Re: Messenger Service window popped up on my Server!

Author	All Replies
Name Game Premium join:2002-07-07 North Myrtle Beach, SC kudos:6	reply to scottkeen Re: Messenger Service window popped up on my Server! Philip Sloss, Did you read the article posted above on.. Windows 2000 TCP/IP NetBIOS Over TCP/IP The Windows 2000 implementation of NetBIOS over TCP/IP is referred to as NetBT. NetBT uses the following TCP and UDP ports: UDP port 137 (name services) UDP port 138 (datagram services) TCP port 139 (session services) NetBIOS over TCP/IP is specified by RFC 1001 and RFC 1002. The Netbt.sys driver is a kernel -mode component that supports the TDI interface. Services such as workstation and server use the TDI interface directly, while traditional NetBIOS applications have their calls mapped to TDI calls through the Netbios.sys driver. Using TDI to make calls to NetBT is a more difficult programming task, but can provide higher performance and freedom from historical NetBIOS limitations. NetBIOS defines a software interface and a naming convention, not a protocol. NetBIOS over TCP/IP provides the NetBIOS programming interface over the TCP/IP protocol, extending the reach of NetBIOS client and server programs to the IP internetworks and providing interoperability with various other operating systems. The Windows 2000 workstation service, server service, browser, messenger, and NetLogon services are all NetBT clients and use TDI to communicate with NetBT. Windows 2000 also includes a NetBIOS emulator. The emulator takes standard NetBIOS requests from NetBIOS applications and translates them to equivalent TDI functions. Windows 2000 uses NetBIOS over TCP/IP to communicate with prior versions of Windows NT and other clients, such as Windows 95. However, the Windows 2000 redirector and server components now support direct hosting for communicating with other computers running Windows 2000. With direct hosting, NetBIOS is not used for name resolution. DNS is used for name resolution and the Microsoft networking communication is sent directly over TCP without a NetBIOS header. Direct hosting over TCP/IP uses TCP port 445 instead of the NetBIOS session TCP port 139. By default, both NetBIOS and direct hosting are enabled, and both are tried in parallel when a new connection is established. The first to succeed in connecting is used for any given attempt. NetBIOS over TCP/IP support can be disabled to force all traffic to use TCP/IP direct hosting. To disable NetBIOS over TCP/IP support (see here for more) »www.microsoft.com/windows2000/te···wcug.htm microsoft-ds 445 tcp microsoft-ds Win2k+ Server Message Block udp microsoft-ds Win2k+ Server Message Block On Windows 2000 professional, there is always a share "ADMIN$", so that it is essential to create a password for "Administrator" Windows 2000/XP also use port 445 (microsoft-ds) for Microsoft networking without NetBIOS.
	to forum · permalink · 2002-10-11 18:02:36 · (locked)
psloss Premium join:2002-02-24 Alpharetta, GA	said by Name Game: Did you read the article posted above on.. Windows 2000 TCP/IP Yes, but this isn't solely a NetBIOS issue. The Messenger service on Win2K and XP appears to be based on DCE RPC...if the spammers are basing their scans on NetBIOS availability, that's great. It gives everyone more time to stop and disable the Messenger service. said by Name Game: On Windows 2000 professional, there is always a share "ADMIN$" This behavior -- administrative shares -- has existed in Windows NT since 3.5, probably all the way back to 3.1. Aside from the ADMIN$ and IPC$ shares, all local hard drives are also shared as $ (so C$, D$, E$, etc.). There are other shares on server versions (NETLOGON, for example). Couple o'references on turning that off: »support.microsoft.com/default.as···;q288164 »is-it-true.org/nt/atips/atips2.shtml ...but I'm not sure this is related to "net send spam." Philip Sloss
psloss Premium join:2002-02-24 Alpharetta, GA	to forum · permalink · 2002-10-11 18:45:30 · (locked)
KAD Imaging Just Shoot It Premium join:2002-09-21 Hialeah, FL	You are correct Phil regarding the ability to "net send" without NetBIOS running or even installed. See my post in another thread for the same issue. »I can't explain this. -- -The Cobra "Heh, your broadband style is good grasshopper....but not good enough. Watch my Earthlink style..." 1222K download 218K upload (EL 1.5M/256K)
	to forum · permalink · 2002-10-11 19:49:24 · (locked)
psloss Premium join:2002-02-24 Alpharetta, GA	said by KAD Imaging: You are correct Phil regarding the ability to "net send" without NetBIOS running or even installed. See my post in another thread for the same issue. Just picked up the first block of UDP/135 data on my honeypot: »www.mynetwatchman.com/LID.asp?IID=10063226 A nice message about free (hot) electronics... Looks like AOL is still the platform of choice for spammers... Philip Sloss
psloss Premium join:2002-02-24 Alpharetta, GA	to forum · permalink · 2002-10-12 00:43:07 · (locked)

Broadband Tech > Security > Security > Messenger Service window popped up on my Server!