Re: Messenger spam to UDP 4081 and 2

---

• From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
• Date: Thu, 08 Dec 2005 13:55:55 -0600

---

On Wed, 07 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<g7Klf.609584$_o.81228@attbi_s71>, Mark wrote:

>I guess my point really was, why would they even bother sending to those
>ports? I've never heard of windows messenger listening on those ports
>so why waste the packets? (I know, packets are cheap but...) Unless
>they are looking for the presence of some other process (malware?)
>listening on those ports.

I have no idea either. My first guess would be that someone fumble-fingered
the script. An even wilder guess would be that someone was looking for
live systems. Many people seem to run their "personal firewalls" on a
"block this port" mode, rather than "accept this and that, and default
reject/drop everything else", so sending packets to an unexpected port
might provoke a reply. But then, while costs are very low, adding two more
ports to the list of six to ten is going to increase the cost by a
significant percentage. Last month, I was seeing about 1000 messenger
spams a day, averaging around 470 octets. If you project that across a
/16, that's 30 gigabytes a day, or about 360 kilobytes/second. That's an
significant chunk of someone's bandwidth.

>Is anyone aware of anything, I sure can't find anything.

Same here.

Old guy
.

---

• Follow-Ups:
  • Re: Messenger spam to UDP 4081 and 2
    • From: Mark

• References:
  • Messenger spam to UDP 4081 and 2
    • From: Mark
  • Re: Messenger spam to UDP 4081 and 2
    • From: Moe Trin
  • Re: Messenger spam to UDP 4081 and 2
    • From: Mark

• Prev by Date: Re: anonymous surfing
• Next by Date: Re: Blocking Yahoo Messenger With Firewall??
• Previous by thread: Re: Messenger spam to UDP 4081 and 2
• Next by thread: Re: Messenger spam to UDP 4081 and 2
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Messenger spam to UDP 4081 and 2 ... >>sends exactly two packets to UDP ports 4081 and 2. ... Are you sending ICMP3/1 in response ... I've never heard of windows messenger listening on those ports ... (alt.computer.security) Re: Babysitting on iptables requested :-) ... Here's the list of ports that I see probed then I take the "Probe my ... this was a friendly probe; all packets were TCP SYNs - ... SYN is a packet that is used to initiate a TCP connection. ... >> between Windows machines, so without this a Windows machine in your ... (comp.os.linux.security) Re: Political Analysis of Security Products ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ... (Pen-Test) Re: Network traffic monitor app ... switch in the router to connect equipment together. ... So for traffic from a workstation to the internet it goes from the ... packets sent and the second the number of dud packets. ... one or more ports. ... (comp.sys.mac.misc) RELENG_6_3 ping and DUP packets ... duplicate packets when pinging the upgraded machine. ... <ACPI PCI bus> on pcib0 ... usb0: USB revision 1.0 ... 2 ports with 2 removable, ... (freebsd-stable)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)