Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preventing the NT Messenger From Use as a Spam Portal?

Posted by Cliff on from the increasing-the-signal-to-noise-ratio dept.

zbowling (Zac Bowling) asks: "I currently use Comcast cable internet, and I consistently get hit with spam popups. These are not the ones you get from a webpages or media, these are dialog box popups from people scanning all possible IPs for the open messenger port on most NT or Win2k machines. The NT Messenger service (also the same as Novells Network Alert system) is reserved for admins, so they can send messages to the domain or a single workstation for any reason. This service has been taken advantage of by spammers looking for a cheap way to spam someone. One message I got was a spam to get me to buy a firewall product from them to prevent this from happening. I'm sure you can shut of that service or block that port except from people in your subnet. Does anyone know of any resources on the topic?"

6 of 66 comments (clear)

  1. Resource by skinfitz · · Score: 4, Informative

    Does anyone know of any resources on the topic?

    Yes, it's called Google.

  2. Check out by arcadum · · Score: 3, Informative

    This teaches you alot

  3. Shut off the service by Baloo+Ursidae · · Score: 5, Informative

    Go into Control Panel, then Services.
    Scroll down to Messenger and right click, hit Properties.
    Set Startup Type to Disabled.
    If the Service status says Started, click Stop.
    Click OK and close out of Services and Control Panel.

    --
    Help us build a better map!
  4. How the ..... by Korgan · · Score: 3, Informative

    I can't believe this post got this far. A solution can even be found on Yahoo!

    Dude, core rule of running ANY OS is to disable anything you don't use. If you don't know which services/daemons you do or don't need, then install a software based firewall on the OS until you can get help to start securing the OS properly.

    For windows, software like Zone Alarm (http://www.zonelabs.com) is a good start. McAfee, Symantec and a whole heap of other companies offer similar products also.

    For *BSD (Including OSX) IPF is available on nearly all variants. For GNU/Linux, NetFilter/IPTables in the modern kernels and IPCHAINS and IPFWADM in the older kernels.

    For commercial versions of Unix, There are a quite a few options, but most home users aren't going to be running Solaris or HP-UX or AIX or other such OSs.

  5. Just disable the service by Noah+Adler · · Score: 3, Informative

    How about just typing net stop messenger at a command prompt?

    Problem solved, eh? Should this really have been an Ask Slashdot?

  6. Actually it is called Linksys by Glonoinha · · Score: 3, Informative

    Original poster : go to BestBuy or whereever and buy a Linksys 4 port router/firewall : Linksys Model# BEFSR41. They are dirt cheap now that the wireless stuff is out, cost maybe $50. Gives you two things :

    1. Your ip address is now a black hole. Nothing comes in. Cable modem is a shared medium meaning it is entirely possible that your neighbors could be snooping your hard drive. Not likely, but possible (I have done it in the past ... it is fun:) The router stops all inbound traffic at the door, or pretty much most of it. Those pesky Messenger spam go away. Also protects you from the damn Nimda (?) type worms that attack exposed web servers.

    2. You can plug more than one computer into the 4 10/100 ports the unit has, now you have more than one computer surfing at cable speed. Also have your internal network between computers. If you had friends and they came over they could plug their machines in and have instant access to the web also. Acts as a DHCP server so you don't need to configure one.

    If you have a cablemodem, you really, really need a hardware firewall/router, and the Linky is a very easy to use unit. Just be sure to change the password, everybody on the planet knows how to hack their way in if it is left to the default.

    --
    Glonoinha the MebiByte Slayer