0
Jimbo

Messenger Service? WTF is this?

By Jimbo, in The Bonfire

Recommended Posts

Jimbo    0

Jimbo
I'm a Unix guy, I rarely invest any time in the latest Windows this or Windows that or new and exciting ways to spam people through Windows. That said, I was a bit surprised when I came home and saw this (see attachment) - anyone know how this got in?

Thanks much,
Jim
"Like" - The modern day comma
Good bye, my friends. You are missed.

WTF.doc

Share this post

Link to post
Share on other sites

jfields    0

jfields
I think some spammers are taking to using IMCP to get messages through. Our firewall blocks it for about 90% of our stations. Those that have IMCP enabled for valid reasons also get the occasional new-style messaging spam. Evil spamming bastards!

Share this post

Link to post
Share on other sites

indyz    1

indyz
Windows has a feature that lets users/apps send popup messages to each other. Anyone can do it, just open up a DOS prompt and type "net send computer_name_or_address message". The ability to receieve messages can be turned off in Windows' settings, but it is left on by default. Spammers are using automated tools to exploit this.

Share this post

Link to post
Share on other sites

Sonic    0

Sonic
There's a program called Ad-Aware - don't know if you've heard of it or not. It searches your system for spyware and deletes it. I ran it straight after a fresh install of XP pro and it got rid of about 7 items
-----------------------------------
It's like something out of that twilighty show about that zone

Share this post

Link to post
Share on other sites

indyz    1

indyz
Quote

There's a program called Ad-Aware - don't know if you've heard of it or not. It searches your system for spyware and deletes it. I ran it straight after a fresh install of XP pro and it got rid of about 7 items


This isn't spyware. It's a Windows feature, and it's quite useful on a properly firewalled network. Unfortunately, it comes enabled on home PCs (where it's mostly useless) and spammers figured it out.

Share this post

Link to post
Share on other sites

aneblett    0

aneblett
Will the Bombardment of Spam and Unwanted advertising ever end. I remember when you could use a public urinal and not have to stare at some ad...

Hey Jimbo, just curious what is the icon on the top right hand side of your screen?
S.E.X. party #2

..It is far worse to live with fear, than to die confronting it.

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
Quote

Hey Jimbo, just curious what is the icon on the top right hand side of your screen?



That's probably JS Pager, a utility to provide virtual desktops on Windows. It is, in my opinion, one of the single best Windows programs out there. You can get it here: http://hem.fyristorg.com/jspage/

-
Jim
"Like" - The modern day comma
Good bye, my friends. You are missed.

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
If your refering to the lame firewall in XP... don't count on it. That things holier then swiss cheese. I've seen unsecure systems that block more things then that firewall does. And it only blocks inbound and not bi-directional packets so its usless once a tcp session is started.

(Cissp certified)
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

Sonic    0

Sonic
I meant the multiple desktop thingy. Wouldn't trust the windows firewall to block against anything. Out of interest, what firewalls do people use? I got ZoneAlarm myself - the Norton one just screws up my system
-----------------------------------
It's like something out of that twilighty show about that zone

Share this post

Link to post
Share on other sites

Chivo    0

Chivo
If you like Ad-Aware, you should also take a preemptive counter measure for banners and pop-ups and other of the web-evils. I started using Proxomitron a while ago and it rulez! When you browse the web, I rarely get a pop-up, it even removes a lot of the advertisements. And if you're familiar with regular expresions, you can implement your own filters too.

Chivo

Share this post

Link to post
Share on other sites

lummy    4

lummy
Quote

Software firewalls will never be as secure as a hardware one



Why is that?

Back to the NET SEND spams, The University has been getting these for about 2 weeks now. The easiest thing to do is to disable the Messenger service on NT/Win2k/XP.
I have a registry fix that I made at work I can post on Monday
I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
Quote

Software firewalls will never be as secure as a hardware one.



That's a myth. Exactly what part of your 'hardware' firewall do you think makes it so useful? It's not the hardware, it's the software and features built into said software.

