Messenger Service used for SPAM

  • Thread starter =?iso-8859-1?Q?Rob_Pag=E9?=
  • Start date
?

=?iso-8859-1?Q?Rob_Pag=E9?=

I've read the Q/A regarding this issue and I have since
disabled the messenger service and am starting to
implement the solution with my clients. However the
document also indicated that the I should be blocking
ports 135, 137, 138, 139 & 445. The troubling thing for
me is that I do have a firewall in place and the only
ports that I have forwarded to this server is 1723. I
have other ports open but they are forwarded to our web
server (80, 21, 25, 443, 8080) and no message has ever
shown up on this server.

Is there a new problem with the messaging service where
it is listening on other ports or has there been a
compromise on the server? Is anybody aware of this
problem? I am concerned that I may be dealing with a
breach and would appreciate some assistance.

If you need to e-mail me directly, just remove the
numerics from my e-mail address.

Thanks

Rob Pagé
 
K

Karl Levinson [x y] mvp

I might recommend checking your firewall log for allowed traffic to confirm
this traffic really isn't going through there. You could also use a sniffer
such as Ethereal on the server to try to determine where the traffic is
coming from. I don't believe Messenger should be listening on that port nor
would it seem likely for anyone to try sending a Messenger message to that
port.


I've read the Q/A regarding this issue and I have since
disabled the messenger service and am starting to
implement the solution with my clients. However the
document also indicated that the I should be blocking
ports 135, 137, 138, 139 & 445. The troubling thing for
me is that I do have a firewall in place and the only
ports that I have forwarded to this server is 1723. I
have other ports open but they are forwarded to our web
server (80, 21, 25, 443, 8080) and no message has ever
shown up on this server.

Is there a new problem with the messaging service where
it is listening on other ports or has there been a
compromise on the server? Is anybody aware of this
problem? I am concerned that I may be dealing with a
breach and would appreciate some assistance.

If you need to e-mail me directly, just remove the
numerics from my e-mail address.

Thanks

Rob Pagé
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Messenger Service spam problems again 3
Messenger Service Ads 7
Messenger pop-ups behind a firewall 2
Windows XP port 445 listening on wrong subnet 3
Re: Port used for network drive mapping 0
VPN Connection 1
There are currently no logon servers available to service the logon request - how to fix this error? 1
There are currently no logon servers available to service the logon request - how to fix this error? 2

Top