Slashdot Mirror
Windows/NetBIOS pop-up Spam:
bofus writes "This article from Wired News presents a new way to deliver unsolicited advertising content - the MS Windows Messenger service.
It appears that the client software hasn't been widely distributed yet, but it's probably only a matter of time before a free clone is circulating. This method could become the delivery method of choice for all kinds of unsolicited junk, given the number of unsecured PCs out there.
On the flip side, if you run a relatively secured machine and have some sort of firewall, this probably shouldn't concern you."
two weeks ago, we had a big hulabaloo here at uiuc.edu because of this. all the win2k/xp machines on all of campus still running the messenger service got a popup describing how great our lives would be if only we had a diploma from a non-accredited university. most of the "administrative" users assumed it was a virus and panicked. then three more of the same came in this morning.
i just wish windows would log things like the origin of said messages so the abuse could be addressed at its source.
If you've got a machine out on the internet and you've windows networking turned on, you've probably got bigger problems.
A couple years ago, a co-worker of mine were at his house when he turned on windows networking and set his domain to "WORKGROUP" did the obligatory reboot suffle and started surfing all the shares in the area. It was hilarious, people had their entire C:\ drives shared, etc. Needless to say, after we got him setup with a firewall (linux/maq box) sure enough the logs just rolled with people trying to connect to ports 137/138/139. In one regard may ISP's block the netbios ports on their ingress and egress gateways.
Yes Francis, the world has gone crazy.
$700? You've got to be kidding me. I'm not going to waste the time, but it wouldn't be to difficult to make a perl script that increments an IP address range and calls smbclient -M... In fact, it would be really easy for someone to do this one time and send a link to the tone of "Tired of annoying messages like this? Go to www.xxx.net to find out how to eliminate messages like this forever." And that would be the end of this problem. Unfortunately, if you did this as a regular citizen, you'd have the FBI crashing through your window in no time for "hacking"...
Sad really.
Russian Russian Russian RussianDollSig DollSig DollSig DollSig
not everyone needs it but it sure can be usefull. Our netapps have the ability to send a message before they are taken offline for maintenance (like we did recently when moving from a couple single filers to a f880 cluster). We also use it with our Samba server to notify the users when their print jobs have cleared the queue (great for plotters or very high traffic lasers).
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
that's cute, but often the ip you have is not the origin, but a hapless victim
which is being used to launch the attack and/or hide the tracks of the real blackhat
by sending data back to that ip, you may be unwittingly being used to help the intruder hide
and you may appear to be the intruder in the logs of the machine which the blackhat is using as a stepping stone
that's probably not what you are trying to do
and that's why I just add those ips to a droplist instead of sending data back
I'm glad to see this feature. When I was managing a very large multiuser application, from time to time, I would have to close some sessions were causing problems. Or I would see a problem going on, and would like to know more about what they see on their end. But armed with only an IP address and a vauge hostname, I could only track them reliably as far as what building they were in. "If only I could hit their walld", I said.
BTW, at the same time, UNIX users are in for a treat if their syslogd can accept outside messages. (Default behavior on many OSs, but has been changing.)
Think "kernel.crit".