[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026

Ed Truitt ed.truitt at etee2k.net
Sat Jun 21 20:34:01 GMT 2003


On Sat, 2003-06-21 at 10:22, Rick Klinge wrote:
> Better to block ALL not need traffic by port, IP address, or IP ranges ...
> then allow only what you need for both ingress/egress.
> 
> ~Rick
> 
> ----- Original Message ----- 
> From: "Ed Truitt" <ed.truitt at etee2k.net>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Saturday, June 21, 2003 8:42 AM
> Subject: Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon
> UDP Port 1026
> 
> 
> > On Fri, 2003-06-20 at 23:40, morning_wood wrote:
> > > so all users should suffer an ISP blocking ports just because some
> > > people run windows???? excuse me? Better would be to just disable
> > > windows mesaging service. or issue a patch for it, as opposed to
> > > blocking port traffic.
> >
> > [snip]
> >
> > I am not sure that I would call it "suffer".  In general, Windows
> > networking traffic (NetBIOS, Messenger/WinPopUP, SMB/CIFS) wasn't meant
> > to be run over the Internet:  it is much more suitable for a LAN, or a
> > corporate Intranet. The Internet lacks the infrastructure (WINS) needed
> > to properly support this type of traffic, and besides the Windows
> > networking model uses a flat namespace - again, an indication that it
> > was never *meant* to scale to the size of the Internet.
> >
> > What I (and I presume others) would prefer is that this traffic be
> > blocked at the borders - where the ISP (or organization) connects to the
> > Internet.  That way, if you want to run these services internally, you
> > are free to do so.  At the same time, you aren't sending and receiving a
> > lot of useless packets (Windows networking is also EXTREMELY chatty!)
> > that tend to clog up your network.
> >
> > Having said that, my own ISP doesn't block this traffic, but I of course
> > am free to do so.  And I do.
> >
> 
> ___________________________________________________________________
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

That is normally true - HOWEVER - the one exception is the ISP.  Their job is to 
provide connectivity to their users, and therefore to "deny by default" pretty much 
goes against their entire business / service model.  For stuff designed to be used over
a LAN though (which IMNSHO Windows networking is), I certainly don't see any reason for 
them to let that cross the border.

-- 
---
Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."




More information about the list mailing list