[thelist] what is this scam?
Ken Schaefer
ken at adOpenStatic.com
Tue Nov 26 18:17:01 CST 2002
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: ".jeff" <jeff at members.evolt.org>
Subject: RE: [thelist] what is this scam?
: ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
: > I am connected via cable modem and I am not using any
: > firewall software, but I am not convinced that would
: > help...
: ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
:
: it absolutely would help. these sorts of messages can only be sent to
: machines that are part of the same subnet. put your machine behind a
: firewall and it's no longer part of the same subnet as all the other
: completely open and vulnerable pc's in your neighborhood.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is not quite correct...
The Messenger service is available in two ways:
a) via the NetBIOS session service, which is available using NetBT
b) via its own dynamic high order TCP port (which can be found by querying
the Port Mapper: TCP 135)
In both cases, you messenger service can be connected to by people *outside*
your subnet.
However a firewall will definately help:
Do not allow incoming requests on the untrusted interface to TCP/UDP port
135, 137-139 or anything over 1024
Cheers
Ken
More information about the thelist
mailing list