Full Disclosure: RE: Windows Messenger Popup Spam on UDP Port 1026

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: Windows Messenger Popup Spam on UDP Port 1026

From: "Barry Dorrans" <barryd () idunno org>
Date: Sat, 21 Jun 2003 18:57:32 +0100

Due to widespread abuse, many ISPs have moved to block
inbound traffic on UDP port 135. It appears the spammers have adapted,
so ISPs are urged to block UDP port 1026 inbound as well.



Why is it up to an ISP to block traffic?

I've "suffered" at the hands of an over active ISP who decided to block all
SQL traffic in and out of a data centre, with no warning or no email
informing me of the fact afterwards. 3 days of trying to debug why the heck
services were failing the ISP finally informs me of their over zealous
response.

As an aside, isn't UDP 1026 is generally accepted to be part of LSA/AD
Authenication? Has anyone else been able to reproduce this?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: [Dshield] Re: Windows Messenger Popup Spam on UDP Port 1026, (continued)
- RE: Windows Messenger Popup Spam on UDP Port 1026 Barry Dorrans (Jun 21)
  - Re: RE: Windows Messenger Popup Spam on UDP Port 1026 Shawn McMahon (Jun 23)
    - Re: RE: Windows Messenger Popup Spam on UDP Port 1026 Niels Bakker (Jun 23)
- Re: Windows Messenger Popup Spam on UDP Port 1026 Marcus Specht (Jun 21)