On Wednesday 14 May 2008, Justin wrote: > [EMAIL PROTECTED] schrieb: > > Justin <[EMAIL PROTECTED]> writes: > >>> If so what is the massive chinese interest in icq? > >> > >> found this in the net: > >> > >> http://www.grc.com/port_1026.htm > >> http://www.grc.com/port_1027.htm > > > > That doesn't give any analysis of why this port is being hammered by > > hundreds, even thousands of IP originating in china. > > > > It only guesses at what `might' be the reason such a port my be open, > > and how to close it... but even that part has no detail. > > > > It appears to be, at root, just another snivel about how MS does > > things with no substance.
This is typical grc.com style FUD for paranoid MSWindows users. He is a really good salesman in IT snakeoil (his background is in marketing). > I understand it the other way round. It is not an active knocking on > your ports, but a passive MS thing. Lots of Chinese bought a new > computer with an MS operating system, which is sending out to the world. The two ports in question relate to the Windows Messenger service and the way it listens for UDP connections on ports in the 1026-1030 range. If you have disabled your Messenger Service there's probably nothing to fear. If on the other hand you have just woken up to the MSWindows miracle, just booted up your brand new unpatched WinXP and connected it to the Internet for the first time, wey-hey! Mandarin party time :-p LOL! Actually it could be a trojan listening on these ports, although on a box I just checked they are bound to 127.0.0.1. My money is on some new Messenger Spam attack similar to the one that was doing the rounds a few years ago. I thought that MS brought out a patch that disabled the Windows Messenger service by default since SP2 if not earlier? A packer sniffer ought to show up if something is amiss with the box. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.