RE: Stopping Admin Alert SPAM
From: Jay Lagorio (jay@lagorio.net)
Date: 01/23/03
- Previous message: Dozal, Tim: "Has this been exploited in a known virus yet?"
- Maybe in reply to: Ed Sunder: "Stopping Admin Alert SPAM"
- Next in thread: Michael Katz: "Re: Stopping Admin Alert SPAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Jan 2003 13:47:29 -0500 From: "Jay Lagorio" <jay@lagorio.net> To: "Ed Sunder" <edsunder@3hd.com>, <focus-ms@securityfocus.com>
I blocked port 135 (TCP/UDP) at the firewall...haven't seen another one since.
--Jay Lagorio
http://www.lagorio.net/
-----Original Message-----
From: "Ed Sunder" <edsunder@3hd.com>
Sent: 1-23-2003 11:45:43 AM
To: "focus-ms@securityfocus.com" <focus-ms@securityfocus.com>
Subject: Stopping Admin Alert SPAM
Okay, I haven't found a good answer to this online and would appreciate
any advice this group has... Our servers are being deluged with Admin
Alert Spam's. At a certain point, particularly over a weekend, with no
one actively looking at the machine, if there are enough messages it can
cause some services to shut down. I read that blocking ports 137-139
would stop these messages, but I did that in our firewall and yet the
messages still came.
I'm wondering:
1) If I disable the messenger service on the server, could there be any
bad ramifications of that, other than potentially not receiving
legitimate messages about system shutdowns etc.? Also, would that stop
the problem?
2) Is there some other way to stop these messages? Are they coming in on
another port etc.?
Any help on this would be appreciated.
Thanks in advance,
Ed Sunder
Three HD
- Next message: Michael Katz: "Re: Stopping Admin Alert SPAM"
- Previous message: Dozal, Tim: "Has this been exploited in a known virus yet?"
- Maybe in reply to: Ed Sunder: "Stopping Admin Alert SPAM"
- Next in thread: Michael Katz: "Re: Stopping Admin Alert SPAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
