RPC message service?

John E. Malmberg wb8tyw at qsl.net
Wed Oct 30 02:29:00 GMT 2002

Gareth Davies wrote:
> ---- Original Message -----
> From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
>A curious article:
>>  http://www.wired.com/news/technology/0,1282,55795,00.html
>>It says that the Messenger Service Spammers are using port 135, which
>>means that they're not using regular WinPOPUP stuff (the <03> names on
>>port 139).  I do, in fact, see connect attempts to port 135 in my home
>>firewall logs.  (I think they should be called slimewalls.)

When it is coming from any major U.S. ISP, a copy of the firewall logs, 
along with the time and timezone e-mailed to the abuse@ and the 
security@ seems to stop it for a while.

>>I'm guessing that they're doing something RPC-related that has, basically,
>>the same effect.  I'm just curious to know what it is...
> <snip>
> They are they are using Windows messenger..
> net send <ip address> "message goes here"

It looks like the author of the spamware issued a press release and 
conned a bunch of reporters into giving them free advertising.

I have not followed the latest link, but they are hawking the spamware 
for between $300 U.S.D. and $700 a copy.

There was also a report that someone was offering $2000 U.S.D for a 
program to send such spam.

Here is a great opportunity for Samba Developer's, especially published 
authors to get their name in print while delivering a clue to these 
reporters about what the real story is.

wb8tyw at qsl.network
Personal Opinion Only

More information about the samba-technical mailing list