On Wednesday 14 May 2008, Justin wrote:
> [EMAIL PROTECTED] schrieb:
> > Justin <[EMAIL PROTECTED]> writes:
> >>> If so what is the massive chinese interest in icq?
> >>
> >> found this in the net:
> >>
> >> http://www.grc.com/port_1026.htm
> >> http://www.grc.com/port_1027.htm
> >
> > That doesn't give any analysis of why this port is being hammered by
> > hundreds, even thousands of IP originating in china.
> >
> > It only guesses at what `might' be the reason such a port my be open,
> > and how to close it... but even that part has no detail.
> >
> > It appears to be, at root, just another snivel about how MS does
> > things with no substance.

This is typical grc.com style FUD for paranoid MSWindows users.  He is a 
really good salesman in IT snakeoil (his background is in marketing).

> I understand it the other way round. It is not an active knocking on
> your ports, but a passive MS thing. Lots of Chinese bought a new
> computer with an MS operating system, which is sending out to the world.

The two ports in question relate to the Windows Messenger service and the way 
it listens for UDP connections on ports in the 1026-1030 range.  If you have 
disabled your Messenger Service there's probably nothing to fear.  If on the 
other hand you have just woken up to the MSWindows miracle, just booted up 
your brand new unpatched WinXP and connected it to the Internet for the first 
time, wey-hey! Mandarin party time :-p

LOL!  Actually it could be a trojan listening on these ports, although on a 
box I just checked they are bound to 127.0.0.1.  My money is on some new 
Messenger Spam attack similar to the one that was doing the rounds a few 
years ago.  I thought that MS brought out a patch that disabled the Windows 
Messenger service by default since SP2 if not earlier?

A packer sniffer ought to show up if something is amiss with the box. 
-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to