RPC message service?
John E. Malmberg
wb8tyw at qsl.net
Wed Oct 30 02:29:00 GMT 2002
Gareth Davies wrote:
> ---- Original Message -----
> From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
>A curious article:
>>
>> http://www.wired.com/news/technology/0,1282,55795,00.html
>>
>>It says that the Messenger Service Spammers are using port 135, which
>>means that they're not using regular WinPOPUP stuff (the <03> names on
>>port 139). I do, in fact, see connect attempts to port 135 in my home
>>firewall logs. (I think they should be called slimewalls.)
When it is coming from any major U.S. ISP, a copy of the firewall logs,
along with the time and timezone e-mailed to the abuse@ and the
security@ seems to stop it for a while.
>>I'm guessing that they're doing something RPC-related that has, basically,
>>the same effect. I'm just curious to know what it is...
>
> <snip>
>
> They are they are using Windows messenger..
>
> net send <ip address> "message goes here"
>
It looks like the author of the spamware issued a press release and
conned a bunch of reporters into giving them free advertising.
I have not followed the latest link, but they are hawking the spamware
for between $300 U.S.D. and $700 a copy.
There was also a report that someone was offering $2000 U.S.D for a
program to send such spam.
Here is a great opportunity for Samba Developer's, especially published
authors to get their name in print while delivering a clue to these
reporters about what the real story is.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-technical
mailing list