Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Spam

Fighting Back Against Messenger Popup SPAM 87

Posted by Cliff from the next-generation-of-annoyance dept.
An anonymous reader asks: "I recently re-installed XP (out of boredom and not necessity) and forgot to turn off the Windows Messaging service. Things were going fine, until today. I started getting those annoying popups again. I realize that I can turn off this service and I'll no longer get the messages, but, I want a way to 'take back the internet' and not have to worry about others getting these messages either. Normally, these messages are the typical University Degree spam, but the last one I got was for a piece of software that turns off the messaging service. And as everyone knows, there are some people on the net who'll pay for this. So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?"
This discussion has been archived. No new comments can be posted.

Fighting Back Against Messenger Popup SPAM More

Fighting Back Against Messenger Popup SPAM

Comments Filter:
  • I named my computer ADMIN and I message the whole network and say that the source of the popup messages will have their access revoked.

    (Hasn't really worked as of yet).

  • Fight back! (Score:3, Interesting)

    by ceejayoz ( 567949 ) <cj@ceejayoz.com> on Wednesday December 25, 2002 @11:35PM (#4958963) Homepage Journal
    Get a copy of the program and start sending out announcements on how to disable the Messenger service.

    Just don't make it read like typical spam, or people will ignore it too.
    • Get a copy of the program

      There isn't even a third party program needed in Windows...you just type NET SEND * Message to send to all nodes or NET SEND NodeName Message for a specific node. In Linux you can do the same with "smbclient" or "sambaclient" (I can't remember which and I can't check right now).

      • Yes, but you'll still need a script / program to step through IP addresses sequentially. I'm sure someone here on /. could work one up quite quickly :-)
        • If you do "NET SEND * Message" it won't need to step through them one at a time...it sends out a broadcast.
          • Broadcasts as in IP-less packets being sent out to be bounced back to every computer on the subnet? That even working through an ISP is appalling. Their routers/switches should kill such packets instantly.
            • The message gets sent to all the clients on the LAN so they're all behind the same router. AFAIK this kind of spam has to originate from a local computer.
              • Well if this were only effecting LAN you could just walk up and punch the guy, couldnt you? :)
                My dad's gotten these messages through the 'net, though, so I doubt all this "broadcast" stuff is real. Probably cycling IPs just like WinNuke ("I didnt know it was wrong!")
              • The messages can be sent to computers that aren't on the local network.
      • It's smbclient.

        I'm on RedHat 7.2 and use samba to connect to my parents XP box, although I haven't used the client to send any messages. Don't feel like annoying them, yet. ;-)

  • New Meaning (Score:3, Funny)

    by trentfoley ( 226635 ) on Wednesday December 25, 2002 @11:52PM (#4959009) Homepage Journal
    I recently re-installed XP (out of boredom and not necessity)

    You have given new meaning to the term "boredom". Time to go update the entry on everything2...

  • It's called a firewall -- block port 139 and shut the hell up you whiny baby.

    Do you lock your car when you leave it at night? No? Let's find a way to take back your driveway!! I wonder what we could do?

    Do you keep cookies in a jar where the kids can get to it? No? Let's find away to take back the Oreos and Chips Ahoys!!! I wonder if the slashdot community can help you?

    Stop worrying about "taking back the internet" when you, personally, never had it in the first place. Last I checked, it's not illegal to send packets or emails or whetever to random people on whetever port you want to.

    These kinds of things will happen if you're stupid about how you connect your computer to a hostile environment. Get you rear out of your arse and plug the hole instead of rising up on some majestic soapbox as a wannabe internet vigilante.
    • How's this for an idea: Make it illegal to hack into someone's computer and display advertisements.
      What's that? It IS illegal to hack into someone's computer no matter what the purpose? Woops!
      • No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect. If you're going to open up port 139 to the world, you have to expect people sending packets to it. It's no different than any other service.
        • 1) My computer "listening" for packets which would erase my data (just like many bugs which have been reported on slashdot) would not even be given a second thought. Nobody would be saying "Well, you're the one who bought an OS and didnt have complete foreknowledge of all the services and what they entailed" and taken seriously.

          2) as for your first point, though it's been covered in the first part of my message as well, I just thought I'd mention [slashdot.org]
          • 1) That would be a bug. You would not be at fault, nor would the person sending the packet be at fault (unless they did so purposely and maliciously). Messenger, on the other hand, is operating exactly as it is intended to do. It's an optional feature. Turn it on, it receives messages. Turn it off, it doesn't. Sure the messages are sometimes spam, like email spam. Your email program isn't buggy because you receive spam, and no one is "hacking" you when they send spam to your mailbox, even if you run your own mailserver. That was my point, that no one is "hacking" your computer, that's the phrasing I objected to.

            2) Someone brought a suit. So? You can sue for anything. If it's ever judged (not settled) in favor of the plaintiff, then it would have some relevance.

            • I guess this is just an issue of what each of us considers a bug.
              I consider a system intended for the administrator of a network to send messages, being able to be used by someone who is not the administrator of the network, a bug.
              I consider any exploitation of any bug which allows you to access, modify, or present information which you were not intended to be able to access, modify, or present to be hacking.
        • No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect.

          Spoken like a true geek. However, you are extending an abstraction into higher levels than is necessarily appropriate. From my grandma's perspective, the TCP/IP level mechanism is irrelevant. She wants to know where the hell these weird messages are coming from.

          Just because XP automatically installs a service that listens on port 139 doesn't or shouldn't necessarily mean that I as a naive user am going to be expecting packets at that port. Taping a "KICK ME" sign to someone's butt doesn't mean they want to be kicked either. Not everyone views these things strictly at the level of the socket API.
          • No, but whose fault is it if you buy a pair of pants with "KICK ME" emblazoned on the backside, and you complain that people kick you all the time, even though you didn't possess the technical inclination to look on the ass for any signs, markings or invitations to random passerby?
            • No, but whose fault is it if you buy a pair of pants with "KICK ME" emblazoned on the backside, and you complain that people kick you all the time, even though you didn't possess the technical inclination to look on the ass for any signs, markings or invitations to random passerby?

              Or the technical ability to even realize such markings are there! "KICK ME" can be written in languages that you just don't know! OR it can be written in invisible ink that is only visible with special goggles. My grandma isn't going to run a portscanner on her machine as soon as she unwraps it on Christmas. I mean, give me a break. It's beyond reasonable to suggest that she as an end user should even have to. Stuff happening at the TCP/IP layer on a default XP install is the responsibility of Microsoft. Period.

              • You hear that? It's the world's smallest copy of Winamp playing sad, sad pirated MP3's just for your grandma. Incidentally, WinXP comes with a rudimentary, though effective Internet Connection Firewall that takes one click to activate.

                The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.

                • The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.

                  No, but they can at least refrain from running servers by default on a simple install of XP Home. You have to consider who your users are when adding features and deciding which ones are turned on right out of the box.

        • Webservers implicitly request that you contact them for info by having the URL published (either by other web pages or in advertising). Connecting to

          Connecting to a random IP address and having the machine do something that you know has a 99.9% chance of annoying the user that runs it is generally considered hacking. The hacker is doing something that annoys the owner of the computer, to the financial benefit of the hacker.

          Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).

          If you are causing another person's computer to do something that they do not want it to do, and that you know that they probably do not to want it to do that, then you are hacking. End of story.

          • Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).

            Yah, well if you park your car on the street then someone is allowed to leave a note on the windsheild with information on how to get free university diplomas. No one is 'stealing your car/computer' here. Mabey if someone sent a net send of death that changed your admin pass, that would be hacking. Displaying a message isn't. If someone goes up and down the ICQ UID's and messages each with an ad, are they hacking your computer too?
            • If someone goes up and down the ICQ UID's and messages each with an ad, are they hacking your computer too?

              That's a good question. Given that no implicit permission has been given to access the computer, I'd say that the answer is, in all probablility, yes. When someone puts a message on your winshield, they are using their own resources to do so. If someone paints the message on the side of your car, then that is vandalism. Forcing pop-up messages onto unwanting screens is in a bit of a no-mans land between the two. You are using someone else's machine to do this. You know that this is, most probably, unwanted and uninvited.

              The sentiment is strong enough against spammers, that I think it might be quite possible to convince a judge that this fits the definition of 'hacking'. All of the necessary elements are there. I don't know what elements are missing. Given that you've got the hots to be doing this, you tell me what elements of hacking a computer are missing in this scenario.

              The internet is not a free-fire zone. You are only allowed to access those ports and machines that you've been given permission to access (either implicit or explicit). Implicit access would be things like accessing an advertized web site, or an MX for the domain of someone who wants you to send them email.
              When you access a port that many people aren't fully aware is open to produce a message that 99.99% of people are going to be annoyed by that seems to me like unauthorized access.

    • From the sounds of it, he knows perfectly well how to turn it off. What he's worried about is other people (gasp! altruism! on Christmas!) getting tricked by scammers offering to show how to disable the messages - for the low low fee of $20 or so.
      • Actual, stopping the windows messaging service is _not_ the correct way to take care of this. As said a few messages before, blocking traffic to the netbios message port from untrusted networks (such as the internet) is.

        If he has netbios open to the internet...pretty dumb.

        As for keeping other people from being scammed; I think education is the only sure-fire way. Well written "best practices" guides could help tremendously. In this example, "common-sense things to do after setting up your windows XP OS but before connecting it to the internet" perhaps.

        Of course, this requires people to read up before just installing an OS in a wild fit of boredom for the "education" tactic to work...

  • short answer (Score:5, Insightful)

    by Twirlip of the Mists ( 615030 ) <twirlipofthemists@yahoo.com> on Thursday December 26, 2002 @12:22AM (#4959088)
    So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?

    You can't. What they're doing isn't illegal, and arguably it shouldn't be. And even if it were, they'd just move their operations off-shore.

    This isn't really a free speech issue-- commercial speech isn't covered by the same rules that govern other forms of expression-- but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?

    Sorry. Can't, or at least shouldn't, be done.

    Now, if you wanted to take a different tactic, you could approach Microsoft through the appropriate channels to request that the Messenger service be off by default, or to have them remove it altogether. That might or might not work, but you could try.

    • but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?

      I disagree with your interpretation. He's asking: "how can I help others who don't want to have their computers disabled with this crap popping up all the time?", not "how can I stop their speech?"

      People don't have the right to go up to the windows on your house and tape an advertisement to it. They do, however, within proper zoning laws, have a right to put up an advertisement on their own property, even if it's across the street from you and you see it every day. Additionally, the cost and time to vandalize millions of windows is essentially nil, whereas a pamphlet costs some fraction of a dollar and minute to post.

      Basically, if we hold that people don't have the right to shoot at the dogs on my front porch, they also shouldn't have the right to shoot their packets at any defenseless computer on my property, essentially destroying the usefulness of said property/dog.

      So, I maintain that 1. it can and should be done, and 2. Microsoft shouldn't have allowed the Messenger service to be compromised in this manner in the first place. Its default should be to only accept messages from the local network and machines that it has a file share, printer queue, or other authenticated relationship with.

      BTW: I think an automated messenger script that directs people to a web site with free instructions on both how to turn off the Messenger service and the possible ramifications of (miss out on broadcasted UPS shutdown warnings, etc.) is an excellent idea.

      • People don't have the right to go up to the windows on your house and tape an advertisement to it.

        I dare say they do. The Thai restaurant down the block puts a menu on my doorknob every couple of weeks, sometimes more often. The Herbalife guys love to lurk in the grocery store parking lot and stick reply cards under windshield wipers.

