Security Basics mailing list archives
RE: Windows Messenger Pop-up spam
From: Steven Trewick <STrewick () joplings co uk>
Date: Mon, 6 Dec 2004 11:50:11 -0000
-----Original Message----- From: H Carvey [mailto:keydet89 () yahoo com] Sent: 03 December 2004 12:10 To: security-basics () securityfocus com Subject: Re: Windows Messenger Pop-up spam In-Reply-To: <20041202173019.B10318 () planetcobalt net>Which will merely have lulled them into a false sense of security, since the traffic is still making it to their IP stack. For windows boxen, this is almost as good as "game over"You may want to give at least one reason for this opinion.I, too, would like to see something to support this statement. "Game over", how? Sure, the traffic still makes it to the IP stack, I agree...but how does this result in "game over" with respect to Messenger spam? Turn the Messenger service off and there's nothing there to handle the input...end of story. *That's* "game over".
Harlan, as you well know, there are *many* other things listening to/on the subset of ports used by messenger spam, turning off the messenger service in no way blinds/deafens the *rest* of the RPC subsystem, where $DEITY knows how many vulns have been (and remain to be) discovered. Simply turning off the service in no way increases the security of the machine, because those ports and the multiplicity of services that use them will still be exposed, quite obviously. Anyone sufficently addled as to run a machine exposed in this way is also extremely unlikely to be patched up the eyeballs, thus we have exposed *and* vulnerable services. Thus it will be game over when the first worm reaches the machine. As a rough guide, the last time I saw someone connect a box so configured to the internet, it took less than five minutes to succumb to some variety of lsass exploit, which will have arrived via those exact same ports (135/9, 445, et al) The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. joplings.co.uk
Current thread:
- Re: Windows Messenger Pop-up spam, (continued)
- Re: Windows Messenger Pop-up spam Kevin Davis (Dec 08)
- Re: Windows Messenger Pop-up spam Ansgar -59cobalt- Wiechers (Dec 09)
- Re: Windows Messenger Pop-up spam Michael Painter (Dec 10)
- Message not available
- Re: Windows Messenger Pop-up spam Ansgar -59cobalt- Wiechers (Dec 13)
- Re: Windows Messenger Pop-up spam Ansgar -59cobalt- Wiechers (Dec 02)
- Re: Windows Messenger Pop-up spam Kevin Davis (Dec 03)
- RE: Windows Messenger Pop-up spam Harlan Carvey (Dec 07)
- Re: Windows Messenger Pop-up spam Ansgar -59cobalt- Wiechers (Dec 08)