Penetration Testing mailing list archives

RE: Which software requires the Messenger Service?

From: "Eric McCarty" <eric () lawmpd com>
Date: Thu, 5 Feb 2004 08:44:41 -0800

It is my opinion that the messenger service should be disabled as
standard hardening of workstations. There is nothing that prevents a
"rogue" computer from sending another computer a few hundred messages
causing a semi-denial of service. This is especially the case is public
(campus) networks where end users are random.

Many services can take advantage of the messenger services, Compaq/HP
Insight manager, Most A/V Software, Backup Software, you name it. But I
can think of no software that relies on it implicitly to be able to run.


Eric C. McCarty
Systems Administrator 
Internet Security Officer


-----Original Message-----
From: Nestor L. Cabrera [mailto:flex_1_1999 () yahoo com] 
Sent: Tuesday, February 03, 2004 12:53 PM
To: wirepair () roguemail net
Cc: pen-test () securityfocus com
Subject: Which software requires the Messenger Service?

I've disabled Messenger service on all my nodes
(Windows 2000 network with XP clients) and have
experienced no problems whatsoever. In addition, I
also run BackupExec 8.6 from Veritas. Now, if you have
any software configured to send an alert via the net
send then you will have problems. Otherwise, in my
experience I have not had any problems.

lo all,
I would like to compile a list of software which
relies on the Messenger Service for inter process
communication. I believe
some backup software packages due but i'm not

entirely >positive. Has anyone ever shut the service
off and had >other services

complain? Thanks a lot for your input and if I get
enough I will post a list of the packages on my site
sh0dan.org.
Thank you,
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf



=====
Nestor L. Cabrera

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Which software requires the Messenger Service? wirepair (Feb 02)
- RE: Which software requires the Messenger Service? Michael Krymson (Feb 11)
- <Possible follow-ups>
- Re::Which software requires the Messenger Service? Sanjay K. Patel (Feb 05)
- Which software requires the Messenger Service? Nestor L. Cabrera (Feb 05)
- RE: Which software requires the Messenger Service? Eric McCarty (Feb 05)