Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Source of Windows PopUp SPAM

From: Richard Akerman <rakerman () bigfoot com>
Date: 18 Oct 2002 01:45:53 -0000
In-Reply-To: <3DAEF826.484292FA () jmu edu>


Carv and all,

A 'net send' sent a message in my tests using UDP-135.
I suspect is varies with what protocols are bound by
the applications in questions and the machines in use.
The test systems I used did not have netbios/tcp
bound (139). The message was sent from an XP professional
machine to an XP home machine.


I have gathered some information at

http://www.akerman.ca/trojan-port-table.html#netsend

If anyone has tried disabling DCOM

http://www.uksecurityonline.com/husdg/windows2000/close135.htm

and that has prevented network "net send" but allowed local 
(machine internal) popups, I'd be interested in hearing.


-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe


-- Richard Akerman
http://www.akerman.ca/port-table.html
http://www.akerman.ca/trojan-port-table.html

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: