"I got WinXP, Frontpage, OfficeXP, and Visual Studio from MS for being a college student, why didn't we hear about this?"
I don't know if you were misinformed or what...Gnutella is not made by Microsoft for distributing their software. This also means they don't hand out mp3 and pr0n.
"Why on earth would some random low-level ad person lie to help Microsoft?"
To pay the bills.
Microsoft wanted good Switch material and this lady figured she could write an extremely one-sided testimonial that MS would love.
Steve Balmer gets an email with a link to the Slashdot postings and gets pissed at this lady for pulling this crap.
Microsoft wants a good public image and wants to make certain that the employees are afraid of cheating. Bad PR Consultant!!! Any cheating that the company does needs to be well thought out by several execs so the public can't find out so easily.
I couldn't get that page to come up, but I noticed it's in the incidents mailing list. I jumped into my email folder for the incidents mailing list and found the thread, Source of Windows PopUp SPAM. Thanks. Good info. I'm still curious how it uses RPC to initiate messenger windows.
If you block all ports, you'll never get anywhere on the internet. When you block all ports at your little Linksys gateway, you also use a type of packet filtering that opens up temporary holes to allow the return traffic. You do know that when your computer talks to another computer on the internet, the data has to come back in, right? For example. When you telnet to a box on the internet, you send a packet from your IP using a random TCP port in the dynamic port range to the destination IP TCP port 23. When the computer sends data back, it sends it to your IP on that random port that you picked. During the entire telnet session, the router has a temporary hole in it that allows traffic from the shell server to come in on that port. Once you're done with the telnet session, the hole is closed up. That's SPI and that's what your router does when you configure it to "Block all ports."
Thanks, forgot all about the added ports from W2K. Regarding UDP 137, I said that it's a name query. This can be in the form of broadcast or a WINS lookup. Again, I didn't realize that it sounded like I was suggesting that blocking certain ports is safe enough. dynamic packet filtering/stateful packet inspection is the best thing to use along with applying patches and keeping up to date anti-virus software.:)
I don't think the article was correct. I've done plenty of searching on the newsgroups and the security focus mailing lists. The only thing that claims that it uses TCP 135 is that Wired article. Even the manufacturer of the software says that it just uses the net send command. Even if they were trying to get it to come in on TCP 135, I don't see how the RPC service would know to pass the data off to the Messenger service. The two aren't related.
How did I not see this coming? I thought I covered all my bases, but I should have realized that people might think I was suggesting to only block NetBIOS ports. In my response to the first response I got, I gave my opinion that it's a good idea to have some kind of dynamic packet filtering/stateful packet inspection. There are, however some cases where you might need to block certain ports while leaving the rest open (Such as a test environment or for troubleshooting connection errors).
You are talking of a related, but different technology. Dynamic Access Filtering or Stateful Packet Inspection (SPI) can be used to block all ports while opening up tiny holes to allow sessions you initiate to go through. This way, you can get out, but nobody can try and establish a session to you. If you're running a service like http, ftp, gnutella, IRC, AIM file transfer, etc., you have to create permanent holes in the service ports to allow incoming connections. Some devices allow you to specify the protocol, others do not.
From a security standpoint, you're right. At home, I use SPI. Sometimes though, I turn it off and just block the commonly attacked NetBIOS ports since most scanning activity is for NetBIOS and SQL(I don't run SQL at home). From a control freak standpoint, it's just plain rediculous to specify a port without specifying a protocol. I guess it's just a pet peeve of mine.
You can't just close off a port. You have to close off the correct port number for the correct protocol.
A lot of "Paper MCSEs" understand this because the networking exam covers the OSI model. The same thing goes for those "Paper CCNAs".
Here's how it works. When I do a net send "Message", the following occurs. Once the data portion of the net send information is formatted by the appropriate layers, it's handed down to the protocol layer and wrapped in a UDP header with a port number. UDP is the protocol responsible for maintaining a communication session between hosts. The port number is like an apartment number in a street address. A lot of services have to talk using the UDP protocol, so it's divided into port numbers (As an FYI, the same is done for TCP). This in turn is handed down to the network layer where it will get a source and destination address stamp (The IP addresses). That in turn is handed down to the data link layer which stamps on the source and destination MAC addresses (Your computer and the default gateway). From there, it hits the physical layer and is on the wire. Along the way, the data link layer changes every hop that is made because the MAC addresses involved change at each router hop. Once it gets to the destination IP address, the recipient strips off the layers to reveal the data. It knows to hand that data up to the NetBIOS services because they're the ones listening on UDP port 138. Finally, you get a little window trying to sell pr0n. Here's a picture that shows the different layers of a TCP packet and their function.
Here's a rundown on NetBIOS port usage.
UDP port 137 is used for NetBIOS name resolution.
UDP port 138 is used for browsing, domain authentication, and datagrams (This is what the messenger service uses).
TCP port 139 is used for the actual session. This is what you transfer files through.
TCP port 135 is the RPC service. Some people often confuse it with the NetBIOS ports. I don't know why.
So, technically, you'll want to block UDP ports 137 and 138 and TCP port 139. Unfortunately, a lot of home equipment is geared towards the novice and they don't separate the UDP and TCP protocols. You are forced to block both TCP and UDP for any given port number. Because of this, you end up blocking more than is required.
For those interested in this brief tutorial, I highly encourage you to get a CCNA study guide even if you're not going to get the certification. Lots of valuable networking info.
Lucas
MCSE, CCNA, Ex-Microsoft NT Networking and Security Support Rep
If it's not set to manual or disabled, it'll start on the next reboot. On my workstations, I just set it to manual in case I decide to start it momentarily for the purpose of spamming...err, sending cute messages to co-workers.
Don't tell the spammers that there's already a utility that can abuse the messenger service. There is no such thing as the net.exe command line utility.
"Good point! This is reason number one NOT to reduce the genetic diversity of the human race. All of these alleles floating around the population - which may become increasingly rare as there is selective pressure against them, and may even cause considerable suffering or death to some of those who carry them - should not be removed from our collective gene pool, at least not without considerable discussion. Why? Because WE MAY NEED THEM. A monoculture (were all organisms have the same genes) is not sustainable in a biological sense."
Have you read Greg Bear's book, Darwins Radio? The whole book is about evolution and a lot of it contemplates these types of circumstances.
I did a google search on the author's name and found his page. This guy's got quite an impressive list of books and articles.
http://literati.net/Duncan/
I don't know why you got modded as funny. Are we the only two people in the world that aren't playing this game? What the heck is all this talk about PP? Does it mean "Pounds of Platinum"?
Quit picking up chicks at the computer club and you won't have this problem. Try the local pub where the barflies hang out. Sure, the women are skanks, but the chances of one of them doing nasty things is a lot greater. Maybe not with you, but I think you get my point.:)
"In appearance and dimensions, it can be compared to a modern toaster as found in most households."
I don't know about you guys, but most people I know have some old, crappy looking toaster. If they make a computer that looks like this, I'll buy it just for a good laugh.
This new revision had the security key changed. Microsoft had to scrap a lot of the older parts to make this change. The change had only been implemented in the plant that supplies Australia and it's already cracked. That's why it's news.
Slashdot Mirror
I don't know if you were misinformed or what...Gnutella is not made by Microsoft for distributing their software. This also means they don't hand out mp3 and pr0n.
To pay the bills.
Microsoft wanted good Switch material and this lady figured she could write an extremely one-sided testimonial that MS would love.
Steve Balmer gets an email with a link to the Slashdot postings and gets pissed at this lady for pulling this crap.
Microsoft wants a good public image and wants to make certain that the employees are afraid of cheating. Bad PR Consultant!!! Any cheating that the company does needs to be well thought out by several execs so the public can't find out so easily.
I couldn't get that page to come up, but I noticed it's in the incidents mailing list. I jumped into my email folder for the incidents mailing list and found the thread, Source of Windows PopUp SPAM. Thanks. Good info. I'm still curious how it uses RPC to initiate messenger windows.
If you block all ports, you'll never get anywhere on the internet. When you block all ports at your little Linksys gateway, you also use a type of packet filtering that opens up temporary holes to allow the return traffic. You do know that when your computer talks to another computer on the internet, the data has to come back in, right? For example. When you telnet to a box on the internet, you send a packet from your IP using a random TCP port in the dynamic port range to the destination IP TCP port 23. When the computer sends data back, it sends it to your IP on that random port that you picked. During the entire telnet session, the router has a temporary hole in it that allows traffic from the shell server to come in on that port. Once you're done with the telnet session, the hole is closed up. That's SPI and that's what your router does when you configure it to "Block all ports."
Thanks, forgot all about the added ports from W2K. Regarding UDP 137, I said that it's a name query. This can be in the form of broadcast or a WINS lookup. Again, I didn't realize that it sounded like I was suggesting that blocking certain ports is safe enough. dynamic packet filtering/stateful packet inspection is the best thing to use along with applying patches and keeping up to date anti-virus software. :)
Whoa! A Slashdotting counter!!!!
See this response.
