That's a bad sign. None of those ports should be open to the outside world - you risk having your entire network hijacked. It's good practice to block all ports that are not required for services you are offering specifically. But especially block:
135, 137, 138, 139. Hope this helps, _M | -----Original Message----- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Frederick Samarelli | Sent: Monday, October 14, 2002 2:41 PM | To: [EMAIL PROTECTED] | Subject: Re: Re: [Declude.JunkMail] Spam Mail Statistics | | | I found by blocking port 135 stops the Messenger Pop-ups. | | | ----- Original Message ----- | From: "Dan Horne" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Monday, October 14, 2002 1:38 PM | Subject: RE: Re: [Declude.JunkMail] Spam Mail Statistics | | | > I got this from one of the Lockergnome newsletters that came out | > recently. | > | > Dan | > | > | ---------------------------------------------------------------------- | > - | > Pop-up Spammers | > | > I've often wondered how long it would take for the abuse of | > Microsoft's Messenger services to begin. This is a network service | > that listens for messages, which are displayed on screen when | > received. You can use this service to send text messages to other | > users on the network ("net send" command from a DOS | prompt), provided | > they have the services running. As you might expect, this | is enabled | > by default in Windows NT/2K/XP, and for little reason. I | know of very | > few people that actually use it, particularly home users. | Those of you | > that are on broadband connections and are not running a | firewall may | > have seen a strange little window pop up at you hawking diplomas, | > inviting you to visit an explicit website or whatever else our | > favorite bunch of Internet low-life can dredge up. | > | > I have always been very supportive of a minimalist | configuration. Turn | > it off by default, then let the user decide if they want it | turned on. | > As things are, we have all sorts of virtually useless | capability built | > into Windows and other Microsoft software, and fully enabled by | > default. Maybe there's a case to be made for the functionality, but | > there is not a case to be made for subjecting the masses to | such abuse | > when the feature won't be used by the vast majority of | users and it's | > quite easy to scan the open ports on a workstation to see if the | > service is available for abuse. With Windows 2000 and XP | seeing much | > wider adoption, and port 139 open by default, it was only a | matter of | > time before it was taken advantage of to pester unsuspecting users. | > | > You can disable the Messenger in Windows 2000/XP by right- | clicking My | > Computer, selecting Manage from the context menu. Expand | Services and | > Applications and click Services, which will populate the | right window | > pane with the long list of services installed. scroll down to | > Messenger and double-click the item. In the Startup Type | dropdown box, | > select Disabled, then click the Stop button in the Service Status | > section of the window. From now on, your PC will not be | subjected to | > these pop-up messages. | > | > --- | > [This E-mail scanned for viruses by Declude Virus] | > | > --- | > [This E-mail was scanned for viruses by Declude Virus | (http://www.declude.com)] | > | > --- | > This E-mail came from the Declude.JunkMail mailing list. To | > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type | > "unsubscribe Declude.JunkMail". The archives can be found at | > http://www.mail-archive.com. | > | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
