[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026

Rick Klinge rick at famhost.com
Sat Jun 21 15:22:56 GMT 2003


Better to block ALL not need traffic by port, IP address, or IP ranges ...
then allow only what you need for both ingress/egress.

~Rick

----- Original Message ----- 
From: "Ed Truitt" <ed.truitt at etee2k.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, June 21, 2003 8:42 AM
Subject: Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon
UDP Port 1026


> On Fri, 2003-06-20 at 23:40, morning_wood wrote:
> > so all users should suffer an ISP blocking ports just because some
> > people run windows???? excuse me? Better would be to just disable
> > windows mesaging service. or issue a patch for it, as opposed to
> > blocking port traffic.
>
> [snip]
>
> I am not sure that I would call it "suffer".  In general, Windows
> networking traffic (NetBIOS, Messenger/WinPopUP, SMB/CIFS) wasn't meant
> to be run over the Internet:  it is much more suitable for a LAN, or a
> corporate Intranet. The Internet lacks the infrastructure (WINS) needed
> to properly support this type of traffic, and besides the Windows
> networking model uses a flat namespace - again, an indication that it
> was never *meant* to scale to the size of the Internet.
>
> What I (and I presume others) would prefer is that this traffic be
> blocked at the borders - where the ISP (or organization) connects to the
> Internet.  That way, if you want to run these services internally, you
> are free to do so.  At the same time, you aren't sending and receiving a
> lot of useless packets (Windows networking is also EXTREMELY chatty!)
> that tend to clog up your network.
>
> Having said that, my own ISP doesn't block this traffic, but I of course
> am free to do so.  And I do.
>

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list