Archived from groups: comp.security.firewalls (
More info?)
"Skywise" <into@oblivion.nothing.com> wrote in message
news:ZCsdc.3034$A_4.3006@newsread1.news.pas.earthlink.net...
> Kerodo <kerodo~nospam~kenny@hotmail.com> wrote in
> news:Xns94C59F095923Ekerodonospamkenny@68.6.19.6:
>
> > Skywise <into@oblivion.nothing.com> wrote in
> > news:mUhdc.1980$A_4.1231@newsread1.news.pas.earthlink.net:
> >
> >>
> >> Ok, I could be wrong as I'm still learning, but if I have the
> >> messnger service disabled and not running, it wouldn't matter
> >> what port the messages come in on as there's no messenger service
> >> to respond to the packet anyway, right?
> >>
> >
> > You should probably leave the messenger service on (automatic) until
> > you're sure nothing is getting in thru the firewall. You don't want
> > inbound stuff getting thru. If you're still getting messenger popups
> > then that's a good alert to you that something IS still getting thru
> > somehow. Ideally, you want nothing coming thru inbound that you don't
> > specifically allow, such as DNS or DHCP.
> >
>
> Oh, nothing is getting through. Kerio is blocking them.
>
> Later when I installed Ethereal I could see the messenger
> packets in the capture. Apparently Ethereal get's the data
> before it goes to the firewall to be blocked. I still did
> not get any messenger pop-ups.
>
> Now messenger is completely disabled and I have added the
> specific ports (135,137-139,445) to Kerio.
>
> Brian
I've also added (to packet filter)
Application: system
Protocol: TCP
Direction: Incoming
Action: Deny
If you 'Log to Network Log' you'll be surprised how many
apparent attacks there are!