[unisog] Windows Messaging Spam

Peter Van Epp vanepp at sfu.ca
Fri Oct 11 02:04:29 GMT 2002


	It looks like it may indeed be port 135. I ran the 4 listed addresses
148.221.145.177, 216.127.74.158, 209.61.184.227 and 24.199.17.61 through 
argus since last Sunday. One (209.61.184.227) is pining for limewire (port
6346) at one of my wireless hosts (with a day off, likely for bad behavior
a day or two ago :-)). The interesting one however is 216.127.74.158 who has
been running a port 135/137 scan up our net one of which responded like
this:

Thu 10/10 15:14:18      udp  216.127.74.158.1958  <->  aaa.bb.ccc.ddd.135   1
   1       9         92       ACC
Thu 10/10 15:14:19      udp  216.127.74.158.137   <->  aaa.bb.ccc.ddd.137   1
   1       58        183      ACC
Thu 10/10 15:14:19      udp  aaa.bb.ccc.ddd.1161  <->  216.127.74.158.3909  1
   1       108       112      ACC
Thu 10/10 15:14:19      udp  aaa.bb.ccc.ddd.1028  <->  216.127.74.158.3909  1
   1       92        88       ACC
Thu 10/10 15:14:19      udp  216.127.74.158.137   <->  aaa.bb.ccc.ddd.137   1
   1       58        183      TIM
Thu 10/10 15:14:19      udp  216.127.74.158.3909   ->  aaa.bb.ccc.ddd.135   1
   0       743       0        TIM
Thu 10/10 15:14:19      udp  aaa.bb.ccc.ddd.1161   ->  216.127.74.158.3909  1
   0       88        0        TIM

	I assume this is the spam although I don't know. He looks to have
stopped for the night about 17:30 :-)

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the unisog mailing list