[Intrusions] New SPAM Technique?
Mark Stingley
Mark.Stingley at Prager.com
Thu Jun 3 15:03:35 GMT 2004
Sean Rooney wrote:
> we're looking into this ourselves and request all available data in as
> much detail as possible please.
>
> Thankyou
> -sr
>
> On Jun 3, 2004, at 9:30 AM, Carey, Steve T GARRISON wrote:
>
>> Starting on 2 Jun 04, we have had an increasingly number of IP
>> addresses sending
>> the same SPAM message (see below), on UDP ports 1026/1027 (Windows
>> Messaging).
>> Up to 16 addresses involved with the same message, so far. Anyone
>> know if this
>> is because of compromised systems or a new version of spyware?
These intrusions target ports 1028 and 1029 as well.
So, to keep them out you will need to block inbound
on ports 1026-1029. In general, this means that
most firewalls should have a block on ports 0-1029,
naturally with exceptions for those few privileged
ports for hosts with valid inbound traffic.
--
Mark Stingley
Information Security Manager
Prager, Sealy & Co. LLC
99 Park Avenue, Suite 1520
New York, New York 10016
Phone: 212.661.6600
More information about the Intrusions
mailing list