lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <005201c34b80$f28addf0$6500a8c0@eddie>
From: ben at lanwest.com.au (Benjamin Meade)
Subject: Odd Behavior - Windows Messenger Service

To me, that means that either the box was connected to the 'net without
a firewall or being locked down, or
someone on your lan is spamming, either knowingly, or unknowningly.

Don't know why you posted this to every bug list in the known world, as
it seems like a misconfiguration, not a bug.
In this particular case, you will deserve the flames.

Benjamin Meade
System Administrator
LanWest Pty Ltd


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
morning_wood
Sent: Wednesday, 16 July 2003 5:37 PM
To: bugtraq@...urityfocus.com; vulnwatch@...nwatch.org;
full-disclosure@...ts.netsys.com; 0day
Subject: [Full-Disclosure] Odd Behavior - Windows Messenger Service


Donnie Werner
morning_wood@...loitlabs.com
July 16, 2003

WindowsR networking ( TCP) and messenger service are both initialized
before any user/admin login has taken place, and are remotely accessable


odd... setting up default XP box in DMZ  I complete the install setting
up networking ( dhcp ) and ( workgroup ) only one passworded
administrator account as prompted by the instalation media.... reboot.
I leave box unatended for aprox 30 minuts at the login screen... Upon
sucessfull passworded login, a message-ala-windows messenger service is
displayed.. ( damn spammers )

BEFORE THE DESKTOP !!! and before anything ( except wallpaper ) has
initialized


here is output from a remote nbtenum session before a sucessfull login
of a freshly booted XP box

Network Adapter Adapter: \Device\NetbiosSmb
MAC Address: 000000000000
Adapter: \Device\NetBT_Tcpip_{D36A0C7D-1EC4-417E-9A7C-DF4F13AF9D4C}
MAC Address: 00A0CC397071
Logged On Users Username: 333\BITCHBOX$
Logon Server:
Share Information IPC$
ADMIN$
C$

dunno if this particular behavior has been observed before ( im donning
NomexR for the flames )

Donnie Werner
http://exlpoitlabs.com




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