|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (isn_at_c4i.org)
Date: Fri Oct 18 2002 - 00:48:52 CDT
Forwarded from: H C <keydet89
yahoo.com>
Cc: gizmosurfthe.net
> I think there is a bit of confusion in this article.
>
> This practice, from what I have discovered, seems to be specific to
> the Windows Messaging service, not Windows Messenger (aka Microsoft
> Messenger or MSN Messenger).
I don't see where you found the "confusion"...McWilliams specifically
referred to the service and even provided a link to an MS KB article.
> A good firewall, with a proper protection policy enabled, would
> prevent these pop-ups.
Some of the folks on the public lists have "good firewalls"...but they
still get hit w/ this stuff. The reason is b/c some of them have to
allow DCOM/RPC portmapper (UDP 135) through for a specific purpose.
> Most personal firewalls will do this. In fact, protecting your
> NetBIOS ports is a baseline best practice for Windows and other SMB
> enabled systems.
NetBIOS ports aren't used by the DirectAdvertiser application. They
are used by the "net send" command, and the NetMessageBufferSend() API
(which 'net send' uses)...however the popups most folks are seeing are
coming in over DCOM/RPC.
Again...I'm not all that clear on where you found "confusion" in the
article. To be quite honest, it was relatively clear. The only folks
who might be confused by it are those who chose not to read it
completely.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]