously misinformed,
certainly, but never "ridiculous."


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Kevin Davis³" wrote in message
...

You are wrong. See the recent MS security bulletin:


http://www.microsoft.com/technet/tre...n/ms03-043.asp

As I have suggested OVER and OVER and OVER again, you need to
disable
services that you don't need. Several, including you, asserted that
I
was being ridiculous in suggesting that there just might be a
vulnerability in the Messenger service that could expose your system
as vulnerable. Now we know that it has been true. If somebody got
past your firewall, they could own your system simply if you were
running the Messenger service. The great risk involved in running
it
when it's not needed is far greater than the trivial value that it
provides by being a "security alert". There are much better tools
to
use for security alerts than a vulnerable, unneeded service running.



---------------------------------------
What could possibly go wrong?

On Fri, 17 Oct 2003 10:26:32 -0600, "Bruce Chambers"
wrote:

Greetings --

Apparently, you're completely unfamiliar with the term
"workaround."

You just don't get it, do you?

Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.

You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.

Now that MS has provided the patch, everything is great and that
service is bulletproof, right. No way in the world that there are any
additional vulnerabilities in that service, right?

That clearly would be a deluded point of view that points to someone
who refuses to learn from the past.

Again, this vulnerability drives home the important point - If you
don't need the service, turn it off.

By refusing to acknowledge this very basic security tenet, you are
distributing bad security advice and undermining your credibility in
regards to the topic of security.



---------------------------------------
What could possibly go wrong?

On Fri, 17 Oct 2003 10:26:32 -0600, "Bruce Chambers"
wrote:

Greetings --

Apparently, you're completely unfamiliar with the term
"workaround." The KB article you cite recommends disabling the
messenger service as a *workaround,* only until the necessary patch
has been certified for the user's specific environment. No where does
the KB article even imply, much less state, that disabling the
messenger service is, in and of itself, any kind of real solution.

This is also an incorrect interpretation of the article, IMO. MS's
RECOMMENDATION (not "workaround"):

Recommendation: Customers should disable the Messenger Service
immediately and evaluate their need to deploy the patch

This means:

1. Disable the service
2. Evaluate you need for the service to be running ("evaluate the
need to deploy the patch")
3. Deploy the patch if you need the service.
4. Turn the service back on if you need the service.
5. If you don't need the service, don't turn it back on.



---------------------------------------
What could possibly go wrong?

In article , Kevin Davis³ wrote:
You just don't get it, do you?

I don't think you understand the situation well enough to make that call.

Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.

That is correct. It terminates one service that spends the majority of its
time telling you that your firewall is non-existent or non-functional. That
provides little additional security, and possibly even gives the user a
false sense that simply disabling the Messenger Service has saved him from
all the nastiness that the Internet has to offer.

You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.

Not significant. Note that the demonstrations so far of the problem in
Messenger Service have not shown that this is exploitable to do anything
more than simply kill or slow down the Messenger Service.

Now that MS has provided the patch, everything is great and that
service is bulletproof, right. No way in the world that there are any
additional vulnerabilities in that service, right?

That clearly would be a deluded point of view that points to someone
who refuses to learn from the past.

Actually, the more deluded point of view is to suggest that Messenger
Service is the only software on the machine that has vulnerabilities. And
some of the services on that machine will be required. What to do, what to
do? Run around like Chicken Little screaming "the sky is falling! the sky
is falling!"? Or better simply to invest in an umbrella to protect you
from the small pieces of whatever?

Oh, that's a great analogy. I'm very pleased with that one.

Yes, an umbrella - something between your vulnerable system and those nasty
people out there in the Internet. Something that the malicious packets
can't get through, whether they're targeted for Messenger Service, or RPC,
or any other service that you actually _need_.

Again, this vulnerability drives home the important point - If you
don't need the service, turn it off.

There are various states of "need". I think "tells me within seconds if the
firewall has died" is actually quite a good definition of "need".

By refusing to acknowledge this very basic security tenet, you are
distributing bad security advice and undermining your credibility in
regards to the topic of security.

You are right in one respect - running software that has no purpose is a
dangerous thing to do. It increases your available attack surface. But
removing one service is far less of a protection than is denying external
access to _all_ your systems' services by installing a firewall.

A firewall is by no means the last word in security - there are many other
routes for malicious data to get into your network; have you ever had a
salesman (your own, or a visitor!) that brought his laptop in the front door
and plugged it in to your network? In that case, you've had data travel
from outside your network to inside your network without going through the
firewall.

But a firewall is pretty close to being the _first_ word in security. To
suggest disabling an inconvenient service is preferable to disabling access
to all services, as you have done, is inappropriate.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | .
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

On Fri, 24 Oct 2003 22:18:32 GMT, (Alun Jones [MS MVP])
wrote:

In article , Kevin Davis³ wrote:
You just don't get it, do you?

I don't think you understand the situation well enough to make that call.

Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.

That is correct. It terminates one service that spends the majority of its
time telling you that your firewall is non-existent or non-functional. That
provides little additional security, and possibly even gives the user a
false sense that simply disabling the Messenger Service has saved him from
all the nastiness that the Internet has to offer.

Let's not forget about the nasty vulnerability it would avoid you from
being exposed to.


You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.

Not significant. Note that the demonstrations so far of the problem in
Messenger Service have not shown that this is exploitable to do anything
more than simply kill or slow down the Messenger Service.

There have already released exploits:

http://news.com.com/2100-7355_3-5095935.html

To ignore this a poo-poo it away in the face of security experts is
just plain foolish. Even if there wasn't an exploit, it would be
foolish to gamble that the cute little Messenger Service will catch a
benign pop-up before some hacker realized you were vulnerable and
owned you.

Actually, the more deluded point of view is to suggest that Messenger
Service is the only software on the machine that has vulnerabilities. And
some of the services on that machine will be required. What to do, what to
do? Run around like Chicken Little screaming "the sky is falling! the sky
is falling!"? Or better simply to invest in an umbrella to protect you
from the small pieces of whatever?

Did I suggest that the Messenger Service was the only one with
vulnerabilities? No. You guys are rich. The sensible approach that
most security experts agree on is to turn off services you don't need.
That is one part of the classic hardening of your system. In the case
you do need the service, run it, but make sure that you have installed
all the patches for it. Despite your claims, this is what I have
always been saying. Far from the ridiculous tale you are weaving
above.

There are various states of "need". I think "tells me within seconds if the
firewall has died" is actually quite a good definition of "need".

That's a ridiculous assertion. There's no way you can in good
conscience and honesty insist that for everyone's case leaving the
Messenger Service on will within seconds alert you to a problem with
your firewall.

But a firewall is pretty close to being the _first_ word in security. To
suggest disabling an inconvenient service is preferable to disabling access
to all services, as you have done, is inappropriate.

This is ridiculous. I never said any such thing. You must have a
reading comprehension problem.

---------------------------------------
What could possibly go wrong?