lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bugtracker505 at comcast.net (bugtracker505@...cast.net)
Subject: Cox is blocking port 135 - off topic

Comcast isn't blocking 135 or 445.  I'm blocking them.  Otherwise this sort of 
nonsense would get through:

[**] Windows messenger spam [**]
08/10-10:18:16.332879 0:4:9B:EA:FC:54 -> 0:6:25:82:98:83 type:0x800 len:0x295
218.x.y.z:30099 -> 68.x.y.z:135 UDP TTL:47 TOS:0x0 ID:0 IpLen:20 DgmLen:647 DF
Len: 619
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00  ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11  ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 0D 0A 1A BB 87 D3 7C 01  ....O.........|.
F5 17 03 C7 37 63 82 93 00 00 00 00 01 00 00 00  ....7c..........
00 00 00 00 00 00 FF FF FF FF 1B 02 00 00 00 00  ................
06 00 00 00 00 00 00 00 06 00 00 00 42 4C 4F 43  ............BLOC
4B 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00  K...............
4D 45 53 53 45 4E 47 45 52 00 00 00 E3 01 00 00  MESSENGER.......
00 00 00 00 E3 01 00 00 41 4C 45 52 54 20 4D 45  ........ALERT ME
53 53 41 47 45 20 23 34 54 36 30 55 37 33 3A 0D  SSAGE #4T60U73:.
0A 0D 0A 49 66 20 79 6F 75 20 61 72 65 20 72 65  ...If you are re
63 65 69 76 69 6E 67 20 74 68 69 73 20 6D 65 73  ceiving this mes
73 61 67 65 2C 0D 0A 74 68 65 6E 20 79 6F 75 72  sage,..then your
20 63 6F 6D 70 75 74 65 72 20 69 73 20 6C 65 61   computer is lea
6B 69 6E 67 20 6F 75 74 20 79 6F 75 72 20 49 50  king out your IP
20 61 64 64 72 65 73 73 0D 0A 61 6E 64 20 6F 74   address..and ot
68 65 72 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20  her information 
61 62 6F 75 74 20 79 6F 75 20 6F 6E 20 74 68 65  about you on the
20 69 6E 74 65 72 6E 65 74 0D 0A 74 68 72 6F 75   internet..throu
67 68 20 79 6F 75 72 20 49 6E 74 65 72 6E 65 74  gh your Internet
20 61 63 63 6F 75 6E 74 2E 0D 0A 0D 0A 54 6F 20   account.....To 
6C 65 61 72 6E 20 68 6F 77 20 74 6F 20 50 52 4F  learn how to PRO
54 45 43 54 20 79 6F 75 72 73 65 6C 66 20 66 72  TECT yourself fr
6F 6D 20 74 68 69 73 20 63 6F 6D 70 72 6F 6D 69  om this compromi
73 65 0D 0A 0D 0A 56 49 53 49 54 20 3E 3E 3E 3E  se....VISIT >>>>
20 20 20 20 20 77 77 77 2E 42 6C 6F 63 6B 4D 65       www.BlockMe
73 73 65 6E 67 65 72 2E 63 6F 6D 20 20 20 20 20  ssenger.com     
3C 3C 3C 3C 0D 0A 0D 0A 0D 0A 43 6C 69 63 6B 69  <<<<......Clicki
6E 67 20 22 4F 4B 22 20 62 65 6C 6F 77 20 77 69  ng "OK" below wi
6C 6C 20 63 6C 6F 73 65 20 74 68 69 73 20 77 69  ll close this wi
6E 64 6F 77 20 66 6F 72 65 76 65 72 2E 20 20 49  ndow forever.  I
66 20 79 6F 75 20 77 6F 75 6C 64 20 6C 69 6B 65  f you would like
20 74 6F 0D 0A 73 65 63 75 72 65 20 79 6F 75 72   to..secure your
20 63 6F 6D 70 75 74 65 72 2C 20 6D 61 6B 65 20   computer, make 
73 75 72 65 20 79 6F 75 20 77 72 69 74 65 20 64  sure you write d
6F 77 6E 20 74 68 65 20 77 65 62 20 61 64 64 72  own the web addr
65 73 73 20 61 62 6F 76 65 0D 0A 68 74 74 70 3A  ess above..http:
2F 2F 77 77 77 2E 42 6C 6F 63 6B 4D 65 73 73 65  //www.BlockMesse
6E 67 65 72 2E 63 6F 6D 0D 0A 00                 nger.com...


Roger

On Sunday 10 August 2003 4:55 pm, pdt@...khammer.org wrote:
> If they do it like Comcast has it implemented even clients on the same
> cable router can't speak on the "windows" ports to each other.  Last I
> checked they were blocking 137-139 and have been for some time.
>
> > Off topic:
> >
> > This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP
> > on 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a
> > client
> > tries to connect to a remote host for file/print sharing/etc it connects
> > on
> > both ports 135 and 445, if a response is recieved from port 445 it drops
> > the
> > connection to 135. THe attack works quite well against client systems
> > using
> > port 445. If Cox blocks both ports 135 and 445 that will be
> > semi-effective (except of course for internal users who spread a
> > worm/etc, such as laptops
> > that move around). THis may block a few of the more stupid attacks but
> > not for long.
> >
> > Kurt Seifried, kurt@...fried.org
> > A15B BEE5 B391 B9AD B0EF
> > AEB0 AD63 0B4E AD56 E574
> > http://seifried.org/security/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