At 09:37 AM 10/18/02 +1200, Nick FitzGerald wrote: >Michael Katz <mikeat_private> replied to Ron Trenka: > >> >Anyone have a way to disable this on W2K and NT 4.0 servers? >> >> Stop and disable the Messenger service. > >That will certainly do it but may remove other "useful" >functionality that depends on the Messenger service for delivering >system alerts >(AV software, various system monitoring/alerting tools, etc). > >If you'd rather keep (some of) that functionality, read the end of >the following page (a really good link originally posted by Gary >Flynn) where binding services to specific interfaces is described: > > http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html Blocking 135-139 (TCP/UDP)(in/out) at the border routers seems to scale much better than tweaking a bunch of Windows boxes, leaves the service available for useful "stuff" you've cited and also prevents other unpleasantness known and unknown, present and future (see yesterday's Bugtraq). I've seen several mentions of firewalling for this and that seems to me to be a waste of performance having a firewall do what a router can do more efficiently with equal effectiveness. -- Regards, David Kennedy CISSP /"\ Director of Research Services, \ / ASCII Ribbon Campaign TruSecure Corp. http://www.trusecure.com X Against HTML Mail Protect what you connect; / \ Look both ways before crossing the Net.
This archive was generated by hypermail 2b30 : Sun Oct 20 2002 - 20:58:56 PDT