Slashdot Mirror
Windows/NetBIOS pop-up Spam:
bofus writes "This article from Wired News presents a new way to deliver unsolicited advertising content - the MS Windows Messenger service.
It appears that the client software hasn't been widely distributed yet, but it's probably only a matter of time before a free clone is circulating. This method could become the delivery method of choice for all kinds of unsolicited junk, given the number of unsecured PCs out there.
On the flip side, if you run a relatively secured machine and have some sort of firewall, this probably shouldn't concern you."
Would it be a DMCA if the alerts bypass a security device (Firewall)? Just an idea...
I wasn't sure how to take this message...
:(
Hello, would you like to get laid? Call me at xxx-xxx-xxxx
alas, now that I know it's spam.. my hopes have been crushed...
---
Programming is like sex... Make one mistake and support it the rest of your life.
if you run a relatively secured machine and have some sort of firewall, this probably shouldn't concern you.
Or, if you avoid MS products like the plague they are, this shouldn't concern you.
Now MS is a spam enabler? too funny.
echo echo echo
X(7): A program for managing terminal windows. See also screen(1).
try "net send IPADDR"
it is a cli and batchable, this can be supremely irritating as the only info given with the popup is wins name which is useless unless you are in the same domain/ou.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Wouldn't it just be a bit simpler to just type into the dos prompt "net send * BUY OUR PRODUCT!!!!"
When my friends and I would play Starcraft, the winpopup was my secret weapon ;)
"I have customers who call me back and tell me they love it and it generates hundreds of calls right away," said Kovacs, who noted blah...blah...blah..
That sure is a funny way to say "death threats."
"The girls of the internet. Ooh, I'd go online with them anyday!"
-Homer Simpson
Everyone should be running one. A good software for Windows one is Kerio Personal Firewall (Formerly Tiny).
It'll block everything you don't want if you set it up correctly.
I was just noticing the other day why you should put your windows servers behind a firewall. http://www.1138.net/cs/moms.jpg
I first saw this on my cable modem(before I started using IPTables to share my connection) Then I noticed it on my network on campus. And as I am the administrator I simply blocked the ports on our firewalls. However I can not imagine what students thought when they saw these messages. As a mater of course we disable NT messaging on our servers and all of our faculty/admin machines because its not needed. However I never tought I would need to block it from the internet. But apparently its become a big problem. I have heard from a number of students that they have received these messages, all in one day. I suppose that it just means I have to make our firewall all that more restrictive; which I hate to do.
Is to go into the services panel, and turn off Windows Messenging Service.
/.
Or we could just bitch about it on
net send %1 "crapflood of info"
goto one
It was kind of amusing to watch. People would click the OK button on the message and as soon as it went away another popped up. The best thing is the beep that accompanies the message. Oh the assinine joy....
-Tolerate my intolerance
ran a story on this yesterday morning:
El Reg
I want to drag this out as long as possible. Bring me my protractor.
All it will take is a few pr0n campaigns through this thing, and backlash will be quick to follow.
You might be able to increase the intensity and speed of the backlash by sending a pr0n ad to a machine conennected to a WiFi network during a powerpoint presentation to stockholders or upper management. (teehee!)
This is done by the "net send" command from a CLI. There is also a free product that will give you a Windows GUI for using this command. It can be found HERE. Of course the best thing to do is just disable the Windows Messege Service.
-------
Bite Me Fanboy!!
Real easy to do this stuff... find a win2k or XP box connected directly to the 'net with port 139 open ...
c:\> net send \\ip_address "message"
Skiers and Riders -- http://www.snowjournal.com
I have to hand it to who thought of this one. It is a good simple idea!
I am not a spamer and hate spam, but I think that who ever developed this should get a pat on the back, it is a good idea.
I am glad that I don't have to worry about it here, XWindows baby.
While you're at it disable Remote Registry while you are at it. It truly amazes what services Microsoft deems the average user needs running. I find the whole concept of Remote Registry particularly disturbing.
"Cool this service allows people to modify my registry remotely, sweet!"
While I know there are some legitimate and possibly useful reasons to have these services enabled, why on earth are they enabled by default?
"The words of the prophets are written on the Slashdot walls."
I'm an admin for one of the larger university's in the south, XXXXXXXXXX.edu (name changed to protect the clueless) that doesn't have a firewall. This is due to the fact it's part of a teaching hospital, and has a historical policy of openness. Last week we recieved a windows popup message across most of the campus containing preformatted SPAM text. I don't know how the formatting was done...but some one else has already started this crap.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
...we just talked about this :-)
There were many helpful suggestions in those posts.
THERE IS NO DATA. THERE IS O
Trillian is nice, though.
*This page intentionally left pointless*
Is your PC insecure?
You could be in danger right now of unauthorised attack!
Use Linux/Unix instead
Rake Free + Mac Poker: CardCrusade
C:\> net stop messenger
The Messenger service is stopping.
The Messenger service was stopped successfully.
Then when you're up for it, just disable the service entirely from the services administration tool. It won't break any workstation functionality.
So what's next? Spam on my HP Printer?
Much worse in my opinion. MSN Messenger could be uninstalled.
"History doesn't repeat itself, but it does rhyme." Mark Twain
What kind of person would read and post on /. without having a secure computer with a firewall. it pretty much comes with the title of nerd to have a secure computer.
Slash-for-Thought
If anyone know how to filter the message without turning messanger off and without using a firewall please let me know.
smbclient -M OEM_COMPUTER -I 123.123.123.123 -M "Hello, It's time you switch over to Linux!!"
Don't tell the spammers that there's already a utility that can abuse the messenger service. There is no such thing as the net.exe command line utility.
If your NETBIOS ports are open, getting spam should be the least of your worries. You'll be too busy dodging winnuke attacks and fileshare scans/cracking. Close off ports 137 and 138 on any WAN connections. Of course, any competent windows network admin already knows this.
Entrepreneur : (noun), French for "unemployed"
Couldn't law enforcement nail them for using this kind of method? Assuming the spammers in question could be found, of course? This isn't a case where you visit a website, and an affiliate's popup ad appears. The argument could be made that if you visit a site voluntarily, you can't hold them accountable for popups. And while mail spam is annoying, it's legal if certain procedures are followed (but that's another rant entirely). It seems to me that THIS method is so intrusive as to warrant prosecution. Unfortunately, even if I'm right, it's pissing in the wind to hope for any legal redress. If the internet ever dies, it won't be because of government tyranny or the RIAA. It'll die because people will become so fed up with the spam and porn shoveled at them, they'll just turn it off.
Life is hard, and the world is cruel
Apples and oranges, man...
MSN Messenger != Windows Messenger
All I want is a kind word, a warm bed and unlimited power.
I send you this popup in order to ask your advice...
Method of choice? I really don't think so. Instant messaging spam (the reason I don't use ICQ) happens quite often and I don't think it's had an effect on e-mail spam. And besides, all you need to do is properly set up a firewall to block it: something you should do for security reasons anyway. So I'd say e-mail and IM spam will be most prevalent, along with snail-spam (traditional junk mail.)
