Security Basics mailing list archives
Re: NetBIOS Messenger spam - how did it get in?
From: "Remington Winters" <fyreguy () rivetgeek com>
Date: Thu, 31 Oct 2002 14:23:08 -0800
I too have received this. It shows as coming from "Webpopup". I am rather curious if this is coming from a spoofed ip directly, or if some file placed in the temp folder is executing a script perhaps? As a temporary measure I disabled messenger. If anyone knows how to stop this rather annoying spam please let me know. ----- Original Message ----- From: "Damon McMahon" <inst_karma () hotmail com> To: <feltman () pacbell net>; <security-basics () securityfocus com> Sent: Wednesday, October 30, 2002 3:09 PM Subject: RE: NetBIOS Messenger spam - how did it get in?
Ahhh yes my mistake, mixing up the source and destination addresses. Of course, this begs the question why internet routers do not filter on source address, but I'm sure the ISPs have their own self-justifying reasons...1. Is this possible? I would have thought any packet with such a spoofed IP address would be deemed non-routable by any of the routers between the source host and mine, and hence would never make it to my host?The destination (your external address) is routable. Source is ignored unless prohibited. Non-routable addresses are not allowed to be the destination on the public Internet. jef_________________________________________________________________ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
Current thread:
- Re: NetBIOS Messenger spam - how did it get in? Remington Winters (Nov 01)