('binary' encoding is not supported, stored as-is) In-Reply-To: <3DAEF826.484292FAat_private> >Carv and all, > >A 'net send' sent a message in my tests using UDP-135. >I suspect is varies with what protocols are bound by >the applications in questions and the machines in use. >The test systems I used did not have netbios/tcp >bound (139). The message was sent from an XP professional >machine to an XP home machine. I have gathered some information at http://www.akerman.ca/trojan-port-table.html#netsend If anyone has tried disabling DCOM http://www.uksecurityonline.com/husdg/windows2000/close135.htm and that has prevented network "net send" but allowed local (machine internal) popups, I'd be interested in hearing. >-- >Gary Flynn >Security Engineer - Technical Services >James Madison University > >Please R.U.N.S.A.F.E. >http://www.jmu.edu/computing/runsafe -- Richard Akerman http://www.akerman.ca/port-table.html http://www.akerman.ca/trojan-port-table.html ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 15:32:30 PDT