This is talking about Windows Messaging Service, which is part of Win NT/2K/XP, not the MSN Messenger program.
Honest mistake though. Oh yeah, and if you're in windows trillian does seem better overall.
Yet another tool in the m$ security arsenal.
"Oh well, if you use Winodws [insert >XP version here], then this won't be an issue because the new uber protocol solves this. Unfortunately, you're only entitled to an upgrade and not a service pack."
This will of course break Samba, but hey, all in the name of the freedom to innovate.
MSN Messenger and Windows Messaging are two seperate things.
"I have customers who call me back and tell me they love it and it generates hundreds of calls right away," said Kovacs.
What about the thousands of calls that go something like, "YOU MOTHER F*CKER!!! STOP MAKING THESE F*CKING POPUPS COME UP WHEN I'M PLAYING COUNTERSTRIKE OR I'LL F*CKING RIP OFF YOUR F*CKING HEAD AND F*CKING SH*T DOWN YOUR F*CKING NECK!!!!!"
Sorry, I don't have anything else to say. The stupid lameness filter is censoring my post for yelling.
On ICQ. That was the main reason why I stopped using the service. It doesn't surprise me that spammers are looking for new mediums to spam people on. Messaging is the newest one. At least AIM still has the 'only let people on my buddy list contact me.'
If a and b in c, and a can create b, and a can create a, and b can create b, and b cannot create a, then a created c.
...on a laptop of mine i just plugged into the hub for a few seconds to grab some files. Actually took me a few minutes to figure out WTF had occured, until i realized i'd never bothered to turn the messenger service off.
I attend Arizona State University in Tempe and got a couple of these while I had my laptop connected to their WiFi network. Then I wised up and just turned the useless messaging service off. I also have a relative that works at the west satallite campus and says she has gotten them while at work.
They're all running under the domain account 'Administrator' and are advertising cheap degree programs online or something.
I've been receiving a few of these over the last couple of months on my Win2k box, and I try to send messages back to them, which of course doesn't work.
If anyone knows how to disable receiving the messages, I'd be very thankful, because from what searching I did I couldn't figure out how to do it. Thanks.
There are clones of messenger even for linux.
Try for example gaim, or Amsn.
Both of them work great.
Overlord
I had this happen to me. I have a pretty strong mandrake-linux system that I use for a broadband NAT/firewall at home. While it was down for maintanence, my roommate (who runs windows XP) needed to be online. So I hooked him up, and within 5 minutes, he had been WinPOPup spammed. It is actually frightening to know that they had noticed us that quickly.
"In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos
1. Log on as administrator or at least with an account that has admin access.
2. Enter control panel
3. Enter "Administrative Tools"
4. Enter "Services"
5. Scroll down and find "Messenger"
6. Right click > properties > startup type > Disabled.
Scroll through the list and see if there's anything else you might want to disable. (You know, like remote registry editing and all that stuff that Microsoft enabled so you wouldn't have to be troubled to do it yourself :-)
Disable the Messenger service in services.msc, or just "net stop Messenger".
... youll see that the messager service uses port 135, not 137 or 139.
OK. I made a dumb error and jumped the gun before my brain processed the meat of the article.
Sorry...
Start -> Administrative Tools -> Computer Management
When that comes up, expand 'Services and Applications', and click on Services.
Scroll down to find "Messenger". Right-click and go to Properties. Set 'Startup Type' to 'Disabled'. Hit 'STop' to stop the service. Click OK. Close Computer Management.
Done. You're now clear.
(Many people won't need this. But I'm sure at least one person will.)
Brazil has decided you're cute.
I just installed a cable modem the other day and haven't put a firewall up yet (no time, stupid grad school!@#) ... within an hour of connecting to winmx, i got like 3 of these. they suck!!@#
Paizurishitetai desu ka?
NET STOP MESSENGER
That's all we did here in the lab and it took care of things quite nicely.
It's not very Newtonian to be running services that you just simply do not need! Newton was a very smart man who took advantage of several areas that he was able to, but I doubt he would ever have wastefully ran services that he didn't ever use.
Please be smart and think/act like a physicist. Just don't stop brushing your teeth/hair or start wearing Spandex(TM) pants and bicycle helmets to work -- that's just plain weird!
Ah well, back to the lab...
Department of Physics and Atmospheric Science, Dalhousie University, Halifax, N.S., Canada, B3H 3J5
Windows Messaging is...
( ) An Instant Message client
( ) A method of sending popups
( ) An Email Client
( ) My own worst enemy
( ) Cowboy Neal's Little Secret
I don't do this for karma, I do it for cash. It's much better.
almost as amusing as watching you try to spell asinine. ;)
A local university ehre is having some serious issues with that. Of course, people using Macs or Linux are once again quite exuberant about the fact that they aren't affected.
And closing the port or disabling the service on individual systems may not be possible, because different applications need to use the service for other uses. Printer servers for example use it for notification of print job status.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
Just try out this link:
http://www.fast-rewind.com/heathers.htm
Remember: NT/2000/XP with messaging service on only.
You should see it before the java popup, and it should say something about comming at their site from outside their menu.
two weeks ago, we had a big hulabaloo here at uiuc.edu because of this. all the win2k/xp machines on all of campus still running the messenger service got a popup describing how great our lives would be if only we had a diploma from a non-accredited university. most of the "administrative" users assumed it was a virus and panicked. then three more of the same came in this morning.
i just wish windows would log things like the origin of said messages so the abuse could be addressed at its source.
Your signature gave me horrible flashbacks to CS at RIT.
!!aaahhh.make
thanks a lot!
THERE IS NO DATA. THERE IS O
If you've got a machine out on the internet and you've windows networking turned on, you've probably got bigger problems.
A couple years ago, a co-worker of mine were at his house when he turned on windows networking and set his domain to "WORKGROUP" did the obligatory reboot suffle and started surfing all the shares in the area. It was hilarious, people had their entire C:\ drives shared, etc. Needless to say, after we got him setup with a firewall (linux/maq box) sure enough the logs just rolled with people trying to connect to ports 137/138/139. In one regard may ISP's block the netbios ports on their ingress and egress gateways.
Yes Francis, the world has gone crazy.
I already got this. Thought it would be a one time thing like alot of stuff untill I got it 4 days in a row. So needless to say I disabled the messenger service. Not like I ever use it for anything important anyway.
https://www.accountkiller.com/removal-requested
I use trillian, and most people I know use AOL. A few use Yahoo. I've not met many people who use MS messenger. This seems like a non-issue
~ now you know
I already get this in the computer lab at school.
A net message popped up telling us how to get college degrees for only $20, and PhDs for something like $50.
Its only a matter of time before we start getting spammed on our cell phone SMS services. (they do that, and I'll go to their office and personally demand they pay me the $.02 it costs me to recieve their messages)
This new form of spam is called messenger spam. Messenger (not to be confused with MSN messenger) is a service that is loaded by default upon the startup of Windows XP/2000/NT. Microsoft has used the messenger service for a number of years to send messages between its servers and clients. Here is Microsoft's official description of the messenger service....
The article was posted in March.
Firewall your damned machine! Allow in only what you need to allow in, or responses to requests sent outbound. Not only will it protect against this, but all the other crap people will figure out in the future as well.
Gong!
read the post big guy.
'the messenger service, not to be confused with microsofts instant messaging product'
What kind of person would read and post on /. without having a secure computer with a firewall. it pretty much comes with the title of nerd to have a secure computer.
Well, it wouldn't be Slashdot if there weren't stories to make a bunch of poorly-socialized jerks feel superior.
You run a firewall and for you, EVERYTHING is a file. Congrats! You're an egotist and even less useful to society!
One of our gateway boxes is terribly insecure, and gets these pretty much every day now.
It's usually selling "diplomas from prestigious non-accredited Universities, based on work experience. No testing or coursework required"
I guess not locking down the box, they just assume we'd be stupid enough to fall for it.
Every once in awhile I'll do a
"NET SEND * ALL YOUR BASE ARE BELONG TO US"
Noone here has a clue what it means or where it came from.
I don't need no instructions to know how to rock!!!!
How will this affect Samba-enabled hosts? IRC you can deselect this in the .conf, and of course ports 137/138/139 should be closed on a WAN.
This is not my sandwich.
b/c originally, Windowas development wasn't focused on security.
Duh.
http://www.techtv.com/screensavers/answerstips/sto ry/0,24330,3374542,00.htm
A better article.
Also note that Windows 2000 server, mine at least : ) only displays the first 26 messages it receives. I tried flooding the server, but no real problem there.
A funny side note is that this net send protocol used to be able to transfer files... now that would have been a bit more interesting.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Now that this is out, my NET SEND pranks in IRC won't be as much fun anymore!
Sorry but I use remote registry service daily. If you want to do performance monitoring on a remote pc you need remote registry right because the perfdata is a section of the registry. It's also nice when you have a busted uninstaller and need to cleanup the registry before a reboot for a remote client, it's saved me a couple days worth of travel time this year alone! Whether it should have the default permissions that MS sets is another matter, but that is true for just about any MS default.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
net send (user name / machine name / ip address) "your message here"
20 goto 10 if you want to batch it.
In 9x, "winpopup" in the windows directory must be open.
Easier still, (NT/2K/XP) right-click My Computer, select manage. Action -> All Tasks -> Send Console Message. Now you've got your GUI.
Shouldn't this be considered some sort of hack attempt by some group of lawmakers? Their "service" is basically hiding itself by tunneling though a port its not supposed to go though to get to the target machine,circumventing security measures on the firewall. That should sound like hacking to non-technical savvy group of judges. Well...atleast my teachers and vice principal back in High School thought I was hacking the school computers when I sent out a message using netsend proclaiming my love/lust for one of the cheerleaders...
Damn...if I had thought of it (and if I didn't think Internet advertising is evil), I could've made a mint off all of the lusers who let their servers get infected with Code Red! If I had figured out how to do something similar with Nimda, I could've made an even bigger killing!
(Details of my adventures with Code Red are up here. The live counter is gone now because my rusty SQL skillz resulted in MySQL thrashing away for more than a minute to generate four numbers.)
20 January 2017: the End of an Error.
Saw this a while ago, looks like it could be fun:
Slap:If your like me you run firewall software that tells you when someone tries to access your system. Sometimes I respond with a few packets of my own just to let them know that I am paying attention. I wrote Slap to make responding to these access attempts easier and more entertaining. Just enter the IP address of the person you wish to slap and click on the Slap button. The program will attempt to access all the ports in the list and send them a packet with a personal message. (The default message is 'Leave Me Alone!') Slap integrates with Black Ice and Zone Alarm and can use information received from these software firewalls to "Auto Slap" intruders and add their attacks to your list of responses. --Here is a cool Wav file to use with this.
$700? You've got to be kidding me. I'm not going to waste the time, but it wouldn't be to difficult to make a perl script that increments an IP address range and calls smbclient -M... In fact, it would be really easy for someone to do this one time and send a link to the tone of "Tired of annoying messages like this? Go to www.xxx.net to find out how to eliminate messages like this forever." And that would be the end of this problem. Unfortunately, if you did this as a regular citizen, you'd have the FBI crashing through your window in no time for "hacking"...
Sad really.
Russian Russian Russian RussianDollSig DollSig DollSig DollSig
note the sig my friend...note the sig....
spelling nazi... = )
-Tolerate my intolerance
now, I know that the debian stable tree has had a client for these
messages forever, but what about a linux port or something that runs on alpha processors?
is probably worth more than the one I have from JMU, that's why they're all pissed off about it.
There's already a freeware version called smbclient. You can get it from samba.org. Why pay $700? Knowing this, you can see that spammers can get a hold of a tool like this for little money.
I'm also suprised somebody hasn't thought of this yet... With all those spammers trying to get by all the filters and everything...
Every exploit eventually produces a patch (or make people aware) to make the default OS settings a bit less brain-dead stupid open. People actually connect to the Internet these days.
Since these things are going out over 135, wouldn't someone be able to just fire one back at them?
Assuming that
1) they run windows
2) they are not to smart about their firewall rules?
If the slashdot effect would work on the following fax number? Fax: Toll Free:1-800-323-2145
smbclient and a quick script can achieve this rapidly too.
Frankly, the only time I've seen it used is when I annoy the hell out of my co-workers by sending them anonymous popus using this lovely piece of Windows software.
that's cute, but often the ip you have is not the origin, but a hapless victim
which is being used to launch the attack and/or hide the tracks of the real blackhat
by sending data back to that ip, you may be unwittingly being used to help the intruder hide
and you may appear to be the intruder in the logs of the machine which the blackhat is using as a stepping stone
that's probably not what you are trying to do
and that's why I just add those ips to a droplist instead of sending data back
was referring to the customers who bought the spam-ware in order to spam people. Of course these customers loved it, they inserted commercials on sombody's screen.
A Good Troll is better than a Bad Human.
Notice: Please do not use this software for spamming. If you do so, you will take full responsibility for your actions. This software is made to send advertising or system messages to your own network.
Yeah, I can really see my system admin spending $700 on this to send "completely anonymous and virtually untraceable" notices about system events. It would definitely "mean more business to" him.
I used to use it to message people that weren't running ICQ and ask them to start it up so that I could talk to them.
May we never see th
Is to go into the services panel, and turn off Windows Messenging Service.
