Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Messenger Spam on 1026 - Bad News Kids
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Should still use a software firewall with a router »
« Netstat Prompt Results - What does this mean?  
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Re: Messenger Spam on 1026 - Bad News Kids

Also, from what I've heard is the spammer doesn't have to "listen" for the response either, unless they want to confirm that the spam was received. By setting certain flags in the RPC data the spam will pop up with no handshake required, thus allowing mass "mailing" of messenger spam Slammer style, and the source IPs can even be spoofed.

I've been running a listener program, similar to your PortPuker (initially on 135, but now I run it on 1026-1028) on my Linux box and have captured over 2,300 messenger spams so far. The majority of them, ironically, are advertising ways to stop messenger spam.

Of course the good news is this garbage is easy to block, preferably with a firewall, or by turning off the Messenger service. Still, how much bandwidth is being wasted on this garbage.

I like that name PortPuker. I've made utilities with cool names in the past, my favorite is when I write data import utilities and call them DataSuckers.

KJP
[text was edited by author 2003-09-16 08:32:47]
permalink · 2003-09-16 08:32:13 · Print · Reply to this

Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

Re: Messenger Spam on 1026 - Bad News Kids

There is no handshaking required in UDP traffic, which is one reason why UDP traffic is faster then TCP traffic.

PortPeeker is basically a listener; PortPuker is the data transmitter and given it sends out 'custom' traffic we are hesitant to release it as it definitely has a black hat side (custom packet content crafter and sender for TCP/UDP/ICMP and captures the response, sound like a potential hacker test tool) that we wouldn't want to see it used by someone with less then honourable intentions.

Blake
permalink · 2003-09-16 13:31:23 · Print · Reply to this
Forums » Up and Running » Security » SecurityShould still use a software firewall with a router »
« Netstat Prompt Results - What does this mean?  

Friday, 04-Dec 07:59:28 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [142] Avast Antivirus Has Gone Mad
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [104] Comcast Makes NBC Universal Acquisition Official
· [88] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [66] Sprint Defuses GPS Privacy Media Bomb
· [66] FCC Ponders Moving From PSTN To IP Voice
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· HN9000 Disable Turbo Page to access OpenDNS [HughesNet Satellite]
· What to use while demonoid is down? [Filesharing Software]
· Extjs grid combo box. [Webmasters and Developers]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· IE8 InPrivate filter from adblock plus list [Microsoft Help]
· Many Sites Unreachable [Rogers]
· Warrior tank seem underpowered these days [World of Warcraft]