|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISPs are asked to block yet another port
On Monday, 2003-06-23 at 01:59 AST, Sean Donelan <[email protected]> wrote: > http://www.lurhq.com/popup_spam.html > > "LURHQ Corporation has observed traffic to large blocks of IP addresses on > udp port 1026. This traffic started around June 18, 2003 and has been > constant since that time. LURHQ analysts have determined that the source > of the traffic is spammers who have discovered that the Windows Messenger > service listens for connections on port 1026 as well as the more > widely-known port 135. Windows Messenger has been a target for spammers > since late last year, because it allows anonymous pop-up messages to be > displayed on any Windows system running the messenger service. Due to > widespread abuse, many ISPs have moved to block inbound traffic on udp > port 135. It appears the spammers have adapted, so ISPs are urged to block > udp port 1026 inbound as well." > > > How many ports should ISPs block? People still buy and connect insecure > computers to the net. Good point. In this case, stateless blocking of traffic to 1026/udp will block several per cent of the responses to dns queries (in addition to substantial other legitimate traffic). This is a denial of service for your own customers. Tony Rall
|