For the record on WinXP, go Control Panel > Adminstrative Tools > Services. Find and highlight the service call 'Messenger'. Right click and select the menu option 'Stop'. This will stop the service until you reboot. To prevent the service from starting on boot, on the menu that has 'Stop', instead select 'Properties'. On the window the appears, find the section (with a dropdown menu) called 'Startup type:' and change this setting from 'Automatic' to 'Manual' (or 'Disable' if you're certain you never ever want this Windows for Workgroups feature).
Or we could just bitch about it on /.
Why choose? We can do both. I'm a multitasking fool.
by rimba!
"never met a Microsoft zealot"
I tried quite a few nbtstat tricks before I gave up reverse-mapping by NetBIOS name and determined they were external and not from a zombie host inside the firewall.
The tricky part is that they use UDP, since many firewalls "forget" to filter it unless you remind them with a CLI, sledgehammer, and repeated threats to use an etherkiller.
There's no reason to let UDP ports below 1024 in from outside your network, except for the specific services you're running, to the specific servers you're running them on.
Jouster
don't knock it, it's got it's own key!
I just saw this for the first time the other day. A coworker got hit with a message, and sent me a screen capture. At first I thought it was a browser pop-up made to look like NetBIOS message...
Anyway, another reason to be glad I run a Mac OSX box at home.
--ST
http://www.theMediaBunker.com
Yes, this was talked about earlier. Some of the comments provided then were helpful, others less than so. There was a lot of FUD about how using any form of share or NetBIOS at all meant that you were "already hacked." If an administrator knows what they're doing, that's not true.
I work at a large university. The obvious solutions don't quite work for us. We'd like to be able to block 135-139. However, some of us are required to use Outlook. *pause* On an Exchange server. *pause* And, we've been told that some of the Outlook functionality depends on the Messenger service being available.
I block it. But not everyone (particularly some administrative staff and some professors) has the technical knowledge to do so, and some people actually use it.
....I don't see how this is a problem for me (I use GNU/Linux =P )
For anyone that has control of your external router, just block port 139 from entering your network. For cisco devices setup an extended access list that block UDP/TCP on 139 and apply it to inbound packets on your external interface. Just remember to make your last line of the access list "allow ip any any" or you will suddenly notice that you have no connectivity as cisco's access lists default to deny unless specified. :)
As for people saying "turn off the messenger service", there are actually valid uses for winpopups. At my last work, I set up a few perl scripts that would use smbclient to warn Samba users when they were over quota. Before that, users would go over quota and wouldn't know about it until things broke after the grace period.
Obviously, you should be filter Netbios ports at the firewall unless you have a damn good reason to have internet access to them. If someone in your network is using this program to spam, the LART them appropriately.
"... and then my computer was like beep beep beep and I was waist deep in a Nigerian money-laundering scheme!"
(Ellen Feiss parodies are destined to replace underpants gnome business plans.. Do not resist)
I don't need no instructions to know how to rock!!!!
I am glad that I don't have to worry about it here, XWindows baby.
If anything, a poorly configured X server would be even MORE annoying. If you let anyone attach to your X session remotely, they could display pretty much anything on your screen, not just annoying pop-up messages.
I love X, but you have to be careful with it too.
Cheers,
Vic
Microsoft should change it's name to BOHICA. Bend Over Here It Comes Again.
I don't suffer from insanity, I enjoy every minute of it.
I had 2 or 3 of these things popup before...so I ran Ad-aware and it came up empty handed. Perhaps this would be a good thing to include in ad-aware...just a little reminder that windows messaging is enabled, explain why it can lead to spam, and that disabling it is harmless.
I'll say one thing tho...I must have disabled about 10 or 12 things in the Services menu including a LOT of "remote" stuff to remotely control the PC and the windows update feature that I specifically told windows NOT to do.
We used to do this in our company: /l %i in (0 1 1000000) do net send victimip HAHAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHAHAHA
:(
for
Because the focus is not automatically redirected to the popup message (so that you don't get annoyed by it stealing it while you are typing) this makes it a HUGE annoyance to the victim. They have to manually click all 1 million popups (no holding down the enter key). Or reboot.
I had to download a GUI automation tool that would just send the enter key to a specific window title, just to stop it. Our company didn't allow control of services and they used net send for administrative alerts
A few days ago I made a batch file that flooded every computer in the room in my (lame)computer programming class... The teachers computer is set up with a projector, and he was trying to do somthing but couldn't because he was recieving so many messages. Needless to say, they didn't find it very funny, and they said that anyone who uses net send will lose their internet privlige, lol, our network admin is a fucking fat epsilon semi-moron =/
This is from my previous post at http://slashdot.org/comments.pl?sid=42016&cid=4432 394
a d_license.htm. You will occasionally find that it interferese with pages that make heavy use of Javascript, but you can turn it off when needed. The added protection from annoying web sites is worth the small inconvenience it may sometimes cause.
Note, I'm not karma whoring, I could care less.
--
(You will have to graduate from newbie status in order to take advantage of my advice. This means that you will have to climb the learning curve and actually go read some stuff. You can spend a chunk of cash on products to avoid doing just that, but that's much less fun.)
If you're doing things like turning on file sharing or sharing printers, it's (supposedly) very easy to hack you. I say supposedly only because I haven't actually tried this. It's such an infamous hole though that I do believe it. To turn this off, unbind the NetBIOS protocol from the modem/network card that connects you to the Internet. In Windows 2000, that you means you go to the Properties for your network connection (in the Control Panel) and uncheck the 'File and Printer Sharing for Microsoft Networks' option. (It's very easy to fix this in Win9x too using roughly the same technique.) You may have to reboot, I don't recall. That problem will then be solved.
Now to protect yourself from other intrusions and threats.
If you're just running a dial-up connection and don't leave your machine on the network for extended periods of time, then a product like ZoneAlarm (www.zonelabs.com - look for the free version) will serve you well. Actually, it serves you well in two ways: 1) it protects your machine from the outside world coming into your machine in an unauthorized fashion and 2) it protects adware on your machine from phoning home without your permission (actually it prevents everything from using the Internet until you grant permission, not just adware). This is sufficient for dialup.
For broadband users and users who want to leave their machine on the Internet for extended periods of time (more than a couple hours at a time), I recommend using an honest to goodness separate firewall. There is a lot that can be said about this, far more than I know really, but I well give you a couple pointers.
First of all, one of your options is to use a second PC as the firewall. It will need to have 2 network cards, you will need a router or hub for your home LAN, and you will have to get the cable modem (or DSL for that matter; with which I have no experience - shouldn't be too hard) working with that extra PC (via Windows would be easiest to start with). Once that's setup, go grab a Linux distribution like IPCop (or SmoothWall - they're very similar, in fact they were the same product at one time), and install it on that PC. It will require that you reformat the hard drive, so don't plan on storing any files on it. A small hard drive is sufficient. There are FAQs and forums on the IPCop and SmoothWall sites that will help get you setup.
Your second option in the category of 'real protection' (for home users anyway) is to just go buy a hardware firewall. So instead of a second PC, you just go buy a device that does essentially the same thing. I won't go into detail on these as I have no experience with them. I just thought you should know about them.
