August 7th, 2003, 05:29 PM
strange messenger service behavior
Ok, this seems counter-intuitive, but it is M$ afterall.
I was LANGuarding a W2K Pro box and turning off services to observe the behavior (with a goal of reducing the "footprint" without breaking anything). A scan with messenger service running reveals two messenger NETBIOS names (computername and username), standard so far... So, I stop the messenger service and rescan. Sure enough, the NETBIOS names go away, but now LANGuard comes back with domain (workgroup) information AND is able to enumerate ALL the groups!
I stop one service to close up an information leak and cause another. What's the deal with "messenger"? Or is it the wray LANGuard enumerates (if it can't get something one way, it tries another...)?