Re: ISPs are asked to block yet another port

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: ISPs are asked to block yet another port

From: Jeff Kell
Date: Mon Jun 23 03:02:46 2003

The description by LURHQ is misleading. Messenger is an RPC service. Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the port number of the messenger service, then send the message to that port. It turns out that messenger can "typically" be found on 1026.

And as was noted earlier, unconditionally blocking udp/1026 will cause
a lot of collateral damage when udp/1026 outbound is used as an ephemeral port for a legitimate UDP-based service (DNS, NTP, etc).

Jeff

Follow-Ups:
- Re: ISPs are asked to block yet another port Edward Lewis

References:
- ISPs are asked to block yet another port Sean Donelan

Prev by Date: Re: ISPs are asked to block yet another port
Next by Date: Re: ISPs are asked to block yet another port
Date Index
Thread Index
Author Index
Historical