[Dshield] What is the fun of this? Daily 70 packets to 1026and1027

Bhandari, Bishwa Bishwa.Bhandari at atosorigin.com
Tue Mar 29 17:49:46 GMT 2005


I am also seeing lots of similar directed traffic UDP on ports 1025, 1026, 1027, 1028 and 1029.
These are from about 20 source addresses spread over multiple addresses, allegedly ranging from china, brazil, korea and earthlink. The actual numbers differ from day to day, however averages about 40 packets, peaking at 150.

Thanking You,

Bishwa B Bhandari,

-----Original Message-----
From: Bob Savage [mailto:bsavage at rnr-inc.com]
Sent: 29 March 2005 12:42
To: General DShield Discussion List
Subject: RE: [Dshield] What is the fun of this? Daily 70 packets to
1026and1027


Is it possible that he is broadcasting to many IP addresses?  Your addresses might be only one of many.

Bob Savage



-----Original Message-----
From: Freek de Kruijf [mailto:f.de.kruijf at hetnet.nl]
Sent: Monday, March 28, 2005 12:07 PM
To: General DShield Discussion List
Subject: Re: [Dshield] What is the fun of this? Daily 70 packets to 1026
and1027


On Monday 28 March 2005 17:14, Johannes B. Ullrich wrote:
> > I wonder why anybody keeps "pounding" my IP-address so consistently
> > and what the fun is of this type of "attack".
>
> This is popup spam, directed at the Windows Messaging Service (not to
> be confused with 'Microsoft Instant Messenger').
> If you don't have a firewall, you would see a popup that looks very
> much like a windows system message. The Windows Messaging Service is
> usually used to notify users about print jobs that have completed, or
> if a remote administrator is about to shut down the system. So its a
> valid service, but there is no need to expose it to the Internet.

Dear Johannes,

I know all that. However why is this during a month and a half 
continuing everyday and still continuing. I can't imagen why that 
system/spammer is not using other IP-addresses or is he simply stupid?
-- 
fr.gr.

Freek
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


__________________________________________________________________________
This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive this 
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group 
liability cannot be triggered for the message content. Although the 
sender endeavours to maintain a computer virus-free network, the sender 
does not warrant that this transmission is virus-free and will not be 
liable for any damages resulting from any virus transmitted.
__________________________________________________________________________




More information about the list mailing list