[Dshield] Port 135

KeithTarrant@spamcop.net KeithTarrant at spamcop.net
Fri Oct 18 13:30:01 GMT 2002

I agree with Jon, but this isn't something individuals should be doing.
It is something that outfits like DShield, MyNetWatchman, and ISPs who
don't have the phone number of a specific client should have the option of

If individuals start doing it there is the likelihood that many messages
will be incorrect, and will occur so often, or be worded such that, they
are harrassing.

A letter or message sent to a specific computer for a specific reason
(probes by that computer), and the reason is not applicable to any other
computer (the other computers sent other probes), does not fit any of
generally accepted definitions of spam, because it isn't a mass message
(even though it may be repeatedly sent).

Additionally, that a message primarily benefits the recipient over the
sender, and that a message isn't advertising, excludes it from being
spam in some definitions.

Furthermore, the message is displayed using a service already running on
the receiving computer.  And it is the sort of message that that service
was designed to convey (a message to the attendant of a specific computer
when a phone number is unavailable to the sender).

To say this is an "unauthorized use of a computer" would require
considering pinging, pop-up ads, spam, and search hi-jacking as
"unauthorized use of a computer" because they all use services on the
recipient computer without the permission of the owner of that computer.

Considering civil action, any person or organization probed by a computer
in France or other "civil law" country, and who realizes that the French
computer is probably infected has a legal obligation to aid the custodian
of that computer and could be held liable by French courts for failure to
aid someone in need.  This is would be an issue if your employer has
holdings in France.

In any event, in most jurisdictions worldwide trespassing is not a crime
if done to aid the owner of the property when he is in need even if he
doesn't know he is in need (Texas is probably an exception).  Intent is a
major part of the law when it comes to criminality.

As well, it isn't strictly a private network if it is open to the
internet, rather it is a privately owned part of the internet.

Jon is not suggesting breaking down firewalls anyway.  So this speculation
is a red herring.

Send the message, and there is maybe a 25% chance of it getting through.
The recipient has to be turned on, running Windows, can't have the service
stopped, can't be firewalled, and someone has to see the message and has
to be able to read and understand the message.

But 25% is pretty good.  What are the chances of the person being home
when the abuse analyst from their ISP phones?  And once the port 135
message is sent, the normal abuse letter would still be sent.  The message
is just to allow the recipient to secure their system sooner.

Here are 2 definitions of spam.
"Electronic junk mail or junk newsgroup postings. Some people define spam
even more generally as any unsolicited e-mail. However, if a long-lost
brother finds your e-mail address and sends you a message, this could
hardly be called spam, even though it's unsolicited. Real spam is
generally e-mail advertising for some product sent to a mailing list or

-- It is that broad definition that some people have of "any unsolicited
email" that would apply, but the webopedia authority explicitly rejects
that definition.

"An electronic message is "spam" IF: (1) the recipient's personal identity
and context are irrelevant because the message is equally applicable to
many other potential recipients; AND (2) the recipient has not verifiably
granted deliberate, explicit, and still-revocable permission for it to be
sent; AND (3) the transmission and reception of the message appears to the
recipient to give a disproportionate benefit to the sender."

This has "AND" not "OR" (their caps).  The benefit is disproportionately
to the recipient, not the sender, and the recipient's context is important
(assuming "context" means something like what they are and what they are

Here are 2 acceptable use policies on spam:

"The ISP Service may not be used to upload, post, transmit or otherwise
make available any materials or content that violate or infringe on the
rights or dignity of others.  These include, but are not limited to,
materials infringing or compromising intellectual property rights or the
ability to maintain trade secrets and other personal information as
private; the ability to avoid hate speech; threats of physical violence;
harassing conduct; sexually oriented material that is offensive or
inappropriate; and unsolicited bulk e-mail."

-- Its unsolicited, but it isn't bulk.

"The Services may not be used to send unsolicited bulk or commercial
messages. This includes, but is not limited to, bulk mailing of commercial
advertising, informational announcements, charity requests, petitions for
signatures and political or religious messages. Such messages may be sent
only to those who have explicitly requested them."

-- It is an informational announcement, but it isn't a bulk informational

"Mail Bombing is prohibited. You may not send numerous copies of the same
or substantially similar messages, nor may you send very large messages or
files to a recipient with the intent to disrupt a server or account. The
propagation of chain letters is prohibited, whether or not the recipient
wishes to receive such mailings."

-- The messages might be one-time, or twice, or as frequent as the current
escalation letters.  They must not be disruptive in any way.

In my opinion, the question with sending net.exe messages is how to word
them so they are understood and acted upon, while being respectful and

Again, I don't think that individual internet users should be sending
them, but
rather ISPs, DShield, MyNetWatchman and similar organizations.

- Keith

----- Original Message -----
From: "Lauro, John" <jlauro at umflint.edu>
To: <list at dshield.org>
Sent: Thursday, October 17, 2002 8:05 AM
Subject: RE: [Dshield] Port 135

> > >>>>
> > having knowingly accessed a computer without authorization or
> exceeding authorized access
> > <<<<
> >
> > Clearly this is knowing, without authorization and even though 135,
> and for the sake of argument
> > 80 may be exposed, the access exceeds what the system's owner
> authorizes.
> It is simply a message.  The computer was not accessed in an
> unauthorized manner.  Otherwise, it would be illegal to send e-mail to
> someone without prior authorization...  There are lots of people who
> would love to and have tried to prosecute regular e-mail spam, and you
> think something much easier to block would stand up in court when
> regular spam is difficult (but possible is some cases) to prosecute?

More information about the list mailing list