[unisog] windows networking and udp 1026

Bill McCarty bmccarty at pt-net.net
Wed Dec 3 20:48:25 GMT 2003


Hi Peter,

--On Wednesday, December 03, 2003 11:51 AM -0800 Peter Moody 
<peter at ucsc.edu> wrote:

> I'm aware of what *this* popup scam did, but what I'm wondering about is
> future attacks.  Is udp/1026 another vector for blaster like viruses?
> Is this another proto/port pair that needs to be blocked like tcp/135 or
> tcp/445?

Definitely! The Windows Messenger service listens on ports in the range UDP 
1026-1031 and that service has known vulnerabilities. We may yet find that 
this pop-up incident was actually a smoke screen behind which someone was 
scanning for vulnerable hosts, in anticipation of launching a Windows 
Messenger attack.

Cheers,

---------------------------------------------------
Bill McCarty, Ph.D.
Associate Professor of Information Technology
Azusa Pacific University




More information about the unisog mailing list