lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F15E92C.18085.2672AD48@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Odd Behavior - Windows Messenger Service

"morning_wood" <se_cur_ity@...mail.com> wrote:

> Windows? networking ( TCP) and messenger service are both initialized
> before any user/admin login
> has taken place, ...

Ummmmm -- isn't that (initialized prior to any login) what being a 
service means on NT-based OSes?

The only other ways to do it are kernel hacking and with drivers...

> ... and are remotely accessable

Well, a _server_ would not be much use if it couldn't be reached until 
someone performed a (console) login.  In the real most such machines 
sit in large rooms notable for the number of other such machines and 
the lack of humans...

And, even on boxes that are nominally "workstations" or "desktops" it 
is common for some of their components to be acting as a server would, 
which takes us back to the first point and "services" being one of the 
s/w components of NT-based OSes that implement server-like functions.

> odd... setting up default XP box in DMZ  I complete the install setting up
> networking ( dhcp ) and ( workgroup )
> only one passworded administrator account as prompted by the instalation
> media.... reboot.
>  I leave box unatended for aprox 30 minuts at the login screen...
> Upon sucessfull passworded login, a message-ala-windows messenger service
> is displayed.. ( damn spammers )
> 
> BEFORE THE DESKTOP !!! and before anything ( except wallpaper ) has
> initialized

This does not surprise me.

> here is output from a remote nbtenum session before a sucessfull login of a
> freshly booted XP box
<<snip>>
> dunno if this particular behavior has been observed before ( im donning
> Nomex? for the flames )

I don't know either, and while I have not specifically seen precisely 
this, I am entirely unsurprised by your report.  AFAIK that is what 
would be expected.


Regards,

Nick FitzGerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