Two last points:
-PLEASE keep a current anti-virus product actively running on your machine and keep it up to date. If you need a free one, go to http://www.grisoft.com to get the free personal version of the AVG anti-virus product. This one has saved my butt several times from several infections. It may or may not be the best product out there, but it works for me.
-To protect yourself from browser window popups and other shenanigans, go grab WebWasher at http://www.webwasher.com/en/products/wwash/downlo
As always, this advice is just a starting point. Today's perfect security solution may be an open door tomorrow. It's up to you to keep yourself informed and to take action when problems arise.
Good luck and have fun!
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
Back in my last place, a dot-com that failed miserably, we used it as a poor mans IM. Not sure why, because we could download anything we wanted and get real IM clients, but it was a geek thing, so we did it anyway. He used the DOS "net send" stuff, and i used the samba equivalent. It was goofy, mostly we talked shit about management. I'm just surprised it took spammers this long to use it.
The only time it's really a problem is Critical Mass.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"player 4 hit player 1 with 0 stroms"
You could use something like:
smb.conf:
message command = csh -c '/etc/winpopup-script %s %t %f' &
winpopup-script:
#!/bin/sh
test -f "$1" && rm -f "$1"
nmap "$3" | mail root -s "winpopup luser : $3 (`date`)"
(to be improved a lot, of course)
While you're at it disable Remote Registry while you are at it. It truly amazes what services Microsoft deems the average user needs running. I find the whole concept of Remote Registry particularly disturbing.
"Cool this service allows people to modify my registry remotely, sweet!"
You do realize that you have to provide authentication (ie. username/pwd) for this to work, don't you? You can't just wander around networks checking out others' systems.
Simon
Coming soon - pyrogyra
A lot of "Paper MCSEs" understand this because the networking exam covers the OSI model. The same thing goes for those "Paper CCNAs".
Here's how it works. When I do a net send "Message", the following occurs. Once the data portion of the net send information is formatted by the appropriate layers, it's handed down to the protocol layer and wrapped in a UDP header with a port number. UDP is the protocol responsible for maintaining a communication session between hosts. The port number is like an apartment number in a street address. A lot of services have to talk using the UDP protocol, so it's divided into port numbers (As an FYI, the same is done for TCP). This in turn is handed down to the network layer where it will get a source and destination address stamp (The IP addresses). That in turn is handed down to the data link layer which stamps on the source and destination MAC addresses (Your computer and the default gateway). From there, it hits the physical layer and is on the wire. Along the way, the data link layer changes every hop that is made because the MAC addresses involved change at each router hop. Once it gets to the destination IP address, the recipient strips off the layers to reveal the data. It knows to hand that data up to the NetBIOS services because they're the ones listening on UDP port 138. Finally, you get a little window trying to sell pr0n. Here's a picture that shows the different layers of a TCP packet and their function.
Here's a rundown on NetBIOS port usage.
UDP port 137 is used for NetBIOS name resolution.
UDP port 138 is used for browsing, domain authentication, and datagrams (This is what the messenger service uses).
TCP port 139 is used for the actual session. This is what you transfer files through.
TCP port 135 is the RPC service. Some people often confuse it with the NetBIOS ports. I don't know why.
So, technically, you'll want to block UDP ports 137 and 138 and TCP port 139. Unfortunately, a lot of home equipment is geared towards the novice and they don't separate the UDP and TCP protocols. You are forced to block both TCP and UDP for any given port number. Because of this, you end up blocking more than is required.
For those interested in this brief tutorial, I highly encourage you to get a CCNA study guide even if you're not going to get the certification. Lots of valuable networking info.
Lucas
MCSE, CCNA, Ex-Microsoft NT Networking and Security Support Rep
In a business intranet, there may be uses for this service. But for a machine connected to the public internet (i.e. a spam target), there's simply no excuse for letting packets in unless they're running on a protocol you know you want to support across the net. For most couch potatoes at home, that means responses to outgoing queries, plus incoming packets on any Instant Messenger, Games, and P2P File Sharing type application you are running. If you're also running a web server, then there's that too. For couch potatoes at work, there may be all sorts of stuff, but there's no reason the business firewall should be letting them in from unknown sources.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Kovacs sells the spamware. His customers are spammers. Most of the spam victims don't know to call Kovacs and yell at him, so all he gets is positive feedback, plus the occasional customer who's disappointed about not getting lots of calls. The spammers are spamming for 1-900-fone-sex, and really don't care if the spam victim calls to talk dirty to them or calls to yell at them, because its $3.99/minute either way.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
WARNING: above instructions will cause GOATSE to appear inside your computer.
Never happened to me though, but then I run a firewall (and just disabled the Messenger service).
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
'The client software hasn't been widely distributed' - what about Samba? I've used the smbclient program to send messages to Windows PCs.
Fortunately this annoyance is easy to fix - just turn off the useless Messenger service in Windows. In fact, turn off all the Windows services except for OLE and Spooler.
-- Ed Avis ed@membled.com
...spam and porn MADE the internet!
Who wouldn't want to check their email everyday containing promises for bigger penises and hot nasty teen bitches???
Seriously, though, spam and porn seem to be the only two business aspects of the Internet that consistently turn profits, and it's been that way for the last 5 or 6 years, at least. And if these two areas are the ones turning a profit for so long, I am hard-pressed to see the circumstances that would cause people to immediately stop spending their money on such shit and just "turn it off".
While a nice thought for the idealist, for the realist, it doesn't make much sense at all.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
You forgot the rest. 135,137,138,139 & 445. UDP and TCP to be sure.
In this case, it doesn't sound like the spamware lets the spammer relay their traffic through another machine - it's probably coming directly from them. Slapping them may actually be fun - here you are, some poor slob who bought a package telling you how you can M8ke Munny Fast! by promoting your 1-900-sex-spam line, you start this thing up on your PC, and now you've got 500 popup windows on your screen telling you to stop bothering people, plus one more saying that all your base are belong to them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
At the last place I worked, we had a number of IPs assigned. This made it painfully obvious in the logs when some script kiddie was port scanning us. On a couple occaisions we found that the machine scanning us had netsend active and availble, so we net sended them telling them to stop port scanning or we would take action. We could just picture the 13 year-old kid at the other end freakin out at this message popping up on their monitor.
True. I stand corrected. :)
One nitpick is that you don't need products like WebWasher if you're running Mozilla - you can set it not to "Open Unrequested Windows", and 95% of that stuff just vanishes.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
open up the advanced tab of you TCP/IP settings and goto the WINS tab and click 'disable NetBIOS over TCP/IP' and then 'OK'.
-witty
I first noticed this about a month ago on my roomates PC (he shares the DSL connection). I disabled the service, thought it was pretty clever though.
Is there much consensus out there about best practices for university network and firewall administration, or things to watch out for that they didn't teach you in business-related training?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
There's more information on my broadband security page in the NET SEND section.
I know my corp would flame the hell out of the source if we were to receive that stuff.
If you read the wired article and follow the link to the "dispute," AOL sued this company over their icq spam engine. It's important to notice, however, that they sued them over the *trademark* icq (which they infringed upon,) not the underlying spam problem.
Slashdot 's editors are dickheads
We have been able to do this for years with smbclient from samba. This is not news.
smbclient -n nowhere -U God -M
It's not like this is hard folks.
What about altering the service so that instead of just popping up a window that you can do nothing with but close, there would exist an additional button [REPLY] on the pop up message window, which would then allow you to respond to the alert message as you see fit? (Sending a message back to the source via the same net send facility that they used to send data to you).
Now I presume, of course, that an authorized administrator would have a large say in what services are going to be running on the computers in his domain, so if he wasn't interested in fielding replies to his authorized alert messages, he could simply have the requirement that the normal "one-way" messenger is the one that gets installed on the domain machines. Meanwhile, unauthorized sends would find themselves the target of maybe hundreds or thousands of replies, potentially causing a D.O.S. for them, even if they weren't actually running the messenger service themselves.
Of course, the new messenger service would also log the time, date, and originating IP of the sender, so that it can be confirmed later -- even if the sender does not happen to be running the messenger service himself.
Now I realize that this doesn't do a thing for handling people who fake their IP address, but I'd bet it go some distance to making this virtually unusable by most of the people who would just use such tools to spam.
File under 'M' for 'Manic ranting'
I decided it's easier to just install Tiny firewall on all the boxes
Well, there you have it, folks. The administrative interface to manage services on Windows sucks bollocks, which is why Windows boxes run personal firewalls. I could never figure out the point of personal firewalls...it turns out they *don't* have a point, as long as you're on Linux.
May we never see th
The same spam I get in my Hotmail hit me last week through Windows messenger:
"U N I V E R S I T Y D I P L O M A S"
Notice the spacing designed to avoid word filtering? It looks like these guys are thinking ahead!
Anyone running with xhost access control is asking for trouble. If you're security conscious, tunnel your X session over ssh.
My school has recently had a big problem with this. Students used a lameass program called NetHail. I remember doing the same thing with smbclient, and a perl script though...
I come home one night to find one of these on my desktops... I thought it was funny and just happen to have taken a screen shot
Messenger_Service_Spam.gif
There is no
Seems if you go to a tech school you should be smart enough to figure out how to install a spell checker.
Much of the Messenger spam is coming in through the RPC service on port 135. You'll want to block that or turn it off as well.
We just got this at the University of Arizona. Well we do block NetBIOS at the border AND one of the systems that got the popup has a firewall on it that only allows access from certian networks. So it was an on campus thing.
Everyone's Internet, aka EV1.net -- parent company of the somewhat fly-by-night colocation service rackshack.net -- is cited in this article as being the source or host of the source of some of these messages. They'd be a good target for a wider investigation. EV1.net is one of companies where the pretty website belies what is a very scamlike service.
t ion=/home/common/www/mis67/report.php&bureau=hous& compid=23000212
In the early days of rackshack.net, they were cited across the board as not delivering Sun Cobalt RAQ servers people had ordered months ahead of time. The company was revealed to be the equivalent of one bright kid in his basement. And yet somehow they survived the complaints and stay online. How? Through bogus "testimonials" on independent web hosting forums and tons of somewhat flashy advertising. EV1 is everywhere where the poor web host would look (sponsoring web host directories, ads in free hosting magazines, on google under keywords like "CHEAP ASP HOST MONITORER"), so they appear to be reputable. Their record tells another story. For every small business who enjoys the service they get with EV1, there is another with huge overbandwidth charges, billing issues, misdelivered software or no response at all. Their "set up fees" cover the entire cost of buying the read-to-wear servers they "lease" without any ownership documents changing hands.
The images of "their" server housing feature some logos that are fairly obviously photoshopped on. Clip art's one thing, but inferring it's your property is just disingenuine (sp).
I wouldn't be surprised if nothing ever comes of complaints to EV1, nor would I be surprised if EV1 was doing the spamming itself. Just look at its Better Business Bureau records and you'll see...these guys are at the very bottom of the internet food chain, giving all the local datacenters and colocation services a bad name. I'm posting this anonymously, because last time I posted a comment about them I was threatened with -- but not served with -- legal reprecussions. Barratry's more than just a dyslexic spelling of "Battery."
http://worf.usshurdman.com/~hous/common.html?loca
http://ask.slashdot.org/article.pl?sid=02/10/10/19 45240&mode=thread&tid=111
Stopping NetBIOS Spam?
[ Spam ]Posted by Cliff on Friday October 11, @02:45AM
from the nothing-is-sacred dept.
MoonFacedAssassin asks: "I woke up this morning to find that my computer had a Windows messaging pop-up window with an advertisement about getting diplomas and degrees. I was quite shocked to find that my Bellsouth DSL IP address had been spammed. Has this happened to anyone else? Other than closing off the port which this can come through, are there any other ways to block this spam? And, how responsible is Bellsouth (or any ISP for that matter) in handling issues like this?"
He probably dosen't use OS X and can't spellcheck his slashdot entry boxes.
(rimshot)
I'm glad to see this feature. When I was managing a very large multiuser application, from time to time, I would have to close some sessions were causing problems. Or I would see a problem going on, and would like to know more about what they see on their end. But armed with only an IP address and a vauge hostname, I could only track them reliably as far as what building they were in. "If only I could hit their walld", I said.
BTW, at the same time, UNIX users are in for a treat if their syslogd can accept outside messages. (Default behavior on many OSs, but has been changing.)
Think "kernel.crit".
I have AT&T cable modem and have gotten a few of these. I am behind a NAT router, but do not have my firewall turned on. The interesting thing is that I tried messenging the spammer back to tell him what I thought of getting this message and it was blocked. So apparently he has a firewall setup correctly.
I've seen several posts now where the following text is read wrong (either by reading to fast, or skimming, or something). Figgered I'd clear up the confusion...
Zoltan Kovacs, founder of DirectAdvertiser.com, said the company has sold about 200 copies of the program since launching two months ago. According to Kovacs, the software is ideal for advertising 900-number and other telephone services.
"I have customers who call me back and tell me they love it and it generates hundreds of calls right away," said Kovacs, who noted that Direct Advertiser is a good alternative to bulk e-mail because its messages are not regulated by spam laws.
The above doesn't mean that Joe User, sitting at his desk receiving all the spam via this new method, is calling and saying how they love it -- as several posts have noted. It means that Joe Spammer, the lowest form of life on earth, is calling and saying how they love the 'product' that directadvertiser.com is selling. World of difference there.
bork bork bork!
Anybody who places a Windows machine on a directly-routable-to-the-Internet network segment is a FREAKIN' MORON who deserves what they get.
