Full Disclosure mailing list archives
Re: Odd Behavior - Windows Messenger Service
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 16 Jul 2003 04:08:58 -0700
this is no misconfigured server, as I stated .. I FOLOWED THE PROMPTS OUT OF THE BOX to install XP it IS behind a router IN the DMZ ( port 445 is open to it ) , the message did NOT come from my LAN, as I am the only one on it. Donnie ----- Original Message ----- From: "Benjamin Meade" <ben () lanwest com au> To: <full-disclosure () lists netsys com> Sent: Wednesday, July 16, 2003 2:59 AM Subject: RE: [Full-disclosure] Odd Behavior - Windows Messenger Service
To me, that means that either the box was connected to the 'net without a firewall or being locked down, or someone on your lan is spamming, either knowingly, or unknowningly. Don't know why you posted this to every bug list in the known world, as it seems like a misconfiguration, not a bug. In this particular case, you will deserve the flames. Benjamin Meade System Administrator LanWest Pty Ltd -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of morning_wood Sent: Wednesday, 16 July 2003 5:37 PM To: bugtraq () securityfocus com; vulnwatch () vulnwatch org; full-disclosure () lists netsys com; 0day Subject: [Full-disclosure] Odd Behavior - Windows Messenger Service Donnie Werner morning_wood () exploitlabs com July 16, 2003 WindowsR networking ( TCP) and messenger service are both initialized before any user/admin login has taken place, and are remotely accessable odd... setting up default XP box in DMZ I complete the install setting up networking ( dhcp ) and ( workgroup ) only one passworded administrator account as prompted by the instalation media.... reboot. I leave box unatended for aprox 30 minuts at the login screen... Upon sucessfull passworded login, a message-ala-windows messenger service is displayed.. ( damn spammers ) BEFORE THE DESKTOP !!! and before anything ( except wallpaper ) has initialized here is output from a remote nbtenum session before a sucessfull login of a freshly booted XP box Network Adapter Adapter: \Device\NetbiosSmb MAC Address: 000000000000 Adapter: \Device\NetBT_Tcpip_{D36A0C7D-1EC4-417E-9A7C-DF4F13AF9D4C} MAC Address: 00A0CC397071 Logged On Users Username: 333\BITCHBOX$ Logon Server: Share Information IPC$ ADMIN$ C$ dunno if this particular behavior has been observed before ( im donning NomexR for the flames ) Donnie Werner http://exlpoitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- RE: Odd Behavior - Windows Messenger Service Benjamin Meade (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- Re: Odd Behavior - Windows Messenger Service John Reilly (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- Re: Odd Behavior - Windows Messenger Service John Reilly (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- RE: Odd Behavior - Windows Messenger Service Benjamin Meade (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- <Possible follow-ups>
- Re: Odd Behavior - Windows Messenger Service Ken Pfeil (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- Re: Odd Behavior - Windows Messenger Service Martin (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)
- Re: Odd Behavior - Windows Messenger Service morning_wood (Jul 16)