I don't think the article was correct. I've done plenty of searching on the newsgroups and the security focus mailing lists. The only thing that claims that it uses TCP 135 is that Wired article. Even the manufacturer of the software says that it just uses the net send command. Even if they were trying to get it to come in on TCP 135, I don't see how the RPC service would know to pass the data off to the Messenger service. The two aren't related.
How did I not see this coming? I thought I covered all my bases, but I should have realized that people might think I was suggesting to only block NetBIOS ports. In my response to the first response I got, I gave my opinion that it's a good idea to have some kind of dynamic packet filtering/stateful packet inspection. There are, however some cases where you might need to block certain ports while leaving the rest open (Such as a test environment or for troubleshooting connection errors).
From a security standpoint, you're right. At home, I use SPI. Sometimes though, I turn it off and just block the commonly attacked NetBIOS ports since most scanning activity is for NetBIOS and SQL(I don't run SQL at home). From a control freak standpoint, it's just plain rediculous to specify a port without specifying a protocol. I guess it's just a pet peeve of mine.
Winnuke??? Oh my god, what era are you living in?? I don't think winnuke has even been effective in several years.
How about bugbear which has recently caused a lot of activity on TCP port 139 as netbios sessions are attempted.
A lot of "Paper MCSEs" understand this because the networking exam covers the OSI model. The same thing goes for those "Paper CCNAs".
Here's how it works. When I do a net send "Message", the following occurs. Once the data portion of the net send information is formatted by the appropriate layers, it's handed down to the protocol layer and wrapped in a UDP header with a port number. UDP is the protocol responsible for maintaining a communication session between hosts. The port number is like an apartment number in a street address. A lot of services have to talk using the UDP protocol, so it's divided into port numbers (As an FYI, the same is done for TCP). This in turn is handed down to the network layer where it will get a source and destination address stamp (The IP addresses). That in turn is handed down to the data link layer which stamps on the source and destination MAC addresses (Your computer and the default gateway). From there, it hits the physical layer and is on the wire. Along the way, the data link layer changes every hop that is made because the MAC addresses involved change at each router hop. Once it gets to the destination IP address, the recipient strips off the layers to reveal the data. It knows to hand that data up to the NetBIOS services because they're the ones listening on UDP port 138. Finally, you get a little window trying to sell pr0n. Here's a picture that shows the different layers of a TCP packet and their function.
Here's a rundown on NetBIOS port usage.
UDP port 137 is used for NetBIOS name resolution.
UDP port 138 is used for browsing, domain authentication, and datagrams (This is what the messenger service uses).
TCP port 139 is used for the actual session. This is what you transfer files through.
TCP port 135 is the RPC service. Some people often confuse it with the NetBIOS ports. I don't know why.
So, technically, you'll want to block UDP ports 137 and 138 and TCP port 139. Unfortunately, a lot of home equipment is geared towards the novice and they don't separate the UDP and TCP protocols. You are forced to block both TCP and UDP for any given port number. Because of this, you end up blocking more than is required.
For those interested in this brief tutorial, I highly encourage you to get a CCNA study guide even if you're not going to get the certification. Lots of valuable networking info.
Lucas
MCSE, CCNA, Ex-Microsoft NT Networking and Security Support Rep
If it's not set to manual or disabled, it'll start on the next reboot. On my workstations, I just set it to manual in case I decide to start it momentarily for the purpose of spamming...err, sending cute messages to co-workers.
Don't tell the spammers that there's already a utility that can abuse the messenger service. There is no such thing as the net.exe command line utility.
Have you read Greg Bear's book, Darwins Radio? The whole book is about evolution and a lot of it contemplates these types of circumstances.
I did a google search on the author's name and found his page. This guy's got quite an impressive list of books and articles. http://literati.net/Duncan/
Do you really think we could /. Wired??? Karma whore...
"Cannot" is such an ugly word. How about, "Americans are unable to speak or write in English." The argument of or and nor is a trickier one.
The thing isn't on brainiac.
I don't know why you got modded as funny. Are we the only two people in the world that aren't playing this game? What the heck is all this talk about PP? Does it mean "Pounds of Platinum"?
What the hell is this thread doing on /.?????
Here's another link to the same file. Try them both and see which gets the best speed.
Here it is
I don't know about you guys, but most people I know have some old, crappy looking toaster. If they make a computer that looks like this, I'll buy it just for a good laugh.
-Lucas
This new revision had the security key changed. Microsoft had to scrap a lot of the older parts to make this change. The change had only been implemented in the plant that supplies Australia and it's already cracked. That's why it's news.