RE: Windows Messenger Popup Spam on UDP Port 1026

["Barry Dorrans" <barryd () idunno org>]

> Due to widespread abuse, many ISPs have moved to block
> inbound traffic on UDP port 135. It appears the spammers have adapted,
> so ISPs are urged to block UDP port 1026 inbound as well.


Why is it up to an ISP to block traffic?

I've "suffered" at the hands of an over active ISP who decided to block all
SQL traffic in and out of a data centre, with no warning or no email
informing me of the fact afterwards. 3 days of trying to debug why the heck
services were failing the ISP finally informs me of their over zealous
response.

As an aside, isn't UDP 1026 is generally accepted to be part of LSA/AD
Authenication? Has anyone else been able to reproduce this?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html