Security Incidents mailing list archives
Re: Strange Message
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 11 Oct 2002 17:40:59 -0400
Gary Flynn wrote:
BTW. It doesn't come through netbios. We've got ports 137-139 and 445 blocked and we've seen it. It comes from the Windows Messenger service. This service is an RPC service. Client contact the RPC port (135) which then tells the client which high port the Messenger service is listening on. The Messenger service runs by default on NT, 2k, and XP computers. One site I looked at said it runs as service.exe.
Correction. svchost.exe A high UDP port opens from this process when I send a message locally. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange Message Reasoner, Scott (Oct 11)
- Re: Strange Message Paul Wilson (Oct 11)
- Re: Strange Message Chris Brenton (Oct 11)
- RE: Strange Message John Stauffacher (Oct 11)
- RE: Strange Message Jason Robertson (Oct 14)
- RE: Strange Message John Stauffacher (Oct 11)
- Re: Strange Message Gary Flynn (Oct 11)
- Re: Strange Message Gary Flynn (Oct 14)
- <Possible follow-ups>
- Re: Strange Message Deus, Attonbitus (Oct 11)