        Basically, if we hold that people don't have the right to shoot at the dogs on my front porch, they also shouldn't have the right to shoot their packets at any defenseless computer on my property

        That sets a dangerous precedent. The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.

        I think an automated messenger script that directs people to a web site with free instructions on both how to turn off the Messenger service and the possible ramifications of (miss out on broadcasted UPS shutdown warnings, etc.) is an excellent idea.

        So it's not the method of messaging you have a problem with, but the content of the messages? That's a problem. Regulating message content has always been a dicey proposition.

        • Re:short answer (Score:3, Interesting)

          by Henry V .009 ( 518000 )
          I've explained this to you before. Commercial speech in the U.S. does not have the same protections as other types of speech. You are being intentionally obtuse. It is true that the Thai restaurant does have a 'right' (though city ordinances against liter can come into play from time to time) to go up to your door and put a menu on your doorknob. Funny, though--but that is not what the original poster stated. He said: People don't have the right to go up to the windows on your house and tape an advertisement to it. And they don't. At a certain time speech becomes a public nuisance. Communities can protect themselves--especially if ordinances are content neutral and restrict themselves to commercial speech.

        • Re:short answer (Score:1, Interesting)

          by Anonymous Coward

          The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.

          Following that logic, answering each and every message is the right thing to do. Answer it by contacting their webserver, with a very slow machine. One which needs to keep the socket open for minutes to get a simple html-file. One which therefore gets timeouts and needs to retry a few (dozen) times. Their computer is a networked computer too and its purpose is to listen for your messages and deliver their content, right? If all network connects are equal, is there no line between "normal" use and even deliberate DoS-attacks either?

          • If the spammer advertises a web site, that could be a useful countermeasure. If all the spammer does is leave a phone number, every pissed off person could call them and ask about their product as if they were interested and then just hang up.

            This would be essentially creating a cost per spam. The idea has been discussed in other venues such as requiring systems sending mail to compute a small token in order to connect, or doing micro-payments that get refunded on the user's acceptance of the message as legitimate.

        • I dare say they do. The Thai restaurant down the block puts a menu on my doorknob every couple of weeks, sometimes more often. The Herbalife guys love to lurk in the grocery store parking lot and stick reply cards under windshield wipers.

          They also do so at considerable expense in comparison to spam. They also have some reason to believe that you might be interested in their product, i.e. you eat and they have a convenient location to you, and the expense of advertising will return in patronage. If people were really honked off, you could also go down to their building and return the menu/flyer/whatever. Whereas a spammer doesn't give a flying turd if most people don't want their product, and go to pains to insure that people can't find them.

          In short, there are huge differences in both content and delivery here. If a local store was duct taping penis-enlargement ads to neighborhood windows, they probably wouldn't be in business very long.

          That sets a dangerous precedent. The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.

          It's not an arbitrary line. If you have a window popping up regularly requiring dismissal, that depreciates the value of your property, the computer. This is a very specific abuse, and many would argue destruction, of a sometimes useful service.

          So it's not the method of messaging you have a problem with, but the content of the messages? That's a problem. Regulating message content has always been a dicey proposition.

          Yes and no. The method is a problem because Microsoft's MO is to allow any networked system to send data to several services on their systems, no questions asked. The method needs to be fixed. The message is a problem if the computer user cannot opt out. Most users cannot opt out because they don't know how (if they knew enough to know how, M$ probably wouldn't be so "popular"). And together, the message and the method are problems because the method was designed to enhance the utility of the computer, and such utility has essentially been destroyed by spammers.

    • This is not at all like saying "Some people are saying something that I don't like".

      This is like some people are coming into my home uninvited, and hanging advertising posters on the walls. I'm tired of taking down these posters, so how do I prevent these strangers from coming into my home?

      And the answer is to put a lock on the door. i.e. a firewall.
    • This isn't really a free speech issue -- commercial speech isn't covered by the same rules that govern other forms of expression


      The fact that some (not all) spam is "commercial speech" is irrelevant. What is relevant is that spam violates the property rights of the recipients and the transmitting ISPs.


      what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?


      No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"

      • What is relevant is that spam violates the property rights of the recipients and the transmitting ISPs.

        How? Let's say you and I meet at a football game and I tell you about my Superbowl party. Two weeks later the game rolls around and you find yourself without plans, so you give me a call. I didn't give you my phone number; you had to look it up. I also didn't give you express permission to call me. Do I jump up and down screaming about property rights when my phone rings?

        Of course not. Let us not lose sight of the point here: what you object to is not the method of communication, or the nature of the communication. You object to the content of the communication, and filtering inbound communication based on the content has always been a tricky proposition.

        No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"

        You've been on this kick for some time. It doesn't hold water, Steve. The argument that spam, including this kind of spam, is stealing your bandwidth only makes sense if your ability to use your Internet connection is materially harmed by it. Bandwidth isn't something you own; it's capability and capacity. If spam, in any form, prevented you from being able to use your Internet connection-- say, somebody emailed you a multi-terabyte file or something-- then you would have a case to say that this is denial of service. (Not "theft of service," of course. Denial of service, which is a crime under several computer crime laws.)

        But this type of spam specifically, and I dare say spam in general, does not prevent you from being able to use your Internet connection. It does not even materially infringe on your ability to use your Internet connection. You have, therefore, not been harmed by it, so you have no grounds to claim that it's a denial of service.

        Think of it in these terms: let's say you but a big, fancy mailbox in front of your house. The next day, the mailman delivers a piece of junk mail to your mailbox. You get all up in arms, and accuse the organization that sent the junk mail of stealing your mailbox capacity from you. See, your mailbox should be able to hold 40 regular-sized letter envelopes. When they sent you that piece of junk mail, your mailbox capacity was reduced to 39 envelopes. They stole some of your capacity!

        Doesn't make a whole lot of sense, does it? Your argument is the same. I'm sorry to have to tell you this-- I find spam as annoying as the next guy-- but this line of reasoning just doesn't get the job done.
        • Let us not lose sight of the point here: what you object to is not the method of communication, or the nature of the communication.

          It's rather too late for you to not lose sight of the point, which is that "spam" is defined in terms of its method (the flooding of large numbers of e-mail connections without permission) and nature (the theft of other people's bandwidth).

          You object to the content of the communication

          I see that you have some reading comprehension issues. My original post specifically rejected the notion that content was at all relevant.

          The argument that spam, including this kind of spam, is stealing your bandwidth only makes sense if your ability to use your Internet connection is materially harmed by it.

          So, you're of the school of moral philosophy that holds that it's perfectly OK to steal a penny from just about anybody, ten dollars from a typical middle-class American, or a thousand dollars from Bill Gates (as none of these examples will cause any material harm to the victim). Most of us grownups don't agree with you.

          Bandwidth isn't something you own

          I guess my ISP is going to have to come up with some other rationale for charging me money to use it.

          If spam, in any form, prevented you from being able to use your Internet connection

          Irrelevant. Not even spammers (who routinely lose in court [slashdot.org]) have dared try the absurd argument that they should be held harmless so long as they stop short of the utter destruction the victim's internet connection.

          Think of it in these terms

          Nope -- the terms in which people familiar with the issue [slashdot.org] think of it are quite good enough for me.

    • Pardon me for the creative citation editing here:
      This isn't really a free speech issue <cite argument in favor of suppressing speech /> Sorry. Can't, or at least shouldn't, be done.

      Sorry, you lost me there. If this "isn't really a free speech issue", then why are you defending this activity on free speech terms? I don't understand your thinking here. In what ways relevant to this context (broadly, spam) is commercial speech governed differently from non-commercial speech, such that your argument can be consistent with itself? I'm curious because, not knowing the fine points of the law, it looks to me like you're contradicting yourself here, and in the end I can't parse what conclusion you're trying to tease out.

      • If this "isn't really a free speech issue", then why are you defending this activity on free speech terms?

        Fair question. First of all, what I actually said was, "This isn't a free speech issue, but what you are saying is (cite argument in favor of suppressing speech)." Subtle difference. I was trying to point out that I wasn't going to argue on the grounds of the 1st Amendment.

        The grounds on which I'm defending (as much as I hate to admit it) this activity is simply the fact that it's not prohibited by law, and that figuring out how to write a law that prohibits it without opening up at least one other can of worms is going to be very, very difficult.

  • -1 Troll (Score:3)

    by Johnny Mnemonic ( 176043 ) <mdinsmore&gmail,com> on Thursday December 26, 2002 @12:47AM (#4959159) Homepage Journal

    Um, buy a Mac? If you don't like the tool you use, consider the alternatives...
  • The show The Screen Savers on Techtv bitchs about this constantly. They have asked Microsoft before to release some sort of patch but they don't feel its necessary. Besides being annoying, it is really easy to create a batch file that does a net send DOS attack. Microsoft needs to provide an easy way off turning off the messenger service.
    • NOTE TO HACKERS: To force Micro$oft to patch the annoying adware in there buggy software, attack on M$ messeger - port 139 - use all DoS, virus, macro and all other attacks
    • Click "Start | Programs | Administrative Tools | Services". Find the "Messenger" service on the list, stop it, and set it to "Disabled". Would you be more likely to download some bloated 4MB patch from Windows Update that did the same thing? Would you prefer a desktop icon that turns it off, right next to your "Free AOL and Internet" icon?

  • Enable XP's Firewall (Score:4, Informative)

    by DA-MAN ( 17442 ) on Thursday December 26, 2002 @02:21AM (#4959428) Homepage
    Just enable XP's firewalling or disable the messenging service in Start/Settings/Control Panel/Administrative Tools/Services and disable Messenger.
  • The was my school's network is set up, I can only 'see' the computers on my floor. So if I get a netsend message, I have a very limited group of people to choose from. Once I look up the names on the computers I can see, it's not hard to find the message sending one...
    • yes, it most definately is a special case. You obviously have never seen actual popup spam, as it's unlikely that anyone would bother spaming from inside of the school. Commercial popup spamming involves sending messages from OUTSIDE of your local network to you which contain adverts. To make matters worse, they're not easy to trace, as the sender is only identified by the WINS name, not IP, which you, not being on the same local network as them, can't look up.
      • See, now I'm confused, because every time I've played with net send (and, no, I'm not spamming), I've never been able to send anything to anyone who isn't on my network. Any attempt to send to an IP outside the network just disappeared.

        And, yeah, I have gotten a couple of these before I re-disabled the messanger service.
  • Violence is always the answer. ;) If at first you don't succeed, you're just not using enough violence.
  • > I recently re-installed XP

    See, there's your problem right there. The messages are coming in through a method that *your* computer is setup to allow. You have specifically installed a piece of software to allow people to send you popup messages.

    If you don't want to receive messages from people you don't know, stop installing software that receives them!

    (and this really isn't meant to be a Windows flame. It's just that if you don't want your computer to behave a certain way, maybe you shouldn't install software that makes it behave that way.)

    - Muggins the Mad
  • Joe user should not diable it. It a nice way to tell them their computer is infected by whatever worm hits your firewall/IDS. Message them to install a firewall like ZoneAlarm. It will solve more than the popup issue.
  • alas they'd also have to block legit SMB/CIFS access, yes?

    Of course, that's in many ways a good thing, and anybody who /really/ needs it can set up an IPSec VPN to use it safely.
  • I didn't see anything there saying that you use or particularly enjoy MSN Messenger, do you? Personally, I hate it. All M$ programs end up linking into its shared libs for some odd reason, meaning that if it or IE or explorer go down, the ship goes down. Copy and paste this into your "Run..." : RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove Make sure Messenger is not running first, of course.

