The description by LURHQ is misleading. Messenger is an RPC service. Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the port number of the messenger service, then send the message to that port. It turns out that messenger can "typically" be found on 1026.
And as was noted earlier, unconditionally blocking udp/1026 will cause
a lot of collateral damage when udp/1026 outbound is used as an ephemeral port for a legitimate UDP-based service (DNS, NTP, etc).
Jeff
- ISPs are asked to block yet another port Sean Donelan
- Re: ISPs are asked to block yet another port Tony Rall
- Re: ISPs are asked to block yet another port Jeff Kell
- Re: ISPs are asked to block yet another por... Edward Lewis
- Re: ISPs are asked to block yet another port Peter E. Fry
- Re: ISPs are asked to block yet another port Christopher L. Morrow
- Re: ISPs are asked to block yet another por... Jared Mauch
- Re: ISPs are asked to block yet another por... Paul Vixie
- Re: ISPs are asked to block yet another... jlewis
- Re: ISPs are asked to block yet another... Christopher L. Morrow
- Re: ISPs are asked to block yet ano... Jack Bates
- Re: ISPs are asked to block ye... Paul Vixie
- Re: ISPs are asked to block yet ano... Paul Vixie