Always put yer Widows boxen on an RFC1918 private segment behind some sort of NAT/PAT firewall device and prohibit all inbound netbios traffic.
http://www.slackware.org
There is someone, somewhere, who is sitting in front of their computer thinking...
Their mind has wandered...
SEX...
Sex with the (wo)man of their dreams...
oh, how wonderful life could be... but alas no, not for this poor soul. For they only have a tiny small penis.
And right then, at that very moment just as their dream is being crushed by their own insecurities, up pops Windows Messaging Service:
++ INCREASE THE SIZE OF YOUR PENIS!!!! ++
++ New pill adds 3 inches to your cock! ++
How right it would be for them at that moment, to give this poor poor person some hope in life?
So my question is "Who are we to judge the rights and wrongs of this 'Mass advertising/marketing/spamming' product; a product that might give hope to just one or two of the thousands of millions spammed?"
That said, personally I couldn't give a rats-arse about some spotty virgin geeks' lack of sex - but hey, SOMEBODY SOMEWHERE must actually buy these products. Find that person, kill them, and the whole spamming problem is solved! Surely?!!
---
Lots of love, Zaiffy baby!
I've seen a lot of comments here that say "block the ports". I couldn't agree more. I work at (undisclosed security software vendor) and our vulnerability assessment tool tells administrators to disable this service unless it's absolutely needed. Some applications still use this medium as a way to message certain information (like system wide outages etc) in the same way that the unix 'wall' command does. Anyone who leaves the netBIOS ports open to the world though is just asking for trouble. Earlier the explaination on which ports (135-139 tcp/udp) to block was highly informative but I would say just block all of them from outside connections. I can't think of any examples where it is healthy to keep these open and available. Beyond annoying pop up messages it is possible to enumerate user information via the IPC$ null session bug which is STILL present in default installations of windows machines.
At my old school, there were about 150 computers, all on one subnet, all running NT 4. So one day I discovered NET SEND *. I couldn't stop laughing for a week.
For all you unfortunate XP users out there, you can use the following command to uninstall windows messanger completely, if you so choose..
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
Copy and paste into your run box, click yes to uninstall and your done. Hope this helps..
http://slashome.web1000.com
Why not just use starcrafts built in chat engine. You can say things out loud, team message, as well as individual message to someone.
Hey, the company that makes that ad spamming software has toll free phone and fax numbers... anyone want to add them to some junk fax lists or just fax them couple reams of black paper?
http://www.directadvertiser.com/contact.html
Contact Us
Please email us at support@directadvertiser.com with any questions, comments, or suggestions that you may have. This is the quickest and most efficient way to communicate with us. We will respond to you as soon as possible with a reply, sometimes within the hour but never longer than 24 hours.
Phone:
Toll Free: 1-800-323-2146
Toll Free:1-866-691-7978
Fax:
Toll Free:1-800-323-2145
Closing ports 137 and 138 is not sufficient to block Microsoft file sharing.
In addition TCP 137 is WINS, TCP/UDP 389 is LDAP (Active Directory), UDP 1443 and TCP 1444 are MSDE and SQL Server, and TCP/UDP 1801 is Microsoft Message Queue Server (MSMQ).
Windows 2000 clients will use port 445 for file sharing when talking to Windows 2000 servers, not 139.
You didn't know all that? The bottom line is unless you know every port that your computer might use, you are better off blocking all of them and only open up the ports you know you need.
Imagine it in a perpetual loop, eveyone in the workgroup would get barraged with popups until the fool who clicked yes to the active x warning was found. Pretty annoying reason to have shut down a network.
Is this a new security flaw in Windows?
... Governments are instituted among Men, deriving their just Powers from the Consent of the Governed...
seems to me I should have more time and guts, like an anonymous coward, to make sure I don't spell things incorrectly and insult the being that you are.
-Tolerate my intolerance
Late last month I got an tech susport question about this, the dude even provided a picture of the pop up (which showed his ip) A quick google search, a request in an irc channel, and about 200 popups later. I finally replied with this.
Control Panel
(Preformance and Maintenance) -> Administrative tools
services
Scroll to Messanger
Right click - Stop
Right click - Properties - Startup type = Disabled
I swear I could hear a scream somewhere on campus ^_^
Hi all. I am a student computer technician for Washington State University (www.wsu.edu). We have been seeing these damn popups for a little over a week now both in the Business (I'm a MIS major) labs and at machines in the Student Union Building. We have been mostly accosted by the "Earn a prestegious non-accreditated degree" POS message. Though you might like to know, that yes, this is in the open and spreading.
VNC!
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I wrote myself a little proggie to do this a little over six months ago. I'm a University student and had I known people would pay $700 a shot, I could have made a shitload of money :).
The code for it is really simple, it's a Windows API call called "NetMessageBufferSend". You will be able to find it on the MSDN site. I use this function to send messages to my friends every now and then when I desperately need their attention. I think it's a neat feature, but there are problems.
The problem is, this function trusts that you call it with an identifiable name. Nothing stops you from saying it's from "WEBPOPUP" or anything else for that matter. I have been hit with a single spam to date (enough to annoy me). And what's worse is, when you check your events log, it will only log "WEBPOPUP" and not the IP.
I think Microsoft needs to get on this very soon and make sure when the Window pops up that it will report the IP instead of the specified name. This way we will be able to tell the IP of the message, instead of whatever the sender wants us to see.
On a related note, since when is this legal? I seem to remember getting in trouble for say, connecting to an ftp with "unauthorized" access. I see this as just another form of packet flooding, to a lesser extent. Why is this any different? Or more importantly, who's going to stick up for us?
Actually, there already exists a free client for this... It`s called smbclient and comes as standard with samba.
Using smbclient -M host you are prompted to enter a message and end with ^D, it`s also trivial to:
echo message |smbclient -M host
so mass spamming with smbclient is very possible.
As for people recieveing the msgs, If your running NT.. the message will come up interrupting whatever else your doing, if your on 9x or 3.x then you wont see it unless your running the winpopup program.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
copy/paste the following into a run box:
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
there, it's gone!
My life's goal is to get a score of +3!
This is so easy to do that it is getting unnecessary attention. Apart from Net Send command that other have mentioned, there is a single API call which does this programatically. The API is NetMessageBufferSend. You provide either the machine name or the login name to this API and it will send the message popup to the machine or all the machines that the user has logged in from. I wrote a utility long time back which will send message to multiple people. We used this utility when the email system (Exchange servers ofcourse) will go down and we need to send messages to more than one person. It was very useful and effective way of communication at such times.
The only thing that is bad about this is that the messenger service is running by default which is prone to abuse. But isn't that the way Windows works (everything running by default) ?
- Jalil Vaidya
Kovacs needs to get the shit kicked out of him.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
...spam and porn MADE the internet!
Right about the porn, wrong about the spam. Porn brings customers to the net, spam just irritates them.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Forgive the dumb question, but someone tell a newbie how messenger service reacts to NAT?
i had one of these pop up on my screen yesterday just after the admins had gone home. no explanation, i thought i was going to get reamed for letting some virus into the system, only later did i realize everyone in the labs got one. we need to disable it now because our network admins are first and foremost _windows_ admins, which means that they may or may not own the machines they oversee. they get to deal with a bad^Wbotched^borken^W seriously fucked up pathetic excuse for an operating system from a company that couldn't care two whits for the security of their customer's data, and has, tp my knowlecge, nevfr admiuted amy conplicjty hn tge ptolkfeuatlon!of#cnmourep tipuqcsLINE DISCONNETED REASON LOST
united states nuclear device terrorist bioweapon encryption cocaine korea syria iran iraq columbia cuba
Of course. However, given the number of nasty exploits coming out of the Windows world lately, would you want to take the chance?
"The words of the prophets are written on the Slashdot walls."
Exactly! We do registry edits all the time on remote systems at work. We are simply smart enough to do them via VNC, or at the very least Terminal Services over private vlans.
"The words of the prophets are written on the Slashdot walls."
If you Windows 2K and XP boxes are in a Windows 2K domain, you never have to worry about this. Just set the default domain group policy to set this service to Manual.
I haven't let this service run on any box for well over 2 years.
Moderators, dont mod +5 unless you know it works
The method described above does not disable netbios over tcp/ip - so it has no chance of stopping the popups.
If you firewall off or disable the netbios traffic you should be fine according to microsoft.
I just tested this at home and was unable to disable the popup messages on my win2k box. however firewalling the messanger port or disabling or messanger is a guranteed method of stopping this nonsense.
- Sam
Ive been getting spammed for a couple weeks now.. here is the company
http://www.directadvertiser.com/
I have already been nailed by this spam and believe me it was very frustrating not being able to find the sender! Can any of you guys tell me how I could find the IP of the sender? Although, I don't know what I would do with it...
in girum imus nocte et consumimur igni
Block all inbound TCP and UDP traffic on ports 0..1023 to desktop machines at the firewall. The average desktop/home-user has no business whatsoever listening to the internet on those ports. ftpd / sshd / telnetd / smtpd / NETBIOS, etc, etc. Only servers need to listen to the outside world on those ports. Of course, if you're an advanced hobbyist running a web server, or mailserver, or sshd on your home machine, you'll need to poke a hole in the filters.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Funny how everybody seems to know how to stop the messages from comming in, but no one really seems to stop the problem from emerging in the first place. Let's focus on stopping people from sending then... it would make the world a lot more nicer than it is now...
There is already a free version available
c e/ winpopup-flooder/winpopup-flooder.zip
http://www.computec.ch/software/denial_of_servi
Too many windows NT/2K/XP users have one administrator user called "administrator" with no password. Very very easy to guess...
Make even shorter URLs - 8LN.org
Other fun messages:
Ade_
/
Big Bubbles (no troubles) - what sucks, who sucks and you suck
I submitted this story based on First Hand events ...
2002-09-30 02:10:48 New and more annoying advertising (articles,news) (rejected)
whats the deal with that?
Now comes the fun part. I used to send messages to colleagues going something like this: "You have not used the application for 1 hour. This incident will be reported to your top manager."
The terrified guys suddenly will start using it. Then again I'll send a message - "You still are not using the application !!! This incident will be reported to your CEO !"
This was a fun way to make people go crazy. ;-)
I have an idea for Microsoft innovation.
Imagine how useful a capability it would be if the popup messages could contain HTML, JavaScript and Flash. Even better, what if you couldn't turn it off.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
This may have already been posted but here is the email address for the directadvertising company support@directadvertiser.com lets all send them are comments
Way back at the start of my computer career (1979) we used the VM operating system on our mainframe. For some reason there was a login id for each printer. We also had the ability to send messages to one another; if you knew somebody's login you could send him a message that would pop up on his screen.
Eventually somebody figured out how to log in as our printer and send messsages to various users that they had used up their allotment of paper for the month and would not be allowed to print anything else. Those messages caused a certain amount of confusion in the office!
NetBEUI? What the hell is that? I use UUCP here. It makes my mud run like gravy.
...rwall? I don't know how many times I've seen it running on newbies machines. At least real *nix admins are smart enough to turn it off. Some PeeCee admins that I know think that no M$ ports should ever be blocked.
You could dredge through RFC1001 and 1002 to read lots about the NETBIOS-over-TCP protocols (which use a lot of UDP, and therefore might be spoofable), or read the source code if you're one of those miscreants who snarfed it, or spend a couple of minutes with a sniffer to see what information is passed on the wire in what packets. But you don't really need to, because the way people see the spam is that their system responds to the packet using the default popup application, which displays the sender's NETBIOS name, not their DNS name or IP address, so unless they're running a sniffer, they won't see the IP address (and if they're the type of people who are always running a sniffer in the background, they're probably also the type of people who have port 135 blocked and aren't going to receive the spam...) NETBIOS names are essentially user-settable. That's not always true, if you're on a corporate LAN with Microsoft file/print/wins servers, but if you're not trying to do that, you can set it to whatever you want. Maybe not 127.0.0.1, since that has dots and no alphabetics, but LOCALHOST would work, or you could set it to ADMINISTRATOR if you're trying to social-engineer the recipients, or WORKGROUP if you want a generic built-in Microsoft name.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
A guy at my fraernity once decided to test his new UPS by unplugging it from the wall... so his Win2K box started smb message-spamming the entire house every 2 minutes until I hunted him down and had him turn off the power failure warning over smb braodcast feature in the software that came with the UPS. (I was the Residnt Computer Consultant at the time, so people came to me when they got anoyed.)
A group of n MIT students acts if they have an average IQ of 30 + 120/(1+e^(0.3(n-20))), ... and there were about 30 of us...
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
hip hip hooray!!! let the spammers work for us (opensource users) by annoying the hell out of microsoft users
2 085-10122374. html
r od uctdoc/en/default.asp?url=/windowsxp/home/using/pr oductdoc/en/net_send.asp
GO yonder and spam microsoft's customers to kingdom come...
Downloads
http://downloads-zdnet.com.com/3000-
http://www.microsoft.com/windowsxp/home/using/p
:one
net send %1 "File not found: c:\WINNT\kernel32\NTKERNEL.EXE in EXPLORER.EXE at 0xDEADBEEF. The program will be terminated."
goto one
The feeling persists that no one can simultaneously be a respectable writer
and understand how a refrigerator works, just as no gentleman wears a brown
suit in the city. Colleges may be to blame. English majors are encouraged,
I know, to hate chemistry and physics, and to be proud because they are not
dull and creepy and humorless and war-oriented like the engineers across the
quad. And our most impressive critics have commonly been such English majors,
and they are squeamish about technology to this very day. So it is natural
for them to despise science fiction.
-- Kurt Vonnegut Jr., "Science Fiction"
- this post brought to you by the Automated Last Post Generator...