  • You guys are thinking MSN Messenger - it is not. (Score:4, Informative)

    by krinsh ( 94283 ) on Thursday December 26, 2002 @09:38AM (#4960045)
    This is the system messenger utility that ostensibly is for legitimate network messages in the workplace such as "the server will be down for on hour starting in five minutes. please close all documents from the server", etc. and alerts to admins when certain events fire on the systems.

    A home user should not need to have this enabled (unless you are playing with a small home network and are looking at legit messages) - follow the directions other posters on disabling this service.

    Conscientious admins should have this blocked at their demarkation line or should disable it in their network altogether if they do not use it.

  • Stopping the pop-up spam (Score:4, Insightful)

    by Zocalo ( 252965 ) on Thursday December 26, 2002 @10:33AM (#4960181) Homepage
    There is a very simple way of stopping this kind of irritant from bothering the clueless who can't configure their perimeter security properly. It's called having their upstream ISPs drop traffic to and from the NetBIOS' ports on their routers by default. Is this a good idea, though? Maybe, maybe not. I'll certainly kill the pop-up spam intendeded for the ISP's customers dead in it's tracks, but it establishes a couple of precidents that can only cause problems further down the road, such as ISPs taking over responsibilty for customer security from the customer. In the case of ISPs like AoL that already have "we control your online experience" writ large in their advertising spiel, then this might be worthy of consideration. For traditional ISPs that essentially just provide connectivity this would almost certainly be the start of slippery downhill slope though. Who gets to decide what should be on the Internet and what should not? Telnet? Vulnerable to password sniffing and you should be using SSH! FTP? Same as Telnet! SMTP? Drowing in spam! HTTP? Swamped with porn!...

    What is needed (as ever) is customer education, and if the customer doesn't see the problem then that's not going to happen, is it? The ISP where I work sells the option of having a basic stateful firewall on the CPE router that stomps on this kind of thing as a managed / one-off service. It's not intended as a dedicated firewall replacement, it's intended as a first pass at cleaning up incoming and outgoing traffic for SMEs. Essentially, we determine with the customer what traffic they may need to pass and simply drop the rest, hopefully giving some customers a better idea of security in the process. It's good for us, because it's dropping the number of customer network compromises we have to deal with and it's turning into quite a respectable revenue stream. It's good for the customer, because it's protecting them from some hostile traffic on the Internet and they feel safer for it. The most important thing is to make sure that the customer doesn't get the "I've got a firewall, so I'm safe" mentality (back to user education again).

    We all know that the Internet has become a very hostile place to be since its rise to being a mass market commodity product, but ultimately ISPs are not, and should not, be held responsible for that (unless it's their servers that are stuffed). To use a tried and trusted analogy premise, that's like blaming car dealers for the increase in risk caused by the growing number of cars on the roads. A car dealer should show you the location of the controls in your new car, maybe even make sure you have a license and valid insurance, but not give you a driving test. Once you own your new car, it's up to you to make sure you drive and park safely, keep it locked, don't leave valuables on the back seat and keep it serviced. If you can't or don't do any of those things, and don't take advantage of the people who will help or do those things for you then, ultimately, who is to blame when things inevitably go horribly wrong?

  • WTF don't you have a firewall? If you are getting popups with the Messenger service you are NOT blocking the RPC ports and these popups may be the least of your trouble.

    Start blocking those ports.
  • I run the bull. board at a local public access tv station that airs whenever we dont have any programming (quite often) and it's basically a powerpoint pres. running off a win 2k machine. I happened to turn on the tv one day after the netadmin had made some changes to the network, and saw 3 popups over top of the bull. board. This was 3 am, so i had to wait until the next day to go in and fix it, but the boss wasn't too happy with me.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close