RE: [Full-Disclosure] Odd Behavior - Windows Messenger Service

Fri, 18 Jul 2003 18:54:03 -0700 


> -----Original Message-----
> From: Knud Erik H�jgaard [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, 19 July 2003 1:09 p.m.
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Odd Behavior - Windows 
> Messenger Service
> 
> 
> Bojan Zdrnja wrote:
> 
> > Ok, now take your slackware box, do a default installation on it,
> > connect it to the network and then do nmap scan on it from a remote
> > box.
> 
> hack.dtors.net runs that stuff,
> [EMAIL PROTECTED]:~$ netstat -an | grep -i list
> tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:79              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:6969            0.0.0.0:*               LISTEN
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
> unix  2      [ ACC ]     STREAM     LISTENING     75677
> /tmp/ssh-qIFD2161/agent.2161
> unix  2      [ ACC ]     STREAM     LISTENING     422    /dev/gpmctl
> [EMAIL PROTECTED]:~$ cat /etc/*ver*
> news.my_news_server.com
> Slackware 9.0.0
> [EMAIL PROTECTED]:~$
> 
> The webserver seems to be gone, but as you casn see the login is toor, the
> password is left as an exercise to the reader at the moment. Have your way
> with it, it's a def. install.

Thanks for this Knud.

So, Mr. Donnie, with your default installation Slackware box, you certanly
won't get pop-up spam, but if your ftp server has a bug or SMTP server is
misconfigured (allowing relay), you might find various thing, *when* you log
in. Or with any other services which we can see there (finger, ident and oh
look portmapper).
Look how many services are started, *before* you login and while your
Slackware box is sitting at login prompt.

Conclusion? Every "modern" OS will by default start various services. It's
up to user to shut them down and disable them.

I don't see a reason on bashing WinXP for starting a RPC service
automatically when absolutely everything does that (don't mention obsolete
Oses please).

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to