nanog mailing list archives
ISPs are asked to block yet another port
From: Sean Donelan <sean () donelan com>
Date: Mon, 23 Jun 2003 01:59:28 -0400 (EDT)
http://www.lurhq.com/popup_spam.html "LURHQ Corporation has observed traffic to large blocks of IP addresses on udp port 1026. This traffic started around June 18, 2003 and has been constant since that time. LURHQ analysts have determined that the source of the traffic is spammers who have discovered that the Windows Messenger service listens for connections on port 1026 as well as the more widely-known port 135. Windows Messenger has been a target for spammers since late last year, because it allows anonymous pop-up messages to be displayed on any Windows system running the messenger service. Due to widespread abuse, many ISPs have moved to block inbound traffic on udp port 135. It appears the spammers have adapted, so ISPs are urged to block udp port 1026 inbound as well." How many ports should ISPs block? People still buy and connect insecure computers to the net.
Current thread:
- ISPs are asked to block yet another port Sean Donelan (Jun 22)
- Re: ISPs are asked to block yet another port Tony Rall (Jun 22)
- Re: ISPs are asked to block yet another port Jeff Kell (Jun 23)
- Re: ISPs are asked to block yet another port Peter E. Fry (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jared Mauch (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port jlewis (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jack Bates (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)