Well, blocking port 1026 is probably not such a great idea. But why would a non-windows user suffer if port 135-139 & 445 is blocked?
On Sat, 2003-06-21 at 00:40, morning_wood wrote: > so all users should suffer an ISP blocking ports just because some > people run windows???? excuse me? Better would be to just disable > windows mesaging service. or issue a patch for it, as opposed to > blocking port traffic. > > wood > > ----- Original Message ----- > From: "Joe Stewart" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Friday, June 20, 2003 7:37 PM > Subject: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port > 1026 > > > > Windows Messenger Popup Spam on UDP Port 1026 > > > > URL: http://www.lurhq.com/popup_spam.html > > Release Date: June 20, 2003 > > Author: Joe Stewart > > > > LURHQ Corporation has observed traffic to large blocks of IP > addresses > > on UDP port 1026. This traffic started around June 18, 2003 and has > > been constant since that time. LURHQ analysts have determined that > the > > source of the traffic is spammers who have discovered that the > Windows > > Messenger service listens for connections on port 1026 as well as > the > > more widely-known port 135. Windows Messenger has been a target for > > spammers since late last year, because it allows anonymous pop-up > > messages to be displayed on any Windows system running the messenger > > service. Due to widespread abuse, many ISPs have moved to block > > inbound traffic on UDP port 135. It appears the spammers have > adapted, > > so ISPs are urged to block UDP port 1026 inbound as well. > > > > It is possible to disable the messenger service on some platforms > > following the instructions below. However, the fact that you can > > receive these messages points to the fact that your computer is > > unsecured and vulnerable to other possible attacks in the future. > > Disabling the messenger service will stop the pop-up spam, but will > > not protect you in any other way. Home users are encouraged to > install > > personal firewall software to block unauthorized connections to > their > > computers. Users are discourged from purchasing specialized Windows > > Messenger popup blocking software as it is often sold by the same > > company that is sending the popups. > > > > To disable the Messenger Service, follow the instructions for your > > Windows version: > > > > Windows XP Home > > * Click Start, then click Control Panel. > > * Double-click Performance and Maintenance. > > * Double-click Administrative Tools. > > * Double-click Services. > > * Scroll down, highlight and right-click on Messenger and choose > > Properties > > * In the "Startup type" list, choose Disabled. > > * Click Stop, and then click OK. > > > > Windows XP Professional > > * Click Start, then click Control Panel. > > * Double-click Administrative Tools > > * Double-click Services > > * Scroll down, highlight and right-click on Messenger and choose > > Properties > > * In the "Startup type" list, choose Disabled. > > * Click Stop, and then click OK. > > > > Windows 2000/NT > > * Click Start, go to Settings, then click Control Panel. > > * Double-click Administrative Tools. > > * Double-click Service. > > * Double-click Messenger. > > * In the "Startup type" list, choose Disabled. > > * Click Stop, and then click OK. > > > > Windows 98/ME > > The Windows Messenger Service cannot be disabled > > > > -- > > > > About LURHQ Corporation > > LURHQ Corporation is the trusted provider of Managed Security > > Services. Founded in 1996, LURHQ has built a strong business > > protecting the critical information assets of more than 400 > customers > > by offering managed intrusion prevention and protection services. > > LURHQ's 24X7 Incident Handling capabilities enable customers to > > enhance their security posture while reducing the costs of managing > > their security environments. LURHQ's OPEN Service Delivery(TM) > > methodology facilitates a true partnership with customers by > providing > > a real time view of the organization's security status via the > > Sherlock Enterprise Security Portal. For more information visit > > http://www.lurhq.com/ > > > > Copyright (c) 2003 LURHQ Corporation. Permission is hereby granted > for > > the redistribution of this document electronically. It is not to be > > altered or edited in any way without the express written consent of > > LURHQ Corporation. If you wish to reprint the whole or any part of > > this document in any other medium excluding electronic media, please > > e-mail [EMAIL PROTECTED] for permission. > > > > Disclaimer > > The information within this paper may change without notice. Use of > > this information constitutes acceptance for use in an AS IS > condition. > > There are NO warranties implied or otherwise with regard to this > > information. In no event shall the author be liable for any damages > > whatsoever arising out of or in connection with the use or spread of > > this information. > > > > Feedback > > Updates and/or comments to: > > LURHQ Corporation > > http://www.lurhq.com/ > > [EMAIL PROTECTED] > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > list mailing list > [EMAIL PROTECTED] > To change your subscription options (or unsubscribe), see: > http://www.dshield.org/mailman/listinfo/list _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
