Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Messenger Spam on 1026 - Bad News Kids
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Should still use a software firewall with a router »
« Netstat Prompt Results - What does this mean?  

BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR

Re: Messenger Spam on 1026 - Bad News Kids

Link fix:
»www.linklogger.com/portpuker.htm
permalink · 2003-09-16 07:26:00 · Reply to this
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Re: Messenger Spam on 1026 - Bad News Kids

Also, from what I've heard is the spammer doesn't have to "listen" for the response either, unless they want to confirm that the spam was received. By setting certain flags in the RPC data the spam will pop up with no handshake required, thus allowing mass "mailing" of messenger spam Slammer style, and the source IPs can even be spoofed.

I've been running a listener program, similar to your PortPuker (initially on 135, but now I run it on 1026-1028) on my Linux box and have captured over 2,300 messenger spams so far. The majority of them, ironically, are advertising ways to stop messenger spam.

Of course the good news is this garbage is easy to block, preferably with a firewall, or by turning off the Messenger service. Still, how much bandwidth is being wasted on this garbage.

I like that name PortPuker. I've made utilities with cool names in the past, my favorite is when I write data import utilities and call them DataSuckers.

KJP
[text was edited by author 2003-09-16 08:32:47]
permalink · 2003-09-16 08:32:13 · Print · Reply to this

Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

Re: Messenger Spam on 1026 - Bad News Kids

There is no handshaking required in UDP traffic, which is one reason why UDP traffic is faster then TCP traffic.

PortPeeker is basically a listener; PortPuker is the data transmitter and given it sends out 'custom' traffic we are hesitant to release it as it definitely has a black hat side (custom packet content crafter and sender for TCP/UDP/ICMP and captures the response, sound like a potential hacker test tool) that we wouldn't want to see it used by someone with less then honourable intentions.

Blake
permalink · 2003-09-16 13:31:23 · Print · Reply to this
Forums » Up and Running » Security » SecurityShould still use a software firewall with a router »
« Netstat Prompt Results - What does this mean?  

Tuesday, 01-Dec 21:02:21 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [127] Comcast Releasing Promised Usage Meter
· [67] Baltimore To Ban Lazy Cable Installs
· [56] Broadband Killed The Game Console
· [46] Rogers Unveils The ISP Dream Model
· [39] Rural Carriers Quickly Embracing Fiber
· [35] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [32] ACTA: Global Three Strikes
· [32] Latest Consumer Reports Survey Not Kind To AT&T
· [24] Midcontinent Socked With Easement Lawsuit
Most people now reading
· [Phish] email from CDC "personal vaccination profile" [Spam, Scam and Phishbusters]
· Ooma changing features [VOIP Tech Chat]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· [Internet] Gaming problem for "Heroes of Newerth" ( New bell Upd [Bell Canada]
· Am I the only one that loves to work in IT? [No, I Will Not Fix Your #@$!! Computer]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Windows 7 boot manager editing questions [Microsoft Help]
· buying a one way ticket [General Questions]
· Why Criminals (Hackers) Must Not Be Rewarded [Security]
· persistent connection to qw-in-f113.1e100.net on boot [Security]