Preventing the NT Messenger From Use as a Spam Portal? 66
zbowling (Zac Bowling) asks: "I currently use Comcast cable internet, and I consistently get hit with spam popups. These are not the ones you get from a webpages or media, these are dialog box popups from people scanning all possible IPs for the open messenger port on most NT or Win2k machines. The NT Messenger service (also the same as Novells Network Alert system) is reserved for admins, so they can send messages to the domain or a single workstation for any reason. This service has been taken advantage of by spammers looking for a cheap way to spam someone. One message I got was a spam to get me to buy a firewall product from them to prevent this from happening. I'm sure you can shut of that service or block that port except from people in your subnet. Does anyone know of any resources on the topic?"
Its called common sense. (Score:2)
Re:Its called common sense. (Score:2)
Yes, there is. There's (un)common sense. Disable the Messenger service. If you need it, chances are you're on a computer that shouldn't have broadband directly connected to it anyways (ie; a computer on a domain). If this is the case, install a personal firewall and hope your network admin never finds out.
Which brings me to my second point; hardware and, to my chagrin, even software firewalls. They block such ports, unless you allow them through. Drop $70CD
Re:Its called common sense. (Score:1)
Actually it is called Linksys (Score:4, Informative)
1. Your ip address is now a black hole. Nothing comes in. Cable modem is a shared medium meaning it is entirely possible that your neighbors could be snooping your hard drive. Not likely, but possible (I have done it in the past
2. You can plug more than one computer into the 4 10/100 ports the unit has, now you have more than one computer surfing at cable speed. Also have your internal network between computers. If you had friends and they came over they could plug their machines in and have instant access to the web also. Acts as a DHCP server so you don't need to configure one.
If you have a cablemodem, you really, really need a hardware firewall/router, and the Linky is a very easy to use unit. Just be sure to change the password, everybody on the planet knows how to hack their way in if it is left to the default.
Re:Actually it is called Linksys (Score:2)
Wow, a real cyberterr'ist. Why do you hate America so much?
I've got DSL and I'm hiding behind one of those little 4 port Linksys routers. They're essential even if you only have one computer- you'd have to be crazy to connect a machine directly to a broadband modem us
Re:Actually it is called Linksys (Score:1)
Write your congressman. (Score:5, Interesting)
Re:Write your congressman. (Score:5, Insightful)
If we are to make this sort of thing illegal, its a very small step to consider any connection to an open port that isn't what the recipient (ie server operator) expected to receive as hacking. This is likely to lead to even less of a focus on delivering a secure software product, rather relying on the threat of legal action to secure systems, much like the DMCA. Its using the sledgehammer of the law to crack a small nut that technology is already more than capable to dealing with.
If you really feel the need to write to somebody, write to Microsoft and tell them that the default state of a system following an install is insecure and that you will stop purchasing their products if they can't provide something secure enough to put on the internet.
New Windows (Score:2, Informative)
Re:New Windows (Score:2)
If Microsoft cared about anything other than selling you the next version, they would make it much easier for admins and end-users (especially end-users) to properly lock down their machines. The problem is that most of Microsoft's so-called useful functionality and "innovation" is what causes these security problems in the first place. Oh that and the Computer Science 101-le
Re:Write your congressman. (Score:2)
Spammed by anti-spam product adverts. Defeat? (Score:5, Funny)
that's kind of... weird though.
Re:Spammed by anti-spam product adverts. Defeat? (Score:3, Informative)
Re:Spammed by anti-spam product adverts. Defeat? (Score:1)
Re:Spammed by anti-spam product adverts. Defeat? (Score:2)
Re:Spammed by anti-spam product adverts. Defeat? (Score:1)
iq_in_binary (Score:2)
Instead, look for a local spammer; as this would be the most likely culprit of such a crime.
turn the service off (Score:3, Informative)
Re:turn the service off (Score:2)
not only that but theres gazillion websites that cover such annoyances, including annoyances.org.
Re:turn the service off (Score:1)
In the lower left hand of your screen, you should see a button labled "Start" click it with your left mouse button, unless you are left handed, try the right mouse button. Now, point to settings, then click "Control Panel". Then double click the administrator tools icon. goto "services". Now, there will be a service listed as "Messenger Service" Right click this (if you are left handed, left click), and click properties. Then choose the automa
Resource (Score:5, Informative)
Yes, it's called Google. [google.com]
Re:Resource (Score:1)
Everyone knows Google.
The other day I asked a mailing list I'm on to summarize Extreme Programming in a sentence or two.
All the replies I got were pretty much the same "Try searching Google"
Reallly? I can find stuff on Google?
Jeezus!
The whole reason for asking is that you CAN'T FIND INFO ON IT!
Please, if someone asks a question that you could give a useful answer to, DO SO.
If you can't give a useful answer, just don't answer!
Re:Resource (Score:1)
Check out (Score:3, Informative)
Shut off the service (Score:5, Informative)
Scroll down to Messenger and right click, hit Properties.
Set Startup Type to Disabled.
If the Service status says Started, click Stop.
Click OK and close out of Services and Control Panel.
Shorter Procedure (Score:3, Funny)
Select Shut Down
Put Computer in Box
Take it back to the store and tell them you want your money back, because you're too stupid to use a computer
Re:Shut off the service (Score:3, Informative)
Stopping NT Messenger Spam (Score:5, Funny)
Step 2) Type in "NT messenger spam"
Step 3) Hit the "I'm feeling lucky" button
Step 4) Stop NT Messenger Spam [stopmessengerspam.com]
Step 5) Submit question to "Ask Slashdot" anyway
Step 6) ????
Step 7) Profit!
Simple (Score:4, Funny)
How the ..... (Score:3, Informative)
Dude, core rule of running ANY OS is to disable anything you don't use. If you don't know which services/daemons you do or don't need, then install a software based firewall on the OS until you can get help to start securing the OS properly.
For windows, software like Zone Alarm (http://www.zonelabs.com) is a good start. McAfee, Symantec and a whole heap of other companies offer similar products also.
For *BSD (Including OSX) IPF is available on nearly all variants. For GNU/Linux, NetFilter/IPTables in the modern kernels and IPCHAINS and IPFWADM in the older kernels.
For commercial versions of Unix, There are a quite a few options, but most home users aren't going to be running Solaris or HP-UX or AIX or other such OSs.
Re:How the ..... (Score:2)
First off - Amen!
The problem is the bloody default install. If I was asked, you want this... I would have said no now that I know what it was. Looking at the description, "Sends and receives messages transmitted by administrators or the Alerter Service", it is not obvious you can nuke this service. The other problem is few would suspect random spammers could use it to broadcast messages when the description implies administrators.
Re:How the ..... (Score:1)
No sig.
router? (Score:2, Informative)
If you have more than one machine, surely you have some form of routing?
And if you have a router, then why don't you just block the port on the router, leave it open on the internal nodes, and lest i forget, not submit a googleable question to
"block incoming NetBIOS" (Score:3, Informative)
Installing ZoneAlarm [zonelabs.com] is not enough. You must go to Security/Local/Customize in ZoneAlarm and select "block incoming NetBIOS".
Re:"block incoming NetBIOS" (Score:2)
Microsoft may have different plans for you... (Score:2)
Re:Microsoft may have different plans for you... (Score:2)
My guess is that you are thinking of NetBEUI. (Score:2)
My guess is that you are thinking of NetBEUI. This is NetBIOS, a feature of the TCP/IP protocol.
blocking netbios ports not working (Score:2)
I do not wish to manually turn off the messenger service on every single win box on our network, so d
NOT NetBIOS, but RPC (Score:3, Informative)
The Messenger service sends and recieves messages not using the NetBIOS protocol, but RPC. Therefore, you need to block port 135 to stop the messenger.
As many others have said, you could also just turn the service off. I haven't seen anyone mention Black Viper [blackviper.com] as a resource for explaining what could be shut off and how to do it.
rpc blocked too (Score:2)
Re:rpc blocked too (Score:1)
1. Are you talking about 135 TCP or 135 UDP? I don't happen to
know which one it should be.
2. Could the stuff be coming from inside the firewall?
Isn't this the same question as ... (Score:2)
JP
Slashdot is for posting, not roasting. (Score:5, Insightful)
Slashdot Readers: If you don't like an Ask Slashdot question, ignore it!
Don't waste everyone's time posting a comment saying that you knew the answer when you were 8 or 18 years old, and Slashdot is lame for posting such a simple question.
Slashdot is meant to be a community. Not everyone in a community has the same knowledge. Questions that are simple for you may be difficult for someone else.
Yes, many questions can be answered by Google, IF you already know the answer and therefore know the correct key words.
Re:Slashdot is for posting, not roasting. (Score:2)
Yes, but how far will it go? There has to be a line drawn in the sand somewhere so that these people will do atleast some legwork before resorting to Ask Slashdot. We're not here to pander to the incapable; this is a news site, not an infant hand-holding rag.
If we lower the bar sufficiently with such basic questions, we'll find ourselves
Re:Slashdot is for posting, not roasting. (Score:1)
Re:Slashdot is for posting, not roasting. (Score:2)
Ok, I'll ignore it. Then I'll get tired of scrolling past it and I'll disable the "Ask Slashdot" section. Then a dozen others will do the same. A few hundred more, a few hundred more, and before you know it the only people left reading Ask Slashdot are the people too simple to memorize more than one URI on the web who need their mothers' help when they fin
Re:Slashdot is for posting, not roasting. (Score:2)
But questions that have already been asked [slashdot.org] in Ask Slashdot deserve to be ridiculed to the fullest extent possible in an online community. Part of being a community is not just looking for quick, simple answers that you are too lazy to find for yourself.
Of course, part of the "Slashdot community" is submitting and griping about double posts, so I gue
Just disable the service (Score:3, Informative)
How about just typing net stop messenger at a command prompt?
Problem solved, eh? Should this really have been an Ask Slashdot?
Re:Just disable the service (Score:4, Funny)
You just can't help someone if they aren't willing to help themselves.
Windows NET SEND saga (Score:3, Informative)
NET SEND on Windows [akerman.ca]
This was also asked before [slashdot.org] and before that [slashdot.org] and before before that [slashdot.org]. And if you search Slashdot on "messenger" [slashdot.org], many other times besides those three.