If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Messenger Service Pop Ups
Hi
Does anyone know which UDP and TCP ports I need to block to stop these messenger service pop-ups?? I have Norton firewall installed, but just need to know what to block as it does not prevent theses messages by default. thanks in advance for your time Ad |
Ads |
#2
|
|||
|
|||
Messenger Service Pop Ups
Greetings --
Use the firewall to ensure UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_ blocked. You may also disable Inbound NetBIOS (NetBIOS over TCP/IP). You'll have to follow the instructions from firewall's manufacturer for the specific steps. Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Adam" wrote in message ... Hi Does anyone know which UDP and TCP ports I need to block to stop these messenger service pop-ups?? I have Norton firewall installed, but just need to know what to block as it does not prevent theses messages by default. thanks in advance for your time Ad |
#3
|
|||
|
|||
Messenger Service Pop Ups
Greetings --
Please stop deliberately posting potentially harmful advice. Disabling the messenger service is a "head in the sand" approach to computer security that leaves the PC vulnerable to threats such as the W32.Blaster.Worm. The real problem is _not_ the messenger service pop-ups; they're actually providing a useful service by acting as a security alert. The true problem is the unsecured computer, and you're only advice, however well-intended, was to turn off the warnings. How is this helpful? Equivalent Scenario: You over-exert your shoulder at work or play, causing bursitis. After weeks of annoying and sometimes excruciating pain whenever you try to reach over your head, you go to a doctor and say, while demonstrating the motion, "Doc, it hurts when I do this." The doctor, being as helpful as you are, replies, "Well, don't do that." The only true way to secure the PC, short of disconnecting it from the Internet, is to install and *properly* configure a firewall; just installing one and letting it's default settings handle things is no good. Unfortunately, this does require one to learn a little bit more about using a computer than used to be necessary. Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Zane" wrote in message news Go to control panel administrative tools computer management expand services and applications click services double click messenger change startup type to disabled |
#4
|
|||
|
|||
Messenger Service Pop Ups
On Thu, 16 Oct 2003 19:05:15 -0600, "Bruce Chambers"
wrote: Greetings -- Please stop deliberately posting potentially harmful advice. Disabling the messenger service is a "head in the sand" approach to computer security that leaves the PC vulnerable to threats such as the W32.Blaster.Worm. The real problem is _not_ the messenger service pop-ups; they're actually providing a useful service by acting as a security alert. The true problem is the unsecured computer, and you're only advice, however well-intended, was to turn off the warnings. How is this helpful? You are wrong. See the recent MS security bulletin: http://www.microsoft.com/technet/tre...n/ms03-043.asp As I have suggested OVER and OVER and OVER again, you need to disable services that you don't need. Several, including you, asserted that I was being ridiculous in suggesting that there just might be a vulnerability in the Messenger service that could expose your system as vulnerable. Now we know that it has been true. If somebody got past your firewall, they could own your system simply if you were running the Messenger service. The great risk involved in running it when it's not needed is far greater than the trivial value that it provides by being a "security alert". There are much better tools to use for security alerts than a vulnerable, unneeded service running. --------------------------------------- What could possibly go wrong? |
#5
|
|||
|
|||
Messenger Service Pop Ups
Greetings --
Apparently, you're completely unfamiliar with the term "workaround." The KB article you cite recommends disabling the messenger service as a *workaround,* only until the necessary patch has been certified for the user's specific environment. No where does the KB article even imply, much less state, that disabling the messenger service is, in and of itself, any kind of real solution. And at no time did I say anyone was being "ridiculous" for advising people to _only_ turn off the messenger service and take no other precautions; deliberately malicious or dangerously misinformed, certainly, but never "ridiculous." Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Kevin Davisł" wrote in message ... You are wrong. See the recent MS security bulletin: http://www.microsoft.com/technet/tre...n/ms03-043.asp As I have suggested OVER and OVER and OVER again, you need to disable services that you don't need. Several, including you, asserted that I was being ridiculous in suggesting that there just might be a vulnerability in the Messenger service that could expose your system as vulnerable. Now we know that it has been true. If somebody got past your firewall, they could own your system simply if you were running the Messenger service. The great risk involved in running it when it's not needed is far greater than the trivial value that it provides by being a "security alert". There are much better tools to use for security alerts than a vulnerable, unneeded service running. --------------------------------------- What could possibly go wrong? |
#6
|
|||
|
|||
Messenger Service Pop Ups
On Fri, 17 Oct 2003 10:26:32 -0600, "Bruce Chambers"
wrote: Greetings -- Apparently, you're completely unfamiliar with the term "workaround." You just don't get it, do you? Before this bulletin, you insisted that disabling the messenger service provided NO or LITTLE additional security. You were wrong. If one had disabled this service (assuming they didn't need it very badly) then it would have provided significant additional security. Now that MS has provided the patch, everything is great and that service is bulletproof, right. No way in the world that there are any additional vulnerabilities in that service, right? That clearly would be a deluded point of view that points to someone who refuses to learn from the past. Again, this vulnerability drives home the important point - If you don't need the service, turn it off. By refusing to acknowledge this very basic security tenet, you are distributing bad security advice and undermining your credibility in regards to the topic of security. --------------------------------------- What could possibly go wrong? |
#7
|
|||
|
|||
Messenger Service Pop Ups
On Fri, 17 Oct 2003 10:26:32 -0600, "Bruce Chambers"
wrote: Greetings -- Apparently, you're completely unfamiliar with the term "workaround." The KB article you cite recommends disabling the messenger service as a *workaround,* only until the necessary patch has been certified for the user's specific environment. No where does the KB article even imply, much less state, that disabling the messenger service is, in and of itself, any kind of real solution. This is also an incorrect interpretation of the article, IMO. MS's RECOMMENDATION (not "workaround"): Recommendation: Customers should disable the Messenger Service immediately and evaluate their need to deploy the patch This means: 1. Disable the service 2. Evaluate you need for the service to be running ("evaluate the need to deploy the patch") 3. Deploy the patch if you need the service. 4. Turn the service back on if you need the service. 5. If you don't need the service, don't turn it back on. --------------------------------------- What could possibly go wrong? |
#8
|
|||
|
|||
Messenger Service Pop Ups
In article , Kevin Davisł wrote:
You just don't get it, do you? I don't think you understand the situation well enough to make that call. Before this bulletin, you insisted that disabling the messenger service provided NO or LITTLE additional security. That is correct. It terminates one service that spends the majority of its time telling you that your firewall is non-existent or non-functional. That provides little additional security, and possibly even gives the user a false sense that simply disabling the Messenger Service has saved him from all the nastiness that the Internet has to offer. You were wrong. If one had disabled this service (assuming they didn't need it very badly) then it would have provided significant additional security. Not significant. Note that the demonstrations so far of the problem in Messenger Service have not shown that this is exploitable to do anything more than simply kill or slow down the Messenger Service. Now that MS has provided the patch, everything is great and that service is bulletproof, right. No way in the world that there are any additional vulnerabilities in that service, right? That clearly would be a deluded point of view that points to someone who refuses to learn from the past. Actually, the more deluded point of view is to suggest that Messenger Service is the only software on the machine that has vulnerabilities. And some of the services on that machine will be required. What to do, what to do? Run around like Chicken Little screaming "the sky is falling! the sky is falling!"? Or better simply to invest in an umbrella to protect you from the small pieces of whatever? Oh, that's a great analogy. I'm very pleased with that one. Yes, an umbrella - something between your vulnerable system and those nasty people out there in the Internet. Something that the malicious packets can't get through, whether they're targeted for Messenger Service, or RPC, or any other service that you actually _need_. Again, this vulnerability drives home the important point - If you don't need the service, turn it off. There are various states of "need". I think "tells me within seconds if the firewall has died" is actually quite a good definition of "need". By refusing to acknowledge this very basic security tenet, you are distributing bad security advice and undermining your credibility in regards to the topic of security. You are right in one respect - running software that has no purpose is a dangerous thing to do. It increases your available attack surface. But removing one service is far less of a protection than is denying external access to _all_ your systems' services by installing a firewall. A firewall is by no means the last word in security - there are many other routes for malicious data to get into your network; have you ever had a salesman (your own, or a visitor!) that brought his laptop in the front door and plugged it in to your network? In that case, you've had data travel from outside your network to inside your network without going through the firewall. But a firewall is pretty close to being the _first_ word in security. To suggest disabling an inconvenient service is preferable to disabling access to all services, as you have done, is inappropriate. Alun. ~~~~ [Please don't email posters, if a Usenet response is appropriate.] -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | . Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer. |
#9
|
|||
|
|||
Messenger Service Pop Ups
On Fri, 24 Oct 2003 22:18:32 GMT, (Alun Jones [MS MVP])
wrote: In article , Kevin Davisł wrote: You just don't get it, do you? I don't think you understand the situation well enough to make that call. Before this bulletin, you insisted that disabling the messenger service provided NO or LITTLE additional security. That is correct. It terminates one service that spends the majority of its time telling you that your firewall is non-existent or non-functional. That provides little additional security, and possibly even gives the user a false sense that simply disabling the Messenger Service has saved him from all the nastiness that the Internet has to offer. Let's not forget about the nasty vulnerability it would avoid you from being exposed to. You were wrong. If one had disabled this service (assuming they didn't need it very badly) then it would have provided significant additional security. Not significant. Note that the demonstrations so far of the problem in Messenger Service have not shown that this is exploitable to do anything more than simply kill or slow down the Messenger Service. There have already released exploits: http://news.com.com/2100-7355_3-5095935.html To ignore this a poo-poo it away in the face of security experts is just plain foolish. Even if there wasn't an exploit, it would be foolish to gamble that the cute little Messenger Service will catch a benign pop-up before some hacker realized you were vulnerable and owned you. Actually, the more deluded point of view is to suggest that Messenger Service is the only software on the machine that has vulnerabilities. And some of the services on that machine will be required. What to do, what to do? Run around like Chicken Little screaming "the sky is falling! the sky is falling!"? Or better simply to invest in an umbrella to protect you from the small pieces of whatever? Did I suggest that the Messenger Service was the only one with vulnerabilities? No. You guys are rich. The sensible approach that most security experts agree on is to turn off services you don't need. That is one part of the classic hardening of your system. In the case you do need the service, run it, but make sure that you have installed all the patches for it. Despite your claims, this is what I have always been saying. Far from the ridiculous tale you are weaving above. There are various states of "need". I think "tells me within seconds if the firewall has died" is actually quite a good definition of "need". That's a ridiculous assertion. There's no way you can in good conscience and honesty insist that for everyone's case leaving the Messenger Service on will within seconds alert you to a problem with your firewall. But a firewall is pretty close to being the _first_ word in security. To suggest disabling an inconvenient service is preferable to disabling access to all services, as you have done, is inappropriate. This is ridiculous. I never said any such thing. You must have a reading comprehension problem. --------------------------------------- What could possibly go wrong? |
Thread Tools | |
Display Modes | |
|
|