[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port 1026

Ed Truitt ed.truitt at etee2k.net
Sat Jun 21 13:42:31 GMT 2003

On Fri, 2003-06-20 at 23:40, morning_wood wrote:
> so all users should suffer an ISP blocking ports just because some
> people run windows???? excuse me? Better would be to just disable
> windows mesaging service. or issue a patch for it, as opposed to
> blocking port traffic.


I am not sure that I would call it "suffer".  In general, Windows
networking traffic (NetBIOS, Messenger/WinPopUP, SMB/CIFS) wasn't meant
to be run over the Internet:  it is much more suitable for a LAN, or a
corporate Intranet. The Internet lacks the infrastructure (WINS) needed
to properly support this type of traffic, and besides the Windows
networking model uses a flat namespace - again, an indication that it
was never *meant* to scale to the size of the Internet.

What I (and I presume others) would prefer is that this traffic be
blocked at the borders - where the ISP (or organization) connects to the
Internet.  That way, if you want to run these services internally, you
are free to do so.  At the same time, you aren't sending and receiving a
lot of useless packets (Windows networking is also EXTREMELY chatty!)
that tend to clog up your network.

Having said that, my own ISP doesn't block this traffic, but I of course
am free to do so.  And I do.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list