[windows2000] Re: Windows Messenger port?

  • From: "Dean Theophilou" <dino7@xxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Tue, 15 Oct 2002 18:32:51 -0700

Here's a clip of what I found regarding the Messenger Service (go to
http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#danger-ports for
the whole thing).

----------------------------------------------------------------------------
-------------------------------------------------------------------
NET SEND on Windows
There has been a recent (2002-10-11) upsurge in NET SEND spam. This will pop
up a window on a Windows machine, using the Messenger Service (note this is
different from Windows or MSN Messenger, it's a low-level service built-in
to the Windows operating system).
The recent messages are making it past the usual NetBIOS filters (ports
137-139, port 445) because in Windows 2000 and XP, the Messenger Service now
works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint
resolution). That tells what high-numbered port the Messenger Service is
listening on. The best way to stop this is to permanently disable the
Messenger Service. You may also want to block port 135.
For more information, read:
* Spam Takes New Form (this describes the "classic" NetBIOS way of
exploiting the Messenger Service)
* Minimization of network services on Windows [2000 and XP] systems
* DSLreports Broadband Security Forum: Messenger Service window popped up on
my Server
For more information about some of the ports that Windows uses (for
legitimate purposes) see the Windows Resources section of my TCP/IP Ports
page.
----------------------------------------------------------------------------
-------------------------------------------------------------------

Hope this helps.

Dean Theophilou


This message contains information which may be confidential and privileged.
Unless you are the addressee (or authorized to receive for the addressee),
you may not use, copy, or disclose to anyone the message or any information
contained in the message.  If you have received the message in error, please
advise the sender by e-mail reply to dino7@xxxxxxxxxxxxx, and then delete
the message.

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich
Sent: Tuesday, October 15, 2002 6:32 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Windows Messenger port?


I want to block Windows Messenger messages from coming in via our router.
What port and connection method does it use?

Thanks.

Scott


==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm


==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: