No subject


Tue Dec 2 04:10:01 GMT 2003


MS-RPC call that handle's messaging.  The spammers are using this RPC call 
because most folks know to block port 139.  We have not had trouble with 
these pop-up messages where I work because we have been blocking port 135 
for a while now.

Thanks!

Chris -)-----

On Tue, Oct 29, 2002 at 12:19:50PM -0000, Gareth Davies wrote:
> ---- Original Message -----
> From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
> To: <samba-technical at samba.org>
> Sent: Monday, October 28, 2002 10:24 PM
> Subject: RPC message service?
> 
> 
> > A curious article:
> >
> >   http://www.wired.com/news/technology/0,1282,55795,00.html
> >
> > It says that the Messenger Service Spammers are using port 135, which
> > means that they're not using regular WinPOPUP stuff (the <03> names on
> > port 139).  I do, in fact, see connect attempts to port 135 in my home
> > firewall logs.  (I think they should be called slimewalls.)
> >
> > I'm guessing that they're doing something RPC-related that has, basically,
> > the same effect.  I'm just curious to know what it is...
> <snip>
> 
> They are they are using Windows messenger..
> 
> net send <ip address> "message goes here"
> 
> AFAIK
> 
>              Shaolin - IT Systems
>                      WB Ltd.
> .: http://www.security-forums.com :.
> 

-- 
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org



More information about the samba-technical mailing list