[unisog] Windows Messaging Spam

Ken Connelly Ken.Connelly at uni.edu
Thu Oct 10 10:52:00 GMT 2002


Bill Martin wrote:

> Alternatives;
>
> Shut off messaging (net stop "messaging") :-).
> Block it at the front door.

Does this run on one of the standard windoze ports, 135-139 and/or 445?

>
>
> I still find it amazing that people actually allow this to pass through their front door, but that's just me.
>
> >>> "Evans, Edward J." <edevans at purdue.edu> 10/09/02 03:56PM >>>
> It has happened here at Purdue, too.
> Ed
>
> -----Original Message-----
> From: Pat Wilson [mailto:paw at noh.ucsd.edu]
> Sent: Wednesday, October 09, 2002 12:12 PM
> To: Phil.Rodrigues at uconn.edu; unisog at sans.org
> Cc: RESNET-L at LISTSERV.ND.EDU
> Subject: Re: [unisog] Windows Messaging Spam
>
> We've seen this, too.  Haven't had time to look into it...
>
> Pat Wilson
> Network Security Manager
> UCSD ACS/Network Operations
> paw at ucsd.edu
> 6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
>
> Phil.Rodrigues at uconn.edu writes:
>
>         Twice this week every computer at the University of Connecticut had
> a poem
>         and URL sent to it through windows messaging ("net send").  It looks
> like
>         a very creative form of spam.  It was sent by an off-campus address
> in a
>         cable modem range, and we have logged a complaint with the ISP.
> Other
>         than finally approving our windows networking block there is little
> we can
>         do about it, except for blocking the IP address of the sender.
>
>         Anyone else get these messages?  This is the first time I have seen
> them
>         on such a wide-scale....
>
>         --------------------------------------------------------------------
>
>         Message from PC64 (24.199.17.61) to COMPUTERNAME on 10/6/2002
> 10:34:37 PM
>
>         Love must kiss that mortal's eyes
>         Who hopes to see fair Arcady
>         {snipped rest of poem}
>
>         Henry Cuyler Bunner (1855-1896)
>
>         Provide {sic} by http://www.ALLprice.info
>
>         --------------------------------------------------------------------
>
>         Phil
>
>         =======================================
>         Philip A. Rodrigues
>         Network Analyst, UITS
>         University of Connecticut
>
>         email: phil.rodrigues at uconn.edu
>         phone: 860.486.3743
>         fax: 860.486.6580
>         web: http://www.security.uconn.edu
>         =======================================

--
- Ken
===========================================================================
Ken Connelly (KC152) Systems and Operations Manager, ITS - Network Services
University of Northern Iowa                     Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu    phone: (319) 273-5850    fax: (319) 273-7373





More information about the unisog mailing list