The idea that hardware firewalls are/were more secure might have held water back in the day when processor speeds were, well, slower than they are now. One of the most successful and widely implemented firewalls on the market today, Checkpoint - and soon to be 'Next Generation' - is a software firewall. The Pix, if I'm not mistaken, is losing market share quickly, that is if it ever even had it.


-
Jim
"Like" - The modern day comma
Good bye, my friends. You are missed.

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
>Why is that?

Because you are introducing software vurns into the mix along with a greater possibility for misconfigurations. Pix runs on Cisco ISO (At one point it had a 25% market share) which at its core is a unix kernel. Checkpoint is the current market leader in firewalls but its a hardware level firewall since at its core its a BSD core with full router capibilities. The software firewalls that plug right into your every day OS's now are able to be hacked using flaws in the software along with the firewall holes themself. Whitebox solutions for firewalls have consistantly shown time after time that they are able to be attacked on a software level to result in failure of the firewall. Instead of trying to hack through the box, just exploit a Windows/unix vurn that has not been patched. With IOS/hardware upgrades you are assured that the patches will work in your config, with other sources there is no telling what a patch can do (anyone remember SP6 for NT taking out Exchange 5.5?). Then you have te issues of misconfiguration that despite your best efforts forgettign to turn one service/deamon off can leave your network wide open.

Checkpoint is still considered a hardware level since it is a router. Your average homebuilt software level firewall is not capible of serving as a bridge between two unique networks and will do NAT or what ever else you want on it. A hardware level firewall can do this and more. Even proxy server software can not match the level of flexibility a hardware level firewall can offer you for proxy connections.

I only have a PIX at home since I salvaged it from work. We replaced all of our firewalls with a new system that the DoD is picking up. Cyberguard, they are a firewall vendor with no bug-traq's against them, unlike every other major vendor.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

fudd    0

fudd
Quote

Checkpoint is still considered a hardware level since it is a router.


What?!? You can install Checkpoint on winNT. It's software. I agree that without securing th OS the firewall isn't secure.
Anyway, firewalling is much more than level 4 packet filtering.

There are only 10 types of people in the world. Those who understand binary, and those who don't.

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
Quote

Checkpoint is the current market leader in firewalls but its a hardware level firewall since at its core its a BSD core with full router capibilities.



What are you talking about? This doesn't make sense, BSD as we already know is OS - that's software, but it's also unimportant. How is it a BSD core running on Solaris or NT? That would imply some type of emulation and that's just bad. Checkpoint is nothing more than a software based packet filter with a few pretty GUIs for building rules and browsing logs. It is as succeptable to compromise as the core OS, in this case either Solaris or NT, Checkpoint might also run on AIX, HP, and a host of other systems, I'm not sure.

Quote

The software firewalls that plug right into your every day OS's now are able to be hacked using flaws in the software along with the firewall holes themself.



Just like Checkpoint.

Quote

With IOS/hardware upgrades you are assured that the patches will work in your config, with other sources there is no telling what a patch can do (anyone remember SP6 for NT taking out Exchange 5.5?).



Do you know how many buggy versions of IOS are out there? Again, without the software your PIX is nothing more than an ugly, noisy paperweight.

Quote

Checkpoint is still considered a hardware level since it is a router.



Uh?

Quote

Your average homebuilt software level firewall is not capible of serving as a bridge between two unique networks and will do NAT or what ever else you want on it.



Specifically what 'average homebuilt software' are you referring to? Features are built into the software, the features are as powerful or as weak as the developers made them. In some cases these features are completely contained within the software, in others OS support is needed to allow them to run properly.

Quote

We replaced all of our firewalls with a new system that the DoD is picking up. Cyberguard, they are a firewall vendor with no bug-traq's against them, unlike every other major vendor.



There aren't any bug-traq listings against them because they're new. Given time flaws and exploits will be discovered in ANY software application.


-
Jim
"Like" - The modern day comma
Good bye, my friends. You are missed.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing