Net send uses Port 135, UDP I think, but it could be TCP. You should block them both at your firewall, regardless.
And a reminder: Your firewall should also be blocking TCP and UDP ports 135-140 inclusive. These ports are used for Windows file sharing (aka NetBios, aka SAMBA, for Linux users; aka DAVE, for Mac users). If you need Windows file sharing (NetBios) access over the Internet you _really_, _really_ ought to be tunnelling through a VPN of some kind. -----Original Message----- From: [EMAIL PROTECTED] [mailto:owner-witango-talk@;witango.com]On Behalf Of Chris Smith Sent: Friday, October 18, 2002 10:58 PM To: Multiple recipients of list witango-talk Subject: Re: Witango-Talk: virus?? (OT) This insidious annoyance has just appeared on my local cable network provider and I have reported the actions to the provider as they violate the terms of use by most cable providers. The function that is being exploited here is the netsend command from a windows command prompt. I've also noticed that they are masking the computers name such as DEGREES which when a trace route is run on the network name the computer does not exist on the network. I'm not sure but I'm pretty sure that net is governed by port access so if anyone knew what port netsend communicates on that port could theoretically be shut down to incoming requests. This is not a virus but a dastardly, plot conceived by a ad guy who knew enough about the technology to be dangerous hmm. excuse me an annoyance. I've searched the Microsoft knowledgebase for any info on netsend command and can find nothing. Who knows how to disable netsend. And for all those network admins who use it. STOP and use email it is just as effective or do as we do in my office and use some form of IM like ICQ . csmith ... deleted ... ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
