[unisog] Windows Messaging Spam
bmartin at luc.edu
Fri Oct 11 01:12:15 GMT 2002
I also found this on the net in a Listserv archive:
Net send is on
Keyword Decimal Description References
------- ------- ----------- ----------
msp 18/tcp Message Send Protocol
msp 18/udp Message Send Protocol
What I find odd is that I would expect anything under 1024 to be blocked by mots organizations and allow anything under 1024 only to know and managed systems. Maybe it is because of my experiences that I believe this, but the reality of the matter is that there are very few environments that can justify not using default DENY. When I say "justify" I don't mean just because the department chair from XXXX says he needs to do Y.
There are so may know and well documented reasons to use a default DENY, and just as may reasons/article/documents (not to mention hacks) that show just what happens when you do not approach security in this manner.
Another option and resolution, although not a quick, is to consider NAT in you environments. It takes a great deal of planning and usually some reconfiguring of the networks and servers, but the payoff is priceless.
As an example, the little messaging issue that started this thread would not be possible from the Internet to your clients. If you did experience something of this sort, you know that it is a problem that started internal and although still tough to track w/ out the right tools, at least you have some idea of where it started.
>>> Ken Connelly <Ken.Connelly at uni.edu> 10/10/02 05:52AM >>>
Does this run on one of the standard windoze ports, 135-139 and/or 445?
More information about the unisog