[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026
rick at famhost.com
Sat Jun 21 15:22:56 GMT 2003
Better to block ALL not need traffic by port, IP address, or IP ranges ...
then allow only what you need for both ingress/egress.
----- Original Message -----
From: "Ed Truitt" <ed.truitt at etee2k.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, June 21, 2003 8:42 AM
Subject: Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon
UDP Port 1026
> On Fri, 2003-06-20 at 23:40, morning_wood wrote:
> > so all users should suffer an ISP blocking ports just because some
> > people run windows???? excuse me? Better would be to just disable
> > windows mesaging service. or issue a patch for it, as opposed to
> > blocking port traffic.
> I am not sure that I would call it "suffer". In general, Windows
> networking traffic (NetBIOS, Messenger/WinPopUP, SMB/CIFS) wasn't meant
> to be run over the Internet: it is much more suitable for a LAN, or a
> corporate Intranet. The Internet lacks the infrastructure (WINS) needed
> to properly support this type of traffic, and besides the Windows
> networking model uses a flat namespace - again, an indication that it
> was never *meant* to scale to the size of the Internet.
> What I (and I presume others) would prefer is that this traffic be
> blocked at the borders - where the ISP (or organization) connects to the
> Internet. That way, if you want to run these services internally, you
> are free to do so. At the same time, you aren't sending and receiving a
> lot of useless packets (Windows networking is also EXTREMELY chatty!)
> that tend to clog up your network.
> Having said that, my own ISP doesn't block this traffic, but I of course
> am free to do so. And I do.
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
More information about the list