Messenger

M

madunix

last few days, I began to receive spam messages that
simply pop up on my LAN computer screens.
The message it says: Application popup: Messenger Service
Message from MICROSOFTNETWORKS to WINDOWSUSER on 26/08/25
Microsoft Security Patch ......... go to www.windowspatch.net.
I think some one has discovered our LAN and trying to use the
spamming technique to flood our network based on Windows Messenger.

I stopped this at the moment by disable the messenger service on
each client.

Please Note:

The Private LAN Branch is connected via ATM to our Head Office.
All the client running Windows2000 with SP3


1. I tried to trace the source without success because its a spam
can any one tell me how to trace the source of these messeging services?
to kick his trash out of the network?

2. How can I disable the messenger services on my Router
I want to create an ACL to block udp and NetBIOS inbound?

Any input would be really appreciated.



Thanks
 
C

Conor

last few days, I began to receive spam messages that
simply pop up on my LAN computer screens.
The message it says: Application popup: Messenger Service
Message from MICROSOFTNETWORKS to WINDOWSUSER on 26/08/25
Microsoft Security Patch ......... go to www.windowspatch.net.
I think some one has discovered our LAN and trying to use the
spamming technique to flood our network based on Windows Messenger.

I stopped this at the moment by disable the messenger service on
each client.

Please Note:

The Private LAN Branch is connected via ATM to our Head Office.
All the client running Windows2000 with SP3


1. I tried to trace the source without success because its a spam
can any one tell me how to trace the source of these messeging services?
to kick his trash out of the network?

2. How can I disable the messenger services on my Router
I want to create an ACL to block udp and NetBIOS inbound?

Any input would be really appreciated.
Click to expand...
Yeah..

The only person that needs kicking off the network is the network
admin. What the **** are you doing STILL having a LAN running thats
vulnerable to this?
 
X

xmp

madunix said:
1. I tried to trace the source without success because its a spam
can any one tell me how to trace the source of these messeging services?
to kick his trash out of the network?
Click to expand...

I've heard that the IP address can be spoofed since, if properly done,
there is no handshaking.

michael
 
J

John Coutts

You have only partly fixed the problem. The real source of the problem is TCP
port 445. It is a duplication of the SMB service provided by ports 137/139, and
quite unecessary. You must add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)

J.A. Coutts
**************** REPLY SEPARATER ***************
 
A

andy smart

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Conor wrote:
| In article <[email protected]>, madunix says...
|
|>last few days, I began to receive spam messages that
|>simply pop up on my LAN computer screens.
|>The message it says: Application popup: Messenger Service
|>Message from MICROSOFTNETWORKS to WINDOWSUSER on 26/08/25
|>Microsoft Security Patch ......... go to www.windowspatch.net.
|>I think some one has discovered our LAN and trying to use the
|>spamming technique to flood our network based on Windows Messenger.
|>
|>I stopped this at the moment by disable the messenger service on
|>each client.
|>
|>Please Note:
|>
|>The Private LAN Branch is connected via ATM to our Head Office.
|>All the client running Windows2000 with SP3
|>
|>
|>1. I tried to trace the source without success because its a spam
|>can any one tell me how to trace the source of these messeging services?
|>to kick his trash out of the network?
|>
|>2. How can I disable the messenger services on my Router
|>I want to create an ACL to block udp and NetBIOS inbound?
|>
|>Any input would be really appreciated.
|>
|
| Yeah..
|
| The only person that needs kicking off the network is the network
| admin. What the **** are you doing STILL having a LAN running thats
| vulnerable to this?
|
Perhaps they dont' HAVE a network admin - I know loads of small firms
and schools who don't have full-time admin staff :-(
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBapM3qmlxlf41jHgRAtn9AKDANC1abDPsqd9Vt+3gK/VYhRaE/ACfZsul
Lf8MwXesHLoGtQCdfyI/Pl0=
=/g0g
-----END PGP SIGNATURE-----
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Messenger service does not work 4
Office Instant Messenger CD Messenger 0
Messenger Service spam problems again 3
Spyware messenger spammers 8
Disable MSN messenger 1
IE dropping connection. Messenger, LAN and Email all still work. 1
Disable MSN Messenger 1
windows messenger service 2

Top