| 1 |
Net Send - Yet Another Type of Spam Hmm. I am trying to track down how this works, but for a different reason. I personally think that disabling any service that 'might' be useful is sort of dumb, so here is my idea: So far it seems that WinPopUp (the 9x version) and Net Send send a request to port 135 to find out what the correct port of the messenger is. You 'could' block this port for all users, except those IPs that you allow to use them, but a decent hacker could simply spam the most common ports it might use. Not to mention the possibility that 135 may be used to request port numbers for other services. So here is my idea. Have a firewall like service that only allow reciept from IPs you tell it to allow. When it start up, have it poll the 135 port to get the actual port assigned to the messenger, then only pass messages on that port that come from a valid list. That way it can still be used for the original purpose by allowing 'your' network or some other authorized IP(s) to access it, but kills the spam. Of course this is just a theory... I don't currently have NT/XP, nor do I have WinPopUp installed, so I am just nosing around as an intellectual excersise. ;) I do seriously wonder why no one else has even considered this sort of solution though. |