Full Disclosure mailing list archives
Re: [Dshield] Re: Windows Messenger Popup Spamon UDP Port 1026
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 21 Jun 2003 14:02:48 -0700
the point being there should be no isp blocking of any ports period. Why? For what purpose? I would seek another provider if my ISP purposefly blocked ports. Unless a critical mass DDoS was in full disruption and temporary measuses taken to prevent further amplifiction, were used and full service restored after the threat was diminished. wood ----- Original Message ----- From: "Johannes Ullrich" <jullrich () euclidian com> To: "General DShield Discussion List" <list () dshield org> Cc: "Joe Stewart" <jstewart () lurhq com>; <full-disclosure () lists netsys com> Sent: Saturday, June 21, 2003 10:14 AM Subject: Re: [Dshield] Re: [Full-disclosure] Windows Messenger Popup Spamon UDP Port 1026
Well, blocking port 1026 is probably not such a great idea. But why would a non-windows user suffer if port 135-139 & 445 is
blocked?
On Sat, 2003-06-21 at 00:40, morning_wood wrote:so all users should suffer an ISP blocking ports just because some people run windows???? excuse me? Better would be to just disable windows mesaging service. or issue a patch for it, as opposed to blocking port traffic. wood ----- Original Message ----- From: "Joe Stewart" <jstewart () lurhq com> To: <list () dshield org> Cc: <full-disclosure () lists netsys com>;
<intrusions () incidents org>;
<isc () sans org> Sent: Friday, June 20, 2003 7:37 PM Subject: [Full-disclosure] Windows Messenger Popup Spam on UDP
Port
1026Windows Messenger Popup Spam on UDP Port 1026 URL: http://www.lurhq.com/popup_spam.html Release Date: June 20, 2003 Author: Joe Stewart LURHQ Corporation has observed traffic to large blocks of IPaddresseson UDP port 1026. This traffic started around June 18, 2003 and
has
been constant since that time. LURHQ analysts have determined
that
thesource of the traffic is spammers who have discovered that theWindowsMessenger service listens for connections on port 1026 as well
as
themore widely-known port 135. Windows Messenger has been a target
for
spammers since late last year, because it allows anonymous
pop-up
messages to be displayed on any Windows system running the
messenger
service. Due to widespread abuse, many ISPs have moved to block inbound traffic on UDP port 135. It appears the spammers haveadapted,so ISPs are urged to block UDP port 1026 inbound as well. It is possible to disable the messenger service on some
platforms
following the instructions below. However, the fact that you can receive these messages points to the fact that your computer is unsecured and vulnerable to other possible attacks in the
future.
Disabling the messenger service will stop the pop-up spam, but
will
not protect you in any other way. Home users are encouraged toinstallpersonal firewall software to block unauthorized connections totheircomputers. Users are discourged from purchasing specialized
Windows
Messenger popup blocking software as it is often sold by the
same
company that is sending the popups. To disable the Messenger Service, follow the instructions for
your
Windows version: Windows XP Home * Click Start, then click Control Panel. * Double-click Performance and Maintenance. * Double-click Administrative Tools. * Double-click Services. * Scroll down, highlight and right-click on Messenger and
choose
Properties * In the "Startup type" list, choose Disabled. * Click Stop, and then click OK. Windows XP Professional * Click Start, then click Control Panel. * Double-click Administrative Tools * Double-click Services * Scroll down, highlight and right-click on Messenger and
choose
Properties * In the "Startup type" list, choose Disabled. * Click Stop, and then click OK. Windows 2000/NT * Click Start, go to Settings, then click Control Panel. * Double-click Administrative Tools. * Double-click Service. * Double-click Messenger. * In the "Startup type" list, choose Disabled. * Click Stop, and then click OK. Windows 98/ME The Windows Messenger Service cannot be disabled -- About LURHQ Corporation LURHQ Corporation is the trusted provider of Managed Security Services. Founded in 1996, LURHQ has built a strong business protecting the critical information assets of more than 400customersby offering managed intrusion prevention and protection
services.
LURHQ's 24X7 Incident Handling capabilities enable customers to enhance their security posture while reducing the costs of
managing
their security environments. LURHQ's OPEN Service Delivery(TM) methodology facilitates a true partnership with customers byprovidinga real time view of the organization's security status via the Sherlock Enterprise Security Portal. For more information visit http://www.lurhq.com/ Copyright (c) 2003 LURHQ Corporation. Permission is hereby
granted
forthe redistribution of this document electronically. It is not to
be
altered or edited in any way without the express written consent
of
LURHQ Corporation. If you wish to reprint the whole or any part
of
this document in any other medium excluding electronic media,
please
e-mail advisories () lurhq com for permission. Disclaimer The information within this paper may change without notice. Use
of
this information constitutes acceptance for use in an AS IScondition.There are NO warranties implied or otherwise with regard to this information. In no event shall the author be liable for any
damages
whatsoever arising out of or in connection with the use or
spread of
this information. Feedback Updates and/or comments to: LURHQ Corporation http://www.lurhq.com/ advisories () lurhq com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ list mailing list list () dshield org To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Messenger Popup Spam on UDP Port 1026 Joe Stewart (Jun 20)
- Re: Windows Messenger Popup Spam on UDP Port 1026 morning_wood (Jun 20)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Johannes Ullrich (Jun 21)
- Re: [Dshield] Re: Windows Messenger Popup Spamon UDP Port 1026 morning_wood (Jun 21)
- Re: [Dshield] Re: Windows Messenger Popup Spamon UDP Port 1026 Joe Stewart (Jun 23)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Dietmar Goldbeck (Jun 21)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 petard (Jun 21)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Roy S. Rapoport (Jun 22)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Rick Updegrove (Jun 23)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Johannes Ullrich (Jun 21)
- Message not available
- Re: Windows Messenger Popup Spam - advisory amended Joe Stewart (Jun 23)
- Re: Windows Messenger Popup Spam on UDP Port 1026 morning_wood (Jun 20)
- Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026 Rick Updegrove (Jun 23)
- Re: RE: Windows Messenger Popup Spam on UDP Port 1026 Shawn McMahon (Jun 23)
- Re: RE: Windows Messenger Popup Spam on UDP Port 1026 Niels Bakker (Jun 23)