Full Disclosure mailing list archives
Re: Cox is blocking port 135 - off topic
From: bugtracker505 () comcast net
Date: Sun, 10 Aug 2003 17:05:05 -0600
Comcast isn't blocking 135 or 445. I'm blocking them. Otherwise this sort of nonsense would get through: [**] Windows messenger spam [**] 08/10-10:18:16.332879 0:4:9B:EA:FC:54 -> 0:6:25:82:98:83 type:0x800 len:0x295 218.x.y.z:30099 -> 68.x.y.z:135 UDP TTL:47 TOS:0x0 ID:0 IpLen:20 DgmLen:647 DF Len: 619 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 ..(............. 00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11 ..........{Z.... A9 B2 00 C0 4F B6 E6 FC 0D 0A 1A BB 87 D3 7C 01 ....O.........|. F5 17 03 C7 37 63 82 93 00 00 00 00 01 00 00 00 ....7c.......... 00 00 00 00 00 00 FF FF FF FF 1B 02 00 00 00 00 ................ 06 00 00 00 00 00 00 00 06 00 00 00 42 4C 4F 43 ............BLOC 4B 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 K............... 4D 45 53 53 45 4E 47 45 52 00 00 00 E3 01 00 00 MESSENGER....... 00 00 00 00 E3 01 00 00 41 4C 45 52 54 20 4D 45 ........ALERT ME 53 53 41 47 45 20 23 34 54 36 30 55 37 33 3A 0D SSAGE #4T60U73:. 0A 0D 0A 49 66 20 79 6F 75 20 61 72 65 20 72 65 ...If you are re 63 65 69 76 69 6E 67 20 74 68 69 73 20 6D 65 73 ceiving this mes 73 61 67 65 2C 0D 0A 74 68 65 6E 20 79 6F 75 72 sage,..then your 20 63 6F 6D 70 75 74 65 72 20 69 73 20 6C 65 61 computer is lea 6B 69 6E 67 20 6F 75 74 20 79 6F 75 72 20 49 50 king out your IP 20 61 64 64 72 65 73 73 0D 0A 61 6E 64 20 6F 74 address..and ot 68 65 72 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 her information 61 62 6F 75 74 20 79 6F 75 20 6F 6E 20 74 68 65 about you on the 20 69 6E 74 65 72 6E 65 74 0D 0A 74 68 72 6F 75 internet..throu 67 68 20 79 6F 75 72 20 49 6E 74 65 72 6E 65 74 gh your Internet 20 61 63 63 6F 75 6E 74 2E 0D 0A 0D 0A 54 6F 20 account.....To 6C 65 61 72 6E 20 68 6F 77 20 74 6F 20 50 52 4F learn how to PRO 54 45 43 54 20 79 6F 75 72 73 65 6C 66 20 66 72 TECT yourself fr 6F 6D 20 74 68 69 73 20 63 6F 6D 70 72 6F 6D 69 om this compromi 73 65 0D 0A 0D 0A 56 49 53 49 54 20 3E 3E 3E 3E se....VISIT >>>> 20 20 20 20 20 77 77 77 2E 42 6C 6F 63 6B 4D 65 www.BlockMe 73 73 65 6E 67 65 72 2E 63 6F 6D 20 20 20 20 20 ssenger.com 3C 3C 3C 3C 0D 0A 0D 0A 0D 0A 43 6C 69 63 6B 69 <<<<......Clicki 6E 67 20 22 4F 4B 22 20 62 65 6C 6F 77 20 77 69 ng "OK" below wi 6C 6C 20 63 6C 6F 73 65 20 74 68 69 73 20 77 69 ll close this wi 6E 64 6F 77 20 66 6F 72 65 76 65 72 2E 20 20 49 ndow forever. I 66 20 79 6F 75 20 77 6F 75 6C 64 20 6C 69 6B 65 f you would like 20 74 6F 0D 0A 73 65 63 75 72 65 20 79 6F 75 72 to..secure your 20 63 6F 6D 70 75 74 65 72 2C 20 6D 61 6B 65 20 computer, make 73 75 72 65 20 79 6F 75 20 77 72 69 74 65 20 64 sure you write d 6F 77 6E 20 74 68 65 20 77 65 62 20 61 64 64 72 own the web addr 65 73 73 20 61 62 6F 76 65 0D 0A 68 74 74 70 3A ess above..http: 2F 2F 77 77 77 2E 42 6C 6F 63 6B 4D 65 73 73 65 //www.BlockMesse 6E 67 65 72 2E 63 6F 6D 0D 0A 00 nger.com... Roger On Sunday 10 August 2003 4:55 pm, pdt () jackhammer org wrote:
If they do it like Comcast has it implemented even clients on the same cable router can't speak on the "windows" ports to each other. Last I checked they were blocking 137-139 and have been for some time.Off topic: This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP on 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a client tries to connect to a remote host for file/print sharing/etc it connects on both ports 135 and 445, if a response is recieved from port 445 it drops the connection to 135. THe attack works quite well against client systems using port 445. If Cox blocks both ports 135 and 445 that will be semi-effective (except of course for internal users who spread a worm/etc, such as laptops that move around). THis may block a few of the more stupid attacks but not for long. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cox is blocking port 135 Joey (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)
- Re: Cox is blocking port 135 - off topic martin f krafft (Aug 10)
- Re: Cox is blocking port 135 - off topic pdt (Aug 10)
- Re: Cox is blocking port 135 - off topic harq deman (Aug 10)
- Re: Cox is blocking port 135 - off topic bugtracker505 (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- Re: Cox is blocking port 135 - off topic Nick FitzGerald (Aug 10)
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- RE: Cox is blocking port 135 - off topic Rick Kingslan (Aug 10)
- Message not available
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)