Re: interesting traffic
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Sat, 30 Dec 2006 20:23:42 GMT
From: "Moe Trin" <ibuprofin@xxxxxxxxxxxxxxxxxxxxxx>
| Depending on the capabilities of your firewall (recognizing incoming
| packets in those ranges as being replies to something your systems sent
| out - verses unsolicited packets inbound) blocking those ports is quite
| reasonable. On my home firewall, I've been dropping incoming unrelated
| UDP to those ports for several years now. It's just ordinary messenger
| spam such as:
| STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
| Windows has found 55 Critical System Errors.
| To fix the errors please do the following:
| 1. Download Registry Update from: www.some.spammers.website
| 2. Install Registry Update
| 3. Run Registry Update
| 4. Reboot your computer
| FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!
| That one was captured on the firewall a couple of weeks ago when I was
| running a packet sniffer. Source address was bogus. Oh, and I know it's
| not real because I don't have any microsoft boxes, and the the spammers
| web site isn't microsoft.com - not that they give a hoot if your systems
| are 0wn3d.
| At work, we port shift any outgoing packets out of the 1025-1050 range
| (nearly all are DNS queries outbound) and drop any inbound to that range
| as they can't be valid replies to anything we've sent out. Last I bothered
| to measure, it was averaging a half Megabyte per day per IP address, so
| for a /16 network, that saves about a Gigabyte of bandwidth every _month_
| Using a packet sniffer to capture this crap, it's usually pretty obvious
| based on IP and UDP headers that the source is fake, and this most often
| seems to be coming from zombie windoze boxes on your ISPs local range.
| You _could_ bitch to your ISP about it, but the O/P is posting from
| Comcast which probably isn't going to know how to spell 'IP' much less
| know about port numbers and protocols.
| Old guy
Thanx Moe Trin and Happy New Year.
Hopefully this "Old guy" will grace us with his presence more often in 2007. :-)
- Prev by Date: Re: interesting traffic
- Previous by thread: Re: interesting traffic
- Next by thread: Re: interesting traffic