[Dshield] 4899

Joseph Stahley 3rd jestahley3 at cox.net
Thu Apr 22 22:57:09 GMT 2004


Sure Pete, here it goes...

In WinXP Pro go to My computer, right click, select properties, go to remote
Tab. On this tab you will see:

Remote Assistance- allow remote assistance invites to be sent from computer.
Remote Desktop - allow user to connect remotely to this computer.

Check to see if any of those have a checkmark in the box next to them. I am
pretty sure that Remote Assistance feature is turned on by default, not sure
about the remote desktop feature. Remote Assistance is used to get support
from MS by the way, so the service for this is on at default as well. 


Next go to Administrative Tools, select services, check these services, If
you do not use remote access you can disable all these.

Remote Access Auto Connection Manager

Remote Access Connection Manager (ICF and ICS need to be turned off first
before making changes to this one.

Remote Desktop Help session Manager

Net Meeting Remote Desktop Sharing

Interesting that both Internet Connection Firewall (ICF) and Internet
Connection Sharing (ICS) require that the remote access connection manager
be turned on, talk about a vulnerability. Microsoft and others urge people
to use their firewall (ICF), without telling them remote access connection
manager needs to be on in order to use it. That’s like telling a wolf he can
sit at an open door in front of the chicken coupe.

Now if your novice user would you have had any idea to check and disable
these if your not using any type of remote access? 

I'm led to believe at least one of these use port 4899, maybe someone else
with an XP box can experiment to verify this. Seems like the best candidate
would be the Remote Desktop sharing feature that allows inbound traffic.

Joe





-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Pete Cap
Sent: Thursday, April 22, 2004 2:01 PM
To: General DShield Discussion List
Subject: RE: [Dshield] 4899

Joe,

I can't speak to XP home, but to my knowledge Pro
doesn't come with radmin out of the box...can you
clarify please?

Regards,
Pete

--- Joseph Stahley 3rd <jestahley3 at cox.net> wrote:
> I see a lot of that port as well, it's probably
> novices that are running
> winxp home or pro that have the service turned on.
> 
> Joe
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]
> On Behalf Of Paul Marsh
> Sent: Thursday, April 22, 2004 11:32 AM
> To: General DShield Discussion List
> Subject: [Dshield] 4899
> 
>  Anyone else seeing 4899? Not that I'm seeing a lot
> a few here and
> there, I've never seen them before.  The port looks
> to be a remote admin
> port.
> 
> Thanx, Paul
> 
> _______________________________________________
> list mailing list
> list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.665 / Virus Database: 428 - Release
> Date: 4/21/2004
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.665 / Virus Database: 428 - Release
> Date: 4/21/2004
>  
> 
> _______________________________________________
> list mailing list
> list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25"
http://photos.yahoo.com/ph/print_splash
_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.665 / Virus Database: 428 - Release Date: 4/21/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.665 / Virus Database: 428 - Release Date: 4/21/2004
 




More information about the list mailing list