Messenger Service Pop Ups

[Adam]

Hi

Does anyone know which UDP and TCP ports I need to block
to stop these messenger service pop-ups??

I have Norton firewall installed, but just need to know
what to block as it does not prevent theses messages by
default.

thanks in advance for your time

Ad

 

[Guest]

My Windows XP Internet Connection Firewall Services tab lists it as "MSMSGS 13864 TCP" and MSMSGS 7038 UDP".

 

[Guest]

Go to control panel
administrative tools
computer management
expand services and applications
click services
double click messenger
change startup type to disabled

 

[Guest]

Yes, that is a good one solution, but alerts stop working and don't display anymore, the question is: how to disable the incoming pops that coming from internet?......

----- Zane wrote: -----

Go to control panel
administrative tools
computer management
expand services and applications
click services
double click messenger
change startup type to disabled

 

[Guest]

The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445; and an ephemeral (that is, short-lived) port number greater than 1024.

Note: If the Messenger service is stopped, messages from the Alerter service (notifications from your antivirus software, for example) are not transmitted. If the Messenger service is turned off, any services that explicitly depend on the Messenger service do not start, and an error message is logged in the System event log. For this reason, Microsoft recommends that you install a firewall and configure it to block NetBIOS and RPC traffic instead of turning off the Messenger service.

 

[Bruce Chambers]

Greetings --

Use the firewall to ensure UDP ports 135, 137, and 138 and TCP
ports 135, 139, and 445 are _all_ blocked. You may also disable
Inbound NetBIOS (NetBIOS over TCP/IP). You'll have to follow the
instructions from firewall's manufacturer for the specific steps.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

Please stop deliberately posting potentially harmful advice.

Disabling the messenger service is a "head in the sand" approach
to computer security that leaves the PC vulnerable to threats such as
the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Kevin Davis³]

Greetings --

Please stop deliberately posting potentially harmful advice.

Disabling the messenger service is a "head in the sand" approach
to computer security that leaves the PC vulnerable to threats such as
the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

You are wrong. See the recent MS security bulletin:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

As I have suggested OVER and OVER and OVER again, you need to disable
services that you don't need. Several, including you, asserted that I
was being ridiculous in suggesting that there just might be a
vulnerability in the Messenger service that could expose your system
as vulnerable. Now we know that it has been true. If somebody got
past your firewall, they could own your system simply if you were
running the Messenger service. The great risk involved in running it
when it's not needed is far greater than the trivial value that it
provides by being a "security alert". There are much better tools to
use for security alerts than a vulnerable, unneeded service running.

 

[Kevin Davis³]

Greetings --

Apparently, you're completely unfamiliar with the term
"workaround."

You just don't get it, do you?

Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.

You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.

Now that MS has provided the patch, everything is great and that
service is bulletproof, right. No way in the world that there are any
additional vulnerabilities in that service, right?

That clearly would be a deluded point of view that points to someone
who refuses to learn from the past.

Again, this vulnerability drives home the important point - If you
don't need the service, turn it off.

By refusing to acknowledge this very basic security tenet, you are
distributing bad security advice and undermining your credibility in
regards to the topic of security.

 

[Kevin Davis³]

Greetings --

Apparently, you're completely unfamiliar with the term
"workaround." The KB article you cite recommends disabling the
messenger service as a *workaround,* only until the necessary patch
has been certified for the user's specific environment. No where does
the KB article even imply, much less state, that disabling the
messenger service is, in and of itself, any kind of real solution.

This is also an incorrect interpretation of the article, IMO. MS's
RECOMMENDATION (not "workaround"):

Recommendation: Customers should disable the Messenger Service
immediately and evaluate their need to deploy the patch

This means:

1. Disable the service
2. Evaluate you need for the service to be running ("evaluate the
need to deploy the patch")
3. Deploy the patch if you need the service.
4. Turn the service back on if you need the service.
5. If you don't need the service, don't turn it back on.

 

[Alun Jones [MS MVP]]

You just don't get it, do you?

I don't think you understand the situation well enough to make that call.

Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.

That is correct. It terminates one service that spends the majority of its
time telling you that your firewall is non-existent or non-functional. That
provides little additional security, and possibly even gives the user a
false sense that simply disabling the Messenger Service has saved him from
all the nastiness that the Internet has to offer.

You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.

Not significant. Note that the demonstrations so far of the problem in
Messenger Service have not shown that this is exploitable to do anything
more than simply kill or slow down the Messenger Service.

Now that MS has provided the patch, everything is great and that
service is bulletproof, right. No way in the world that there are any
additional vulnerabilities in that service, right?

That clearly would be a deluded point of view that points to someone
who refuses to learn from the past.

Actually, the more deluded point of view is to suggest that Messenger
Service is the only software on the machine that has vulnerabilities. And
some of the services on that machine will be required. What to do, what to
do? Run around like Chicken Little screaming "the sky is falling! the sky
is falling!"? Or better simply to invest in an umbrella to protect you
from the small pieces of whatever?

Oh, that's a great analogy. I'm very pleased with that one.

Yes, an umbrella - something between your vulnerable system and those nasty
people out there in the Internet. Something that the malicious packets
can't get through, whether they're targeted for Messenger Service, or RPC,
or any other service that you actually _need_.

Again, this vulnerability drives home the important point - If you
don't need the service, turn it off.

There are various states of "need". I think "tells me within seconds if the
firewall has died" is actually quite a good definition of "need".

By refusing to acknowledge this very basic security tenet, you are
distributing bad security advice and undermining your credibility in
regards to the topic of security.

You are right in one respect - running software that has no purpose is a
dangerous thing to do. It increases your available attack surface. But
removing one service is far less of a protection than is denying external
access to _all_ your systems' services by installing a firewall.

A firewall is by no means the last word in security - there are many other
routes for malicious data to get into your network; have you ever had a
salesman (your own, or a visitor!) that brought his laptop in the front door
and plugged it in to your network? In that case, you've had data travel
from outside your network to inside your network without going through the
firewall.

But a firewall is pretty close to being the _first_ word in security. To
suggest disabling an inconvenient service is preferable to disabling access
to all services, as you have done, is inappropriate.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Kevin Davis³]

I don't think you understand the situation well enough to make that call.


That is correct. It terminates one service that spends the majority of its
time telling you that your firewall is non-existent or non-functional. That
provides little additional security, and possibly even gives the user a
false sense that simply disabling the Messenger Service has saved him from
all the nastiness that the Internet has to offer.

Let's not forget about the nasty vulnerability it would avoid you from
being exposed to.

Not significant. Note that the demonstrations so far of the problem in
Messenger Service have not shown that this is exploitable to do anything
more than simply kill or slow down the Messenger Service.

There have already released exploits:

http://news.com.com/2100-7355_3-5095935.html

To ignore this a poo-poo it away in the face of security experts is
just plain foolish. Even if there wasn't an exploit, it would be
foolish to gamble that the cute little Messenger Service will catch a
benign pop-up before some hacker realized you were vulnerable and
owned you.

Actually, the more deluded point of view is to suggest that Messenger
Service is the only software on the machine that has vulnerabilities. And
some of the services on that machine will be required. What to do, what to
do? Run around like Chicken Little screaming "the sky is falling! the sky
is falling!"? Or better simply to invest in an umbrella to protect you
from the small pieces of whatever?

Did I suggest that the Messenger Service was the only one with
vulnerabilities? No. You guys are rich. The sensible approach that
most security experts agree on is to turn off services you don't need.
That is one part of the classic hardening of your system. In the case
you do need the service, run it, but make sure that you have installed
all the patches for it. Despite your claims, this is what I have
always been saying. Far from the ridiculous tale you are weaving
above.

There are various states of "need". I think "tells me within seconds if the
firewall has died" is actually quite a good definition of "need".

That's a ridiculous assertion. There's no way you can in good
conscience and honesty insist that for everyone's case leaving the
Messenger Service on will within seconds alert you to a problem with
your firewall.

But a firewall is pretty close to being the _first_ word in security. To
suggest disabling an inconvenient service is preferable to disabling access
to all services, as you have done, is inappropriate.

This is ridiculous. I never said any such thing. You must have a
reading comprehension problem.

 

[Guest]

----- ViC wrote: -----

The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445; and an ephemeral (that is, short-lived) port number greater than 1024.

Note: If the Messenger service is stopped, messages from the Alerter service (notifications from your antivirus software, for example) are not transmitted. If the Messenger service is turned off, any services that explicitly depend on the Messenger service do not start, and an error message is logged in the System event log. For this reason, Microsoft recommends that you install a firewall and configure it to block NetBIOS and RPC traffic instead of turning off the Messenger service.

*I guess we can all agree that these are the ports used, that turning off unneccessary services is a bright idea (though who knows what is neccessary), and that firewalls (both hardware and software) are keys into keeping your system secure. The middle ground is that sometimes in order to get things done we have to take risks and become vulnerable. Everyone needs to determine when those times are necessary and when it isn't.