site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Messenger Service window popped up on my Server!

Search Topic:
 Share Topic
Posting?
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

rakerman

join:2002-09-28
Ottawa, ON

reply to scottkeen

Re: Messenger Service window popped up on my Serve

Based on the reports I am seeing, there is an upsurge in "NET SEND" spam.

There's a thread on it in Slashdot today.

»ask.slashdot.org/article.pl?sid=···/1945240
The best resource I have found is an article from TechTV

»www.techtv.com/screensavers/answ···2,00.htm
If you're new to NetBIOS-over-TCP, I also suggest

»www.microsoft.com/windows2000/te···wcug.htm
I'm going to put these on my webpage shortly.
--
Richard Akermanhttp://www.akerman.ca/trojan-port-table.html(covers trojan ports as well as general broadband security)
to forum · permalink · 2002-10-11 09:25:32 · (locked)

psloss
Premium
join:2002-02-24
Alpharetta, GA

said by rakerman:
The best resource I have found is an article from TechTV

»www.techtv.com/screensavers/answ···2,00.htm
If you're new to NetBIOS-over-TCP, I also suggest

»www.microsoft.com/windows2000/te···wcug.htm
I'm going to put these on my webpage shortly.
Stopping/disabling the Messenger service is the best solution, but I thought this was interesting: I'd assumed that the "net send" functionality was sent over tcp/139, as there are specs on this. But when I ran a net send from a Windows 2000 system to a Windows XP box, Ethereal shows that the message was delivered via udp/135! I'm going to now test to see if these messages can get through on udp or tcp 135 without NetBIOS running...so there may be a couple of different ports that need to be blocked.

Philip Sloss
to forum · permalink · 2002-10-11 16:32:55 · (locked)

psloss
Premium
join:2002-02-24
Alpharetta, GA

said by psloss:
But when I ran a net send from a Windows 2000 system to a Windows XP box, Ethereal shows that the message was delivered via udp/135! I'm going to now test to see if these messages can get through on udp or tcp 135 without NetBIOS running...so there may be a couple of different ports that need to be blocked.
I just "verified" this on an XP Pro setup. The XP Pro system has NetBIOS disabled and is not listening on tcp/139 or tcp/445. It is also not bound to udp ports 137-139 or 445. I can still push messages to that system with net send from a Win2K box. I haven't tried an NT4 system...

Can anyone else test this?

Thanks,

Philip Sloss
to forum · permalink · 2002-10-11 17:11:05 · (locked)
Forums > Broadband Tech > Security > Security

Sunday, 03-Jun 19:05:01 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics