Messenger service also listens on port 1026 (http://www.lurhq.com/popup_spam.html). Personally I would disable this service as I've never seen a useful purpose. Make sure you block this port. As its above the 1024 priviledge ports it may be allowed through your firewall. In section 11 of SuSefirewall check the following setting. Mine is set to the following, but you may find this doesn't work. FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" The spammers are now using this port as a large majority of ISP are now blocking ports 135-137 to stop the various viruses/etc. Adam On Tue, 2003-08-26 at 20:22, Jose Valdez wrote:
Specifically block those ports and test. Saludos.
El mar, 26 de 08 de 2003 a las 09:53, Arndt Faulhaber escribió:
First thanks for the answer, but
Close this ports used by Netbios
udp/135 udp/137 - 139 udp/445 tcp/137 - 139 tcp/445
These ports are _not_ open (scanned using nmap...). No ports are open from the outside...
More information in http://www.hispasec.com/unaaldia/1587 (spanish) hmmm...
Could test your configuration with http://www.mynetwatchman.com/winpopuptester.asp
Jup, I had done that already... naturally that doesn't get through. I think the technique must be different, don't know how, but maybe the packets are generated from the inside (by some javascript, trojan or whatever...) -- could not put my finger to it yet...
Cheers, Arndt