[Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port 1026

Johannes Ullrich jullrich at euclidian.com
Sat Jun 21 15:43:58 GMT 2003

> I am not sure that I would call it "suffer".  In general, Windows
> networking traffic (NetBIOS, Messenger/WinPopUP, SMB/CIFS) wasn't meant
> to be run over the Internet:  it is much more suitable for a LAN

Hm. Windows host can be connected to the Internet?

> What I (and I presume others) would prefer is that this traffic be
> blocked at the borders - where the ISP (or organization) connects to the
> Internet.  

I had plenty of arguments about this with different ISPs. It usually
comes down to cultural issues. Many people working for ISPs see the
internet as an open infrastructure that should be build around 
community derived standard. Blocking ports is against this philosophy.

However, my argument is that the Internet today is much different then
the internet we had 10 years ago. End users as they populate the
Internet now will never become proficient network administrators. Sure,
you can get personal fire walls and virus scanners. But they are just a
last line of defense in a very hostile environment. 

There are plenty of exploits and vulnerabilities other than file
sharing. However, blocking file sharing in itself will at least block
50-80% of 'malicious activity' and free resources to deal with the
harder problems.

> Having said that, my own ISP doesn't block this traffic, but I of course
> am free to do so.  And I do.

Call your ISPs and ask them to block ports! At least 135-139 and 445
(UDP and TCP). They should also block the 'unusual' protocols, like at
least 0 and 255, but maybe a few more.

More information about the list mailing list