Thursday, November 19, 2009
Tuesday, November 10, 2009
Disabling Messenger Service in Windows XP
If advertisements are opening on your computer in a window titled Messenger Service, it may indicate that your system is not secure. You should enable the Internet Connection Firewall and disable the Messenger Service in Windows XP to help protect your computer from unwanted spam and other potential threats.
The Messenger Service was originally designed for use by system administrators to notify Windows users about their networks. However, some advertisers have started using this service to send information via the Internet, and these messages could be used maliciously to distribute a virus.
| • | Note Although the name of the service is similar, Messenger Service in Windows XP is not related to instant messaging programs such as Windows Messenger and MSN Messenger. Disabling instant messaging programs is not necessary and not recommended. Disabling instant messaging programs will not prevent Messenger Service spam on your computer. |
| • | If your computer is part of a corporate network, ask the network administrator before disabling Messenger Service. |
| • | If you have Windows XP at home or in a small office that you manage yourself, you should disable the Messenger Service. |
First, make sure that your system is protected by an Internet firewall and that you've followed the steps to Protect Your PC. Disabling the Messenger Service without using a firewall will prevent the unwanted spam, but will not protect your computer from intruders.
To disable the Messenger Service in Windows XP (Caution: If your computer is part of a corporate network, talk to your system administrator before taking this action.)
1. | Click Start and then click Control Panel. |
2. | Click Performance and Maintenance. (If you do not see the Performance and Maintenance icon, you may be using Classic View. You can skip to step 3 below, but you must double-click Administrative Tools.) |
3. | Click Administrative Tools.  Figure 1. Double-click Services in Administrative Tools. |
4. | Double-click Services as shown in Figure 1 above.. |
5. | Double-click Messenger. |
6. | In the Startup type list, choose Disabled as shown in Figure 2 below.  Figure 2. Choose Disabled from the Startup type list in Messenger Properties. |
7. | Click Stop, and then click OK. |
WinPopup
Messenger service
Messenger Service is a network-based system notification service included in some versions of Microsoft Windows. This service, although it has a similar name, is not related in any way to the .NET Messenger Service or the Windows Messenger and MSN Messenger/Windows Live Messenger instant messaging clients.
Net Send 
Example of Messenger service spam from 2007.
Net Send The Net Send command allows users to use the Messenger Service under Windows XP Professional and Home editions. It only requires that the Messenger Service be started. The syntax of the command is:
net send {IP address/computer name/* (broadcast)} {message}
For example:
net send cls-mem67495 "This is a message."
The above example uses a computer name, not an IP address. Either way, the message will be sent as long as the target computer has the Messenger Service running.
net send * "This is a message."
This example will actually send the message to every user and every computer on the workgroup or domain.
This method of instant messaging requires no Internet connection; rather, just a local network. This is due to the architecture of the MailSlot protocol, which is what the Messenger Service is based on.
WinPopup
Winpopup sends messages from one Windows computer to another on the same LAN. It is available in all Windows versions from Windows for Workgroups 3.1 to Windows Me, but has never been included with Windows NT-based operating systems.
There is also a port to linux with an extended feature called LinPopUp, which allows adding Linux computers to the set. Linpopup is an X Window graphical port of Winpopup, and a package for Debian linux. It runs over Samba. Linpopup does not have to run all the time, can run minimized, and its messages are encrypted with a strong cypher.
Abuse
The Messenger Service was originally designed for use by system administrators to notify Windows users about their networks.[1] It has been used maliciously to present pop-up advertisements to users over the Internet (by using mass-messaging systems which sent a desired message to a specified range of IP addresses). Even though Windows XP includes a firewall it is not enabled by default. Because of this, many users received such messages. As a result of this abuse, the Messenger Service has been disabled by default in Windows XP Service Pack 2, a change perhaps redundant as the same service pack also enabled the firewall by default.
In order to use the Messenger Service functionality of Windows through the NET SEND command, either by itself or with the use of a third party NetBIOS messaging application, it is recommended that the NetBIOS ports cannot be reached from sources external to the local network. The ports that can be used by the Messenger service are 135, 137, 138, and 139. Many Internet service providers currently block access to these NetBIOS ports over the Internet, helping to prevent spamming even for older unfirewalled clients.
The Messenger Service is no longer supported from Windows Vista and Windows Server 2008.
Architecture
The Messenger Service, unlike many other network utilities included with Windows, uses the NetBIOS protocol. The service waits for a message, then it displays it onscreen. The alternative way to send message is to write it to a MailSlot named messngr.
See also
- Alerter service
- Comparison of LAN messengers
- LAN messenger
- List of Microsoft Windows components
- Messaging spam
References
External links
- Official Microsoft sources
- Knowledgebase entry for "Messenger Service of Windows"
- Command documentation for "Net send"
- Disabling The Messenger Service in Windows XP
IPv4 subnetting
In the early stages of development of the Internet Protocol,[1] network administrators interpreted an IP address in two parts, network number portion and host number portion. The highest order octet (most significant eight bits) in an address was designated the network number and the rest of the bits were called the rest field or host identifier and were used for host numbering within a network. This method soon proved inadequate as additional networks developed that were independent from the existing networks already designated by a network number. In 1981, the Internet addressing specification was revised with the introduction of classful network architecture.[2]
Classful network design allowed for a larger number of individual network assignments. The first three bits of the most significant octet of an IP address was defined as the class of the address. Three classes (A, B, and C) were defined for universal unicast addressing. Depending on the class derived, the network identification was based on octet boundary segments of the entire address. Each class used successively additional octets in the network identifier, thus reducing the possible number of hosts in the higher order classes (B and C). The following table gives an overview of this now obsolete system.
| Historical classful network architecture | ||||||
|---|---|---|---|---|---|---|
| Class | First octet in binary | Range of first octet | Network ID | Host ID | Number of networks | Number of addresses |
| A | 0XXXXXXX | 0 - 127 | a | b.c.d | 27 = 128 | 224 = 16,777,216 |
| B | 10XXXXXX | 128 - 191 | a.b | c.d | 214 = 16,384 | 216 = 65,536 |
| C | 110XXXXX | 192 - 223 | a.b.c | d | 221 = 2,097,152 | 28 = 256 |
Subscribe to:
Comments (Atom)
