K
Ken Williams
I keep getting Messenger Service popups. But the catch is I installed a
firewall and blocked 135, 137-139, 445, 500, etc. and tested it, they are
blocked completely. But some how I still get popups from messenger. Does
anyone know how? my firewall is kerio 2.1.4.
Heres a log snippet that sorta shows that the connections are coming into port
1026 or so on my machine. But nothing answers there. I try to telnet to port
1026 and I get connection refused.
The spammers IP is 210.5.22.10 in this example.
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: In UDP,
210.5.22.10:32797->localhost:1026, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: Out UDP,
localhost:1026->210.5.22.10:32797, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: Out UDP,
localhost:1028->domain.net [209.51.110.150:53], Owner:
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: In UDP, domain.net
[209.51.110.150:53]->localhost:1028, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
No matter what I still get these popups, I have no idea how.
firewall and blocked 135, 137-139, 445, 500, etc. and tested it, they are
blocked completely. But some how I still get popups from messenger. Does
anyone know how? my firewall is kerio 2.1.4.
Heres a log snippet that sorta shows that the connections are coming into port
1026 or so on my machine. But nothing answers there. I try to telnet to port
1026 and I get connection refused.
The spammers IP is 210.5.22.10 in this example.
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: In UDP,
210.5.22.10:32797->localhost:1026, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: Out UDP,
localhost:1026->210.5.22.10:32797, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: Out UDP,
localhost:1028->domain.net [209.51.110.150:53], Owner:
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2,[17/Aug/2003 13:34:57] Rule 'Log All': Permitted: In UDP, domain.net
[209.51.110.150:53]->localhost:1028, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
No matter what I still get these popups, I have no idea how.