[Dshield] RE: Windows Messenger Popup Spam on UDP Port 1026

Barry Dorrans barryd at idunno.org
Sat Jun 21 17:57:32 GMT 2003

> Due to widespread abuse, many ISPs have moved to block
> inbound traffic on UDP port 135. It appears the spammers have adapted,
> so ISPs are urged to block UDP port 1026 inbound as well.

Why is it up to an ISP to block traffic?

I've "suffered" at the hands of an over active ISP who decided to block all
SQL traffic in and out of a data centre, with no warning or no email
informing me of the fact afterwards. 3 days of trying to debug why the heck
services were failing the ISP finally informs me of their over zealous

As an aside, isn't UDP 1026 is generally accepted to be part of LSA/AD
Authenication? Has anyone else been able to reproduce this?

More information about the list mailing list