Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
On Thursday 15 May 2008, [EMAIL PROTECTED] wrote: > Justin <[EMAIL PROTECTED]> writes: > > I understand it the other way round. It is not an active knocking on > > your ports, but a passive MS thing. Lots of Chinese bought a new > > computer with an MS operating system, which is sending out to the > > world. > > Justin, > A moments thought would indicate that logic has a large flaw in it. > MS is the largest selling OS world wide .. that would indicate I > should see this traffic from all parts of the world. But what I see is > probably 85 % chinese in origin. The large flaw in logic you noticed may be smaller than initial assumptions would suggest. In essence the Chinese MSWindows users are new in the scene and not as technically savvy as their primarily western counterparts. The latter have been through the educational cycle of getting infected and reinstalling WinXP a few times over. Arguably the Chinese machines are not as well patched, or updated (you can google for figures of illegitimate WinXP copies in Asia . . . ) It can't be a coincidence that the highest growth in botnets is closely correlated with the arrival of capitalistic consumerism in developing countries like China, Eastern Europe, Russia and South America. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
On Thursday 15 May 2008, Justin wrote: > Didn't they made a low cost version for the far east market? Perhaps > they saved the money by reducing such things!? > I think Mick's explanation is plausible. The released a low-cost, cut-down, crippled version for places where piracy was rampant. I think it was priced as low as USD 2-3, but the actual price was based on what the local market could "afford" (ie it had to be competitive with pirate copies). This crippled version of Windows only allowed the simultaneous "running" of 2 or 3 applications. -- Crayon -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
[EMAIL PROTECTED] schrieb: Justin <[EMAIL PROTECTED]> writes: It appears to be, at root, just another snivel about how MS does things with no substance. I understand it the other way round. It is not an active knocking on your ports, but a passive MS thing. Lots of Chinese bought a new computer with an MS operating system, which is sending out to the world. Justin, A moments thought would indicate that logic has a large flaw in it. MS is the largest selling OS world wide .. that would indicate I should see this traffic from all parts of the world. But what I see is probably 85 % chinese in origin. Didn't they made a low cost version for the far east market? Perhaps they saved the money by reducing such things!? I think Mick's explanation is plausible. signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
Justin <[EMAIL PROTECTED]> writes: >> It appears to be, at root, just another snivel about how MS does >> things with no substance. >> >> > I understand it the other way round. It is not an active knocking on > your ports, but a passive MS thing. Lots of Chinese bought a new > computer with an MS operating system, which is sending out to the > world. Justