Re: Windows Messenger Pop-up spam

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <20041202180813.D10318 () planetcobalt net>

> > > Why? Simply disable the stupid messenger service (because obviously
> > > it's not needed anyway). There's no need to block any port because of
> > > messenger spam.

Agreed.
 
> > That would be true, if all that ever used those ports was Messenger.
> > But it's NOT!  The same ports are used for a bunch of stuff that you
> > *really* do not want to be exchanging with the wild wild net.

But the thread isn't about blocking all ports and all services, it's about Messenger spam.  Turning the service off is 
a highly effective means of dealing with the situation at hand.  

If you're going to change the focus of the thread, please do so under another Subject: line.

> We were talking about messenger spam only, and therefore it's pretty
> much sufficient to disable the messenger service. No other action
> needed, especially not blocking any ports. Period.

I thought the same thing, as well.  The original question wasn't about overall, general security...it was about 
blocking spam to the Messenger service.

> But let's assume we're talking not only about messenger spam but malware
> in general. Why would I rather block specific ports instead of disabling
> unneeded services? In the latter case I won't *have* anything that needs
> to be protected at all¹. 

Agreed.  There are links on the TaoSecurity blog that point to resources for completely configuring a Windows system so 
that there is a "clean" netstat.exe output.  Besides shutting down all unnecessary services, including those that 
provide network connections, it includes how to disable DCOM.  Once the steps have been followed, why would a firewall 
be needed?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com