Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: net send

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    11

    net send

    We all know the net send command in Windows that allows you to send messages on your network. I recently reinstalled XP and had not yet installed a firewall yet, and I see a net send message. Now I allways though that it was only possible to send these messages across local networks, not the internet, and also, how did it get past my router?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Just use the IP address rather than the computer name. It goes through the protocol NetBIOS over TCP/IP. More details and a Google Search to help you.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Nov 2004
    Posts
    11
    "1. Router
    Routers are cheap, and provide the best protection against hackers and other miscellaneous intruders. They provide a 'hardware' firewall, allowing you to stay behind protection and enjoying your internet pleasures, whatever they may be. While your IP address can still be seen, routers simply put a stop at this point--you can be seen, but can't be touched."

    How exactly do these messages get to my pc then? I am protected by a router with port forwarding on 1 port (80) so that cant be it?

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    While your IP address can still be seen, routers simply put a stop at this point--you can be seen, but can't be touched.
    And where exactly did you find this load of bull?

    I am assuming you are running on a local (192.168.0.0/24 or similar) network and that the router uses NAT to translate these addresses to your public address.

    What this *will* do is prevent outside hosts from establishing a connection with your computers behind the router, since they have no public address. However, this merely means that they must wait for you to establish the connection.

    Granted, you are safer behind a router than not, but you are by no means untouchable.

    My theory is that you have shared folders on your XP box, and some unknown process has established a connection to a remote host using these protocols. This remote host can now send you "net send" messages as the router's NAT process is translating the address accordingly.

    It could also be caused by some kind of spyware or trojan you don't know about.

    Having the router explicitly block port 135, or turning off the Messenger service, may stop these messages.

    Then again, it could be something along the lines of a javascript which opens a windows that only looks like a net send message.

    That might give you some ideas...
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    His router could also be forwarding the correct ports. I think it was 135 or something but don't pin me up on that.

    Simple solution. Get rid of that pesky messenger service. I trust you know how to do that or can find out by yourself.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Killing the messenger service would definitley get rid of the popups, although not the responsible traffic. I would think that blocking *outgoing* traffic on 135,137, & 139 would also stop, as well as incoming traffic on those ports. Not sure how to do that on your router.

    I posted a graphic explaining how to shut dwon the messenger service a whil back. I'll see if I can find it (running Slack right now)

    There. this should explain how t0 shut messenger down.

    But the reponsible traffic and/or spyware/trojan will still be there. Blocking traffic on 135/137/ and 139 going outbound and inbound should stop that too.

    Just my 2 cents. Please ignore spelling / grammar errors as I've taken a (prescription) sleeping pill and can't think too clearly right now;

    Hopw this helps.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    It would be a good idea to fire up a sniffer to see the traffic. You can use this in conjunction with a process explorer to find out the exact cause of the issue to begin with.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Junior Member
    Join Date
    Nov 2004
    Posts
    18
    Originally posted here by Striek
    My theory is that you have shared folders on your XP box, and some unknown process has established a connection to a remote host using these protocols. This remote host can now send you "net send" messages as the router's NAT process is translating the address accordingly.
    Would this still apply if you had set the permissions on the shared folders to read only or if you had to log in just to view them?

    Also if your using AOL then thats probably the cause.

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Would this still apply if you had set the permissions on the shared folders to read only or if you had to log in just to view them?
    Yes. To log in from outside the network, communication is still required over those ports, whether or not access is granted. The fact that a password is even requested indicates that communication is occuring with those protocols, and must therefore be allowed through the router.

    Don't know about the AOL bit though.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  10. #10
    Junior Member
    Join Date
    Nov 2004
    Posts
    18
    Ahh ok thanks.

    Last Time I used AOL was about 6 months ago, but even then it was still infested with spam. I would get netsend messages every hour or so, until I shutdown the service ofcourse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •