Re: Source of Windows PopUp SPAM

[David Kennedy CISSP <dkennedy () computer org>]

At 09:37 AM 10/18/02 +1200, Nick FitzGerald wrote:
> Michael Katz <mike () procinct com> replied to Ron Trenka:
>
> > > Anyone have a way to disable this on W2K and NT 4.0 servers?
> >
> > Stop and disable the Messenger service.
>
> That will certainly do it but may remove other "useful"
> functionality  that depends on the Messenger service for delivering
> system alerts 
> (AV software, various system monitoring/alerting tools, etc).
>
> If you'd rather keep (some of) that functionality, read the end of 
> the following page (a really good link originally posted by Gary 
> Flynn) where binding services to specific interfaces is described:
>
>   http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html


Blocking 135-139 (TCP/UDP)(in/out) at the border routers seems to scale
much better than tweaking a bunch of Windows boxes, leaves the service
available for useful "stuff" you've cited and also prevents other
unpleasantness known and unknown, present and future (see yesterday's
Bugtraq).  I've seen several mentions of firewalling for this and that
seems to me to be a waste of performance having a firewall do what a router
can do more efficiently with equal effectiveness.


-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.

Attachment: _bin
Description: