Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: OT? New compromise.

From: jseymour () linxnet com (Jim Seymour)
Date: Wed, 28 Mar 2007 13:30:13 -0400 (EDT)

Victor Williams <vbwilliams () neb rr com> wrote:


Port 1863 is the port for Microsoft's Instant Messenger client 
communications.  1720 is default for LiveMeeting...in later versions 
these two pieces of functionality are integrated together.

It could appear to exist on Linux boxes because of any of a number of 
Instant Messenger clients that come by default.  I know GAIM and Kopete 
are included by default with Fedora 4 and later and work with all the 
major IM networks (MSN, Yahoo, ICQ, AIM).


The problem is, comments like "We've been finding it a lot when looking
at customers with spammy viruses.", "It's invisible on the local
machine" (Gaim certainly wouldn't be hiding from ps or netstat), "I
have several security sources and none of them have been able to
identify it", the ability to see it when nmap'ing from an external
host, but not from localhost, etc.

All of this struck me as exceedingly odd.



In MS systems, MSN IM client starts itself automatically unless you 
specifically tell it not to.  Likewise, even if you tell it not to, 
loading MS Office 2003 or later will re-set it so that it starts 
automatically again.

[snip]

MS systems do a lot of things their users would prefer they not.

Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: