Here's a clip of what I found regarding the Messenger Service (go to http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html#danger-ports for the whole thing). ---------------------------------------------------------------------------- ------------------------------------------------------------------- NET SEND on Windows There has been a recent (2002-10-11) upsurge in NET SEND spam. This will pop up a window on a Windows machine, using the Messenger Service (note this is different from Windows or MSN Messenger, it's a low-level service built-in to the Windows operating system). The recent messages are making it past the usual NetBIOS filters (ports 137-139, port 445) because in Windows 2000 and XP, the Messenger Service now works using RPC. A lookup is done on port 135 (epmap, DCE [RPC] endpoint resolution). That tells what high-numbered port the Messenger Service is listening on. The best way to stop this is to permanently disable the Messenger Service. You may also want to block port 135. For more information, read: * Spam Takes New Form (this describes the "classic" NetBIOS way of exploiting the Messenger Service) * Minimization of network services on Windows [2000 and XP] systems * DSLreports Broadband Security Forum: Messenger Service window popped up on my Server For more information about some of the ports that Windows uses (for legitimate purposes) see the Windows Resources section of my TCP/IP Ports page. ---------------------------------------------------------------------------- ------------------------------------------------------------------- Hope this helps. Dean Theophilou This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy, or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by e-mail reply to dino7@xxxxxxxxxxxxx, and then delete the message. -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich Sent: Tuesday, October 15, 2002 6:32 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Windows Messenger port? I want to block Windows Messenger messages from coming in via our router. What port and connection method does it use? Thanks. Scott ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm