Home page logo

basics logo Security Basics mailing list archives

Re: NetBIOS Messenger spam - how did it get in?
From: "Remington Winters" <fyreguy () rivetgeek com>
Date: Thu, 31 Oct 2002 14:23:08 -0800

I too have received this.  It shows as coming from "Webpopup".  I am rather
curious if this is coming from a spoofed ip directly, or if some file placed
in the temp folder is executing a script perhaps?

As a temporary measure I disabled messenger.  If anyone knows how to stop
this rather annoying spam please let me know.

----- Original Message -----
From: "Damon McMahon" <inst_karma () hotmail com>
To: <feltman () pacbell net>; <security-basics () securityfocus com>
Sent: Wednesday, October 30, 2002 3:09 PM
Subject: RE: NetBIOS Messenger spam - how did it get in?

Ahhh yes my mistake, mixing up the source and destination addresses.

Of course, this begs the question why internet routers do not filter on
source address, but I'm sure the ISPs have their own self-justifying

1. Is this possible? I would have thought any packet
with such a spoofed IP address would be deemed
non-routable by any of the routers between the source
host and mine, and hence would never make it to my host?

The destination (your external address) is routable. Source is ignored
unless prohibited. Non-routable addresses are not allowed to be the
destination on the public Internet.


Get faster connections -- switch to MSN Internet Access!

  By Date           By Thread  

Current thread:
  • Re: NetBIOS Messenger spam - how did it get in? Remington Winters (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]