the point being there should be no isp blocking of any ports period. Why? For what purpose? I would seek another provider if my ISP purposefly blocked ports. Unless a critical mass DDoS was in full disruption and temporary measuses taken to prevent further amplifiction, were used and full service restored after the threat was diminished.
wood ----- Original Message ----- From: "Johannes Ullrich" <[EMAIL PROTECTED]> To: "General DShield Discussion List" <[EMAIL PROTECTED]> Cc: "Joe Stewart" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, June 21, 2003 10:14 AM Subject: Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026 > Well, blocking port 1026 is probably not such a great idea. But > why would a non-windows user suffer if port 135-139 & 445 is blocked? > > > > On Sat, 2003-06-21 at 00:40, morning_wood wrote: > > so all users should suffer an ISP blocking ports just because some > > people run windows???? excuse me? Better would be to just disable > > windows mesaging service. or issue a patch for it, as opposed to > > blocking port traffic. > > > > wood > > > > ----- Original Message ----- > > From: "Joe Stewart" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Friday, June 20, 2003 7:37 PM > > Subject: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port > > 1026 > > > > > > > Windows Messenger Popup Spam on UDP Port 1026 > > > > > > URL: http://www.lurhq.com/popup_spam.html > > > Release Date: June 20, 2003 > > > Author: Joe Stewart > > > > > > LURHQ Corporation has observed traffic to large blocks of IP > > addresses > > > on UDP port 1026. This traffic started around June 18, 2003 and has > > > been constant since that time. LURHQ analysts have determined that > > the > > > source of the traffic is spammers who have discovered that the > > Windows > > > Messenger service listens for connections on port 1026 as well as > > the > > > more widely-known port 135. Windows Messenger has been a target for > > > spammers since late last year, because it allows anonymous pop-up > > > messages to be displayed on any Windows system running the messenger > > > service. Due to widespread abuse, many ISPs have moved to block > > > inbound traffic on UDP port 135. It appears the spammers have > > adapted, > > > so ISPs are urged to block UDP port 1026 inbound as well. > > > > > > It is possible to disable the messenger service on some platforms > > > following the instructions below. However, the fact that you can > > > receive these messages points to the fact that your computer is > > > unsecured and vulnerable to other possible attacks in the future. > > > Disabling the messenger service will stop the pop-up spam, but will > > > not protect you in any other way. Home users are encouraged to > > install > > > personal firewall software to block unauthorized connections to > > their > > > computers. Users are discourged from purchasing specialized Windows > > > Messenger popup blocking software as it is often sold by the same > > > company that is sending the popups. > > > > > > To disable the Messenger Service, follow the instructions for your > > > Windows version: > > > > > > Windows XP Home > > > * Click Start, then click Control Panel. > > > * Double-click Performance and Maintenance. > > > * Double-click Administrative Tools. > > > * Double-click Services. > > > * Scroll down, highlight and right-click on Messenger and choose > > > Properties > > > * In the "Startup type" list, choose Disabled. > > > * Click Stop, and then click OK. > > > > > > Windows XP Professional > > > * Click Start, then click Control Panel. > > > * Double-click Administrative Tools > > > * Double-click Services > > > * Scroll down, highlight and right-click on Messenger and choose > > > Properties > > > * In the "Startup type" list, choose Disabled. > > > * Click Stop, and then click OK. > > > > > > Windows 2000/NT > > > * Click Start, go to Settings, then click Control Panel. > > > * Double-click Administrative Tools. > > > * Double-click Service. > > > * Double-click Messenger. > > > * In the "Startup type" list, choose Disabled. > > > * Click Stop, and then click OK. > > > > > > Windows 98/ME > > > The Windows Messenger Service cannot be disabled > > > > > > -- > > > > > > About LURHQ Corporation > > > LURHQ Corporation is the trusted provider of Managed Security > > > Services. Founded in 1996, LURHQ has built a strong business > > > protecting the critical information assets of more than 400 > > customers > > > by offering managed intrusion prevention and protection services. > > > LURHQ's 24X7 Incident Handling capabilities enable customers to > > > enhance their security posture while reducing the costs of managing > > > their security environments. LURHQ's OPEN Service Delivery(TM) > > > methodology facilitates a true partnership with customers by > > providing > > > a real time view of the organization's security status via the > > > Sherlock Enterprise Security Portal. For more information visit > > > http://www.lurhq.com/ > > > > > > Copyright (c) 2003 LURHQ Corporation. Permission is hereby granted > > for > > > the redistribution of this document electronically. It is not to be > > > altered or edited in any way without the express written consent of > > > LURHQ Corporation. If you wish to reprint the whole or any part of > > > this document in any other medium excluding electronic media, please > > > e-mail [EMAIL PROTECTED] for permission. > > > > > > Disclaimer > > > The information within this paper may change without notice. Use of > > > this information constitutes acceptance for use in an AS IS > > condition. > > > There are NO warranties implied or otherwise with regard to this > > > information. In no event shall the author be liable for any damages > > > whatsoever arising out of or in connection with the use or spread of > > > this information. > > > > > > Feedback > > > Updates and/or comments to: > > > LURHQ Corporation > > > http://www.lurhq.com/ > > > [EMAIL PROTECTED] > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > _______________________________________________ > > list mailing list > > [EMAIL PROTECTED] > > To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
