[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200308101705.05258.bugtracker505@comcast.net>
From: bugtracker505 at comcast.net (bugtracker505@...cast.net)
Subject: Cox is blocking port 135 - off topic
Comcast isn't blocking 135 or 445. I'm blocking them. Otherwise this sort of
nonsense would get through:
[**] Windows messenger spam [**]
08/10-10:18:16.332879 0:4:9B:EA:FC:54 -> 0:6:25:82:98:83 type:0x800 len:0x295
218.x.y.z:30099 -> 68.x.y.z:135 UDP TTL:47 TOS:0x0 ID:0 IpLen:20 DgmLen:647 DF
Len: 619
04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 ..(.............
00 00 00 00 00 00 00 00 F8 91 7B 5A 00 FF D0 11 ..........{Z....
A9 B2 00 C0 4F B6 E6 FC 0D 0A 1A BB 87 D3 7C 01 ....O.........|.
F5 17 03 C7 37 63 82 93 00 00 00 00 01 00 00 00 ....7c..........
00 00 00 00 00 00 FF FF FF FF 1B 02 00 00 00 00 ................
06 00 00 00 00 00 00 00 06 00 00 00 42 4C 4F 43 ............BLOC
4B 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 K...............
4D 45 53 53 45 4E 47 45 52 00 00 00 E3 01 00 00 MESSENGER.......
00 00 00 00 E3 01 00 00 41 4C 45 52 54 20 4D 45 ........ALERT ME
53 53 41 47 45 20 23 34 54 36 30 55 37 33 3A 0D SSAGE #4T60U73:.
0A 0D 0A 49 66 20 79 6F 75 20 61 72 65 20 72 65 ...If you are re
63 65 69 76 69 6E 67 20 74 68 69 73 20 6D 65 73 ceiving this mes
73 61 67 65 2C 0D 0A 74 68 65 6E 20 79 6F 75 72 sage,..then your
20 63 6F 6D 70 75 74 65 72 20 69 73 20 6C 65 61 computer is lea
6B 69 6E 67 20 6F 75 74 20 79 6F 75 72 20 49 50 king out your IP
20 61 64 64 72 65 73 73 0D 0A 61 6E 64 20 6F 74 address..and ot
68 65 72 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 20 her information
61 62 6F 75 74 20 79 6F 75 20 6F 6E 20 74 68 65 about you on the
20 69 6E 74 65 72 6E 65 74 0D 0A 74 68 72 6F 75 internet..throu
67 68 20 79 6F 75 72 20 49 6E 74 65 72 6E 65 74 gh your Internet
20 61 63 63 6F 75 6E 74 2E 0D 0A 0D 0A 54 6F 20 account.....To
6C 65 61 72 6E 20 68 6F 77 20 74 6F 20 50 52 4F learn how to PRO
54 45 43 54 20 79 6F 75 72 73 65 6C 66 20 66 72 TECT yourself fr
6F 6D 20 74 68 69 73 20 63 6F 6D 70 72 6F 6D 69 om this compromi
73 65 0D 0A 0D 0A 56 49 53 49 54 20 3E 3E 3E 3E se....VISIT >>>>
20 20 20 20 20 77 77 77 2E 42 6C 6F 63 6B 4D 65 www.BlockMe
73 73 65 6E 67 65 72 2E 63 6F 6D 20 20 20 20 20 ssenger.com
3C 3C 3C 3C 0D 0A 0D 0A 0D 0A 43 6C 69 63 6B 69 <<<<......Clicki
6E 67 20 22 4F 4B 22 20 62 65 6C 6F 77 20 77 69 ng "OK" below wi
6C 6C 20 63 6C 6F 73 65 20 74 68 69 73 20 77 69 ll close this wi
6E 64 6F 77 20 66 6F 72 65 76 65 72 2E 20 20 49 ndow forever. I
66 20 79 6F 75 20 77 6F 75 6C 64 20 6C 69 6B 65 f you would like
20 74 6F 0D 0A 73 65 63 75 72 65 20 79 6F 75 72 to..secure your
20 63 6F 6D 70 75 74 65 72 2C 20 6D 61 6B 65 20 computer, make
73 75 72 65 20 79 6F 75 20 77 72 69 74 65 20 64 sure you write d
6F 77 6E 20 74 68 65 20 77 65 62 20 61 64 64 72 own the web addr
65 73 73 20 61 62 6F 76 65 0D 0A 68 74 74 70 3A ess above..http:
2F 2F 77 77 77 2E 42 6C 6F 63 6B 4D 65 73 73 65 //www.BlockMesse
6E 67 65 72 2E 63 6F 6D 0D 0A 00 nger.com...
Roger
On Sunday 10 August 2003 4:55 pm, pdt@...khammer.org wrote:
> If they do it like Comcast has it implemented even clients on the same
> cable router can't speak on the "windows" ports to each other. Last I
> checked they were blocking 137-139 and have been for some time.
>
> > Off topic:
> >
> > This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP
> > on 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a
> > client
> > tries to connect to a remote host for file/print sharing/etc it connects
> > on
> > both ports 135 and 445, if a response is recieved from port 445 it drops
> > the
> > connection to 135. THe attack works quite well against client systems
> > using
> > port 445. If Cox blocks both ports 135 and 445 that will be
> > semi-effective (except of course for internal users who spread a
> > worm/etc, such as laptops
> > that move around). THis may block a few of the more stupid attacks but
> > not for long.
> >
> > Kurt Seifried, kurt@...fried.org
> > A15B BEE5 B391 B9AD B0EF
> > AEB0 AD63 0B4E AD56 E574
> > http://seifried.org/security/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists