A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » Internet
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

ports 1026/1027



 
 
Thread Tools Display Modes
  #1  
Old July 14th 05, 06:07 AM
Rick T
external usenet poster
 
Posts: n/a
Default ports 1026/1027

For the past few months my router shows a constant influx on ports 1026
and 1027; all the IP's (quite a few) seem to be in China and all the
issuing ports are in the 5 digit range.

Thought it might be a Treewalk "feature" but I uninstalled that a couple
weeks ago.


Any thoughts ?


Rick
  #2  
Old July 14th 05, 05:25 PM
N. Miller
external usenet poster
 
Posts: n/a
Default

On Thu, 14 Jul 2005 01:07:08 -0400, Rick T wrote:

For the past few months my router shows a constant influx on ports 1026
and 1027; all the IP's (quite a few) seem to be in China and all the
issuing ports are in the 5 digit range.

Thought it might be a Treewalk "feature" but I uninstalled that a couple
weeks ago.


Any thoughts ?


Worm, or Messenger Service spam. I've seen it in the logs of two different
SBC customer router logs since, roughly mid-April, or so.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
  #3  
Old July 14th 05, 06:32 PM
Rick T
external usenet poster
 
Posts: n/a
Default

N. Miller wrote:
On Thu, 14 Jul 2005 01:07:08 -0400, Rick T wrote:


For the past few months my router shows a constant influx on ports 1026
and 1027; all the IP's (quite a few) seem to be in China and all the
issuing ports are in the 5 digit range.

Thought it might be a Treewalk "feature" but I uninstalled that a couple
weeks ago.


Any thoughts ?



Worm, or Messenger Service spam. I've seen it in the logs of two different
SBC customer router logs since, roughly mid-April, or so.


thought it might be something like that, thanks... any real purpose for
those specific ports? (looking it up it's supposed to be DNS auxiliary
or something like that, but if they're never used I'm blocking them).


Rick
  #4  
Old July 15th 05, 01:42 AM
N. Miller
external usenet poster
 
Posts: n/a
Default

On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote:

thought it might be something like that, thanks... any real purpose for
those specific ports? (looking it up it's supposed to be DNS auxiliary
or something like that, but if they're never used I'm blocking them).


Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For
spam. I believe that unpatched systems are also vulnerable to a worm
attack; just don't recall which worm. Something to do with DCOM? RPSS?

You might have to block ports all the way up to 1030, or 1032.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
  #5  
Old July 15th 05, 02:30 AM
Rick T
external usenet poster
 
Posts: n/a
Default

N. Miller wrote:
On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote:


thought it might be something like that, thanks... any real purpose for
those specific ports? (looking it up it's supposed to be DNS auxiliary
or something like that, but if they're never used I'm blocking them).



Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For
spam. I believe that unpatched systems are also vulnerable to a worm
attack; just don't recall which worm. Something to do with DCOM? RPSS?

You might have to block ports all the way up to 1030, or 1032.


hmm, don't want to cut the kids messenger service off (and I'm already
blocking 5K)

Thanks,


Rick
  #7  
Old July 15th 05, 04:20 PM
N. Miller
external usenet poster
 
Posts: n/a
Default

On Thu, 14 Jul 2005 21:30:20 -0400, Rick T wrote:

N. Miller wrote:
On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote:


thought it might be something like that, thanks... any real purpose for
those specific ports? (looking it up it's supposed to be DNS auxiliary
or something like that, but if they're never used I'm blocking them).



Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For
spam. I believe that unpatched systems are also vulnerable to a worm
attack; just don't recall which worm. Something to do with DCOM? RPSS?

You might have to block ports all the way up to 1030, or 1032.


hmm, don't want to cut the kids messenger service off (and I'm already
blocking 5K)

Thanks,


Rick


There are three "Messengers", thanks to MSFT choosing to use a confusing
nomenclature.

Windows Messenger Service:

Only available with Windows 2K, Windows XP, and, maybe, Windows NT (very
old OS). Used by Windows network administrators for distributing notices to
system users. Uses port 135, and the lowest of the ephemeral ports
(beginning with port 1025). UDP packets. Also used by spammers, and RPC
worms, to try to reach users with unprotected systems on Internet
connection. Completely unrelated to any of the instant message services;
certainly can't access, or be accessed by, IM servers.

Windows Messenger 4.7(?):

Only available with Windows XP. Necessary for remote desktop sharing, or
whatever that application is. Can access, and be accessed by the MSN
Messenger servers.

MSN Messenger 7.0 (latest version):

Standalone IM product that runs under all versions of Windows except
Windows 95.

Restricting the functionality of the Windows Messenger Service will not
affect the use of the MSN Messenger service.

I expect some MVP will now clarify any errors I have made...

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
  #8  
Old July 15th 05, 05:36 PM
Rick T
external usenet poster
 
Posts: n/a
Default

ahh, I knew that (though not in that detail)...

blocked 1026&1027 since that's all I see; will this also block the first
couple Internet requests from when I boot up ?


Rick


N. Miller wrote:
On Thu, 14 Jul 2005 21:30:20 -0400, Rick T wrote:


N. Miller wrote:

On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote:



thought it might be something like that, thanks... any real purpose for
those specific ports? (looking it up it's supposed to be DNS auxiliary
or something like that, but if they're never used I'm blocking them).


Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For
spam. I believe that unpatched systems are also vulnerable to a worm
attack; just don't recall which worm. Something to do with DCOM? RPSS?

You might have to block ports all the way up to 1030, or 1032.


hmm, don't want to cut the kids messenger service off (and I'm already
blocking 5K)

Thanks,


Rick



There are three "Messengers", thanks to MSFT choosing to use a confusing
nomenclature.

Windows Messenger Service:

Only available with Windows 2K, Windows XP, and, maybe, Windows NT (very
old OS). Used by Windows network administrators for distributing notices to
system users. Uses port 135, and the lowest of the ephemeral ports
(beginning with port 1025). UDP packets. Also used by spammers, and RPC
worms, to try to reach users with unprotected systems on Internet
connection. Completely unrelated to any of the instant message services;
certainly can't access, or be accessed by, IM servers.

Windows Messenger 4.7(?):

Only available with Windows XP. Necessary for remote desktop sharing, or
whatever that application is. Can access, and be accessed by the MSN
Messenger servers.

MSN Messenger 7.0 (latest version):

Standalone IM product that runs under all versions of Windows except
Windows 95.

Restricting the functionality of the Windows Messenger Service will not
affect the use of the MSN Messenger service.

I expect some MVP will now clarify any errors I have made...

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adapters for USB ports [email protected] General 2 March 4th 05 08:47 PM
COM ports and DOS programs Jacob General 5 January 17th 05 08:43 PM
Dialup Modem Ports??? gram pappy General 6 December 2nd 04 06:13 PM
Wireless Broadband - Opening Ports? Shannon Networking 3 September 21st 04 08:40 AM
conflict i/o ports : 2f8 Steven Aspinall General 15 June 16th 04 09:59 PM


All times are GMT +1. The time now is 05:41 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.