Security

Tech Tip: Disable Win2K Messenger Service/Direct traffic with host headers

Learn how to disable the Messenger Service and direct traffic with host headers.

Windows 2000 Professional: Disable the Messenger Service

The Messenger Service in Windows provides a framework that enables users and processes to send pop-up messages to other computers. Management applications often use the service to send pop-up notifications to administrators that an event, such as a virus detection or a backup completion, has occurred.

Windows includes the Messenger Service, but don't confuse it with Windows Messenger, the desktop conferencing application also included with Windows.

Spammers have begun using the Messenger Service to blast advertisements to unprotected users. However, you can take steps to block these unwanted messages without spending money for an application.

The best approach is to block the ports used by the Messenger Service, which prevents all traffic from entering your network. If you have a network firewall in place, block NetBIOS and RPC traffic (UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445). If you don't have a network firewall, you can block these same ports with a client-side firewall.

If a firewall solution won't work for you, or if you don't need the Messenger Service, another approach is to simply disable the Messenger Service. Open the Services console from the Administrative Tools folder, and double-click the Messenger service. Click Stop, choose Disabled from the Startup Type drop-down list, and click OK. If you later need to start the service, you must change its startup type to either Manual or Automatic.

Windows 2000 Server: Direct Web traffic with host headers

When a Web client such as Internet Explorer or Netscape sends a request to a server for a Web page, the client typically does so using the fully qualified host name of the server, such as www.microsoft.com.

When Internet Information Services (IIS) receives the request, it examines the host header in the request to determine how it should respond. For example, in the request for www.microsoft.com/something/page.html, the host header is www.microsoft.com. IIS looks in the properties for the sites it maintains and serves the one that matches.

Each Web site in IIS has three identifying properties: IP address, port, and host header. At least one of these properties must be unique for each site. For example, multiple sites on the same server can use the same IP address and port, but each must have a unique host header. To direct traffic to a specific Web site, specify the appropriate host header in the site's properties.

For example, perhaps local clients can't access an internal Web site because of the way the firewall handles in-network requests for the server's public IP address. Rather than change the firewall configuration, add a DNS host record named local that points to the local IP address of the server.

Then, modify the properties of the site to add local.yourdomain.tld to the site, specifying your own public Internet domain in place of yourdomain.tld. Local clients can then connect to http://local.yourdomain.tld to access the site from behind the firewall.

Editor's Picks

Free Newsletters, In your Inbox