If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
ports 1026/1027
For the past few months my router shows a constant influx on ports 1026
and 1027; all the IP's (quite a few) seem to be in China and all the issuing ports are in the 5 digit range. Thought it might be a Treewalk "feature" but I uninstalled that a couple weeks ago. Any thoughts ? Rick |
#2
|
|||
|
|||
On Thu, 14 Jul 2005 01:07:08 -0400, Rick T wrote:
For the past few months my router shows a constant influx on ports 1026 and 1027; all the IP's (quite a few) seem to be in China and all the issuing ports are in the 5 digit range. Thought it might be a Treewalk "feature" but I uninstalled that a couple weeks ago. Any thoughts ? Worm, or Messenger Service spam. I've seen it in the logs of two different SBC customer router logs since, roughly mid-April, or so. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#3
|
|||
|
|||
N. Miller wrote:
On Thu, 14 Jul 2005 01:07:08 -0400, Rick T wrote: For the past few months my router shows a constant influx on ports 1026 and 1027; all the IP's (quite a few) seem to be in China and all the issuing ports are in the 5 digit range. Thought it might be a Treewalk "feature" but I uninstalled that a couple weeks ago. Any thoughts ? Worm, or Messenger Service spam. I've seen it in the logs of two different SBC customer router logs since, roughly mid-April, or so. thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Rick |
#4
|
|||
|
|||
On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote:
thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For spam. I believe that unpatched systems are also vulnerable to a worm attack; just don't recall which worm. Something to do with DCOM? RPSS? You might have to block ports all the way up to 1030, or 1032. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#5
|
|||
|
|||
N. Miller wrote:
On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote: thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For spam. I believe that unpatched systems are also vulnerable to a worm attack; just don't recall which worm. Something to do with DCOM? RPSS? You might have to block ports all the way up to 1030, or 1032. hmm, don't want to cut the kids messenger service off (and I'm already blocking 5K) Thanks, Rick |
#6
|
|||
|
|||
Rick,
The kids use Instant Messaging which is not the same as the Windows Messenger Service and uses a different set of ports (Yahoo 5050, AIM 5190 MSN 1863). -- Mike Maltby Rick T wrote: N. Miller wrote: On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote: thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For spam. I believe that unpatched systems are also vulnerable to a worm attack; just don't recall which worm. Something to do with DCOM? RPSS? You might have to block ports all the way up to 1030, or 1032. hmm, don't want to cut the kids messenger service off (and I'm already blocking 5K) Thanks, Rick |
#7
|
|||
|
|||
On Thu, 14 Jul 2005 21:30:20 -0400, Rick T wrote:
N. Miller wrote: On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote: thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For spam. I believe that unpatched systems are also vulnerable to a worm attack; just don't recall which worm. Something to do with DCOM? RPSS? You might have to block ports all the way up to 1030, or 1032. hmm, don't want to cut the kids messenger service off (and I'm already blocking 5K) Thanks, Rick There are three "Messengers", thanks to MSFT choosing to use a confusing nomenclature. Windows Messenger Service: Only available with Windows 2K, Windows XP, and, maybe, Windows NT (very old OS). Used by Windows network administrators for distributing notices to system users. Uses port 135, and the lowest of the ephemeral ports (beginning with port 1025). UDP packets. Also used by spammers, and RPC worms, to try to reach users with unprotected systems on Internet connection. Completely unrelated to any of the instant message services; certainly can't access, or be accessed by, IM servers. Windows Messenger 4.7(?): Only available with Windows XP. Necessary for remote desktop sharing, or whatever that application is. Can access, and be accessed by the MSN Messenger servers. MSN Messenger 7.0 (latest version): Standalone IM product that runs under all versions of Windows except Windows 95. Restricting the functionality of the Windows Messenger Service will not affect the use of the MSN Messenger service. I expect some MVP will now clarify any errors I have made... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#8
|
|||
|
|||
ahh, I knew that (though not in that detail)...
blocked 1026&1027 since that's all I see; will this also block the first couple Internet requests from when I boot up ? Rick N. Miller wrote: On Thu, 14 Jul 2005 21:30:20 -0400, Rick T wrote: N. Miller wrote: On Thu, 14 Jul 2005 13:32:09 -0400, Rick T wrote: thought it might be something like that, thanks... any real purpose for those specific ports? (looking it up it's supposed to be DNS auxiliary or something like that, but if they're never used I'm blocking them). Access to the Messenger Service for Windows XP, 2K, and, maybe, NT. For spam. I believe that unpatched systems are also vulnerable to a worm attack; just don't recall which worm. Something to do with DCOM? RPSS? You might have to block ports all the way up to 1030, or 1032. hmm, don't want to cut the kids messenger service off (and I'm already blocking 5K) Thanks, Rick There are three "Messengers", thanks to MSFT choosing to use a confusing nomenclature. Windows Messenger Service: Only available with Windows 2K, Windows XP, and, maybe, Windows NT (very old OS). Used by Windows network administrators for distributing notices to system users. Uses port 135, and the lowest of the ephemeral ports (beginning with port 1025). UDP packets. Also used by spammers, and RPC worms, to try to reach users with unprotected systems on Internet connection. Completely unrelated to any of the instant message services; certainly can't access, or be accessed by, IM servers. Windows Messenger 4.7(?): Only available with Windows XP. Necessary for remote desktop sharing, or whatever that application is. Can access, and be accessed by the MSN Messenger servers. MSN Messenger 7.0 (latest version): Standalone IM product that runs under all versions of Windows except Windows 95. Restricting the functionality of the Windows Messenger Service will not affect the use of the MSN Messenger service. I expect some MVP will now clarify any errors I have made... |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Adapters for USB ports | [email protected] | General | 2 | March 4th 05 07:47 PM |
COM ports and DOS programs | Jacob | General | 5 | January 17th 05 07:43 PM |
Dialup Modem Ports??? | gram pappy | General | 6 | December 2nd 04 05:13 PM |
Wireless Broadband - Opening Ports? | Shannon | Networking | 3 | September 21st 04 08:40 AM |
conflict i/o ports : 2f8 | Steven Aspinall | General | 15 | June 16th 04 09:59 PM |