Home page logo

nanog logo nanog mailing list archives

Re: ISPs are asked to block yet another port
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 23 Jun 2003 02:58:56 -0400

The description by LURHQ is misleading. Messenger is an RPC service. Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the port number of the messenger service, then send the message to that port. It turns out that messenger can "typically" be found on 1026.

And as was noted earlier, unconditionally blocking udp/1026 will cause
a lot of collateral damage when udp/1026 outbound is used as an ephemeral port for a legitimate UDP-based service (DNS, NTP, etc).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]