At Mon Oct 14 20:41:54 2002, Jeremy Oddo wrote: > > What WinNT list(s) were talking about this? I'd like to get a little > more info. I was hit by it and I *KNOW* that the NetBIOS ports were > (and still are) closed tight. I'm really interested in how they (the > spammers) did what they did...and it seems no one really has any > answers.
As I understand it, the service running on port 135 is an "endpoint mapper" (in much the same way that portmap is on Unix systems). The remote system connects to port 135, and asks for the port on which the messenger service is running. The server replies with a port number, and the client sends the message to that port. Typically, ports 137-139 are considered as the "NetBIOS ports" and are blocked. But 135 is not normally blocked. Martin -- Martin Radford | "Only wimps use tape backup: _real_ [EMAIL PROTECTED] | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
