Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Spam

Stopping NetBIOS Spam? 97

Posted by Cliff from the nothing-is-sacred dept.
MoonFacedAssassin asks: "I woke up this morning to find that my computer had a Windows messaging pop-up window with an advertisement about getting diplomas and degrees. I was quite shocked to find that my Bellsouth DSL IP address had been spammed. Has this happened to anyone else? Other than closing off the port which this can come through, are there any other ways to block this spam? And, how responsible is Bellsouth (or any ISP for that matter) in handling issues like this?"
This discussion has been archived. No new comments can be posted.

Stopping NetBIOS Spam? More

Stopping NetBIOS Spam?

Comments Filter:

  • Happening at colleges too (Score:2, Interesting)

    by Q3vi1 ( 611292 ) <sean@radicalmonk ... inus threevowels> on Friday October 11, 2002 @03:06AM (#4430312)
    This same issue just came across on the Departmental Computing mailing list for my college University of Oregon. The following is an excerpt from an e-mail by our Senior Security Engineer on the subject:
    I think that port 135 might be common here. But that's gonna hurt, because I think that port number has historically been overloaded to now mean more than one thing depending on which Win OS version you are running.

    Here's an XP -> SMBd example. I can see that by using WinXP machine and testing
    net send "blah"
    This uses an ephemeral port on the source and targets port 135 UDP on the destination. Succeeds.
    MS: Q150543 [microsoft.com]
    Or DCOM stuff like this:
    Protocol: DCOM
    In: TCP on port 135
    You must open TCP and UDP on port 135. This port is used for initial Windows Media server-to-client and server-to-encoder communications, as well as essential processes. The protocol used for these initial communications is DCOM.
    Microsoft says block it at the firewall:
    MS Security Bulletin [microsoft.com]
    Looks like a toughy though. I think we could break some stuff easily here if we're not careful. We'll have to talk this over. Removing Winpopup.exe or disabling Windows Messenger service seems like an obvious fix for a disgruntled user.

  • Block, but use rules. (Score:2, Interesting)

    by cryptor3 ( 572787 ) on Friday October 11, 2002 @03:19AM (#4430355) Journal
    I assume that you don't want to block the port because you want to have fully functional file sharing with people you know in your vicinity.

    I think that what you probably want is to block the port to all IP addresses that are not in your subnet (local network). Therefore, if anyone spams you in the future, they have to be inside BellSouth, and you can (probably) get their account closed. But chances are, there's not gonna be anyone spamming like that from inside BellSouth.

  • Crappy ISP! (Score:3, Interesting)

    by haplo21112 ( 184264 ) <haplo@ep[ ]na.com ['ith' in gap]> on Friday October 11, 2002 @08:39AM (#4431242) Homepage
    Most decent DSL/CABLE Modem providers block the netbios ports these days...thats just sad that they have those ports open and avialable for traffic on thier network.

    Hint: Get a linksys router and those ports will no longer be available for spam...

    Hint2: Don't leave windows machine hanging on the wire like that unless they are memebers of NT domain. It will stepup the security of the Netbios connections.

    Hint3: Not ever leave an improperly secured NT machine hanging on the wire like that....

    Hint4: see hint 1

  • Re:Shut it down? (Score:2, Interesting)

    by Blkdeath ( 530393 ) on Friday October 11, 2002 @09:04AM (#4431365) Homepage
    I believe shutting down the messenger service will stop them.
    Yeah, great idea - shut down the service that allows crackers to send you a banner advertising their illicit activities and force them to work in stealth mode.

    That's worse than a band-aid for a broken arm, we're into tumor land here.

  • Re:You said it yourself... (Score:5, Interesting)

    by diesel_jackass ( 534880 ) <travis...hardiman@@@gmail...com> on Friday October 11, 2002 @09:39AM (#4431565) Homepage Journal
    >I wish I could pop up a message on their
    >screens. Something polite and respectful
    >like 'piss off you little bastard'.

    I don't know about popping a message, but you could have fun with Slap [securitysoftware.cc]:

    Slap [securitysoftware.cc] - If you're like me you run firewall software that tells you when someone tries to access your system. Sometimes I respond with a few packets of my own just to let them know that I am paying attention. I wrote Slap to make responding to these access attempts easier and more entertaining. Just enter the IP address of the person you wish to slap and click on the Slap button. The program will attempt to access all the ports in the list and send them a packet with a personal message. (The default message is 'Leave Me Alone!') Slap integrates with Black Ice and Zone Alarm and can use information received from these software firewalls to "Auto Slap" intruders and add their attacks to your list of responses. --Here is a cool Wav [securitysoftware.cc] file to use with this.

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close