Tue Dec 2 04:10:01 GMT 2003
MS-RPC call that handle's messaging. The spammers are using this RPC call
because most folks know to block port 139. We have not had trouble with
these pop-up messages where I work because we have been blocking port 135
for a while now.
On Tue, Oct 29, 2002 at 12:19:50PM -0000, Gareth Davies wrote:
> ---- Original Message -----
> From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
> To: <samba-technical at samba.org>
> Sent: Monday, October 28, 2002 10:24 PM
> Subject: RPC message service?
> > A curious article:
> > http://www.wired.com/news/technology/0,1282,55795,00.html
> > It says that the Messenger Service Spammers are using port 135, which
> > means that they're not using regular WinPOPUP stuff (the <03> names on
> > port 139). I do, in fact, see connect attempts to port 135 in my home
> > firewall logs. (I think they should be called slimewalls.)
> > I'm guessing that they're doing something RPC-related that has, basically,
> > the same effect. I'm just curious to know what it is...
> They are they are using Windows messenger..
> net send <ip address> "message goes here"
> Shaolin - IT Systems
> WB Ltd.
> .: http://www.security-forums.com :.
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical