nanog mailing list archives
Re: ISPs are asked to block yet another port
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 23 Jun 2003 02:58:56 -0400
The description by LURHQ is misleading. Messenger is an RPC service. Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the port number of the messenger service, then send the message to that port. It turns out that messenger can "typically" be found on 1026.
And as was noted earlier, unconditionally blocking udp/1026 will causea lot of collateral damage when udp/1026 outbound is used as an ephemeral port for a legitimate UDP-based service (DNS, NTP, etc).
Jeff
Current thread:
- ISPs are asked to block yet another port Sean Donelan (Jun 22)
- Re: ISPs are asked to block yet another port Tony Rall (Jun 22)
- Re: ISPs are asked to block yet another port Jeff Kell (Jun 23)
- Re: ISPs are asked to block yet another port Peter E. Fry (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jared Mauch (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port jlewis (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)
- Re: ISPs are asked to block yet another port Jack Bates (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port Paul Vixie (Jun 23)
- Re: ISPs are asked to block yet another port Christopher L. Morrow (Jun 23)