Re: NetBIOS Messenger spam - how did it get in?

["Remington Winters" <fyreguy () rivetgeek com>]

I too have received this.  It shows as coming from "Webpopup".  I am rather
curious if this is coming from a spoofed ip directly, or if some file placed
in the temp folder is executing a script perhaps?

As a temporary measure I disabled messenger.  If anyone knows how to stop
this rather annoying spam please let me know.

----- Original Message -----
From: "Damon McMahon" <inst_karma () hotmail com>
To: <feltman () pacbell net>; <security-basics () securityfocus com>
Sent: Wednesday, October 30, 2002 3:09 PM
Subject: RE: NetBIOS Messenger spam - how did it get in?


> Ahhh yes my mistake, mixing up the source and destination addresses.
>
> Of course, this begs the question why internet routers do not filter on
> source address, but I'm sure the ISPs have their own self-justifying
> reasons...
>
> > 1. Is this possible? I would have thought any packet
> > with such a spoofed IP address would be deemed
> > non-routable by any of the routers between the source
> > host and mine, and hence would never make it to my host?
>
> > The destination (your external address) is routable. Source is ignored
> > unless prohibited. Non-routable addresses are not allowed to be the
> > destination on the public Internet.
> >
> > jef
>
>
> _________________________________________________________________
> Get faster connections -- switch to MSN Internet Access!
> http://resourcecenter.msn.com/access/plans/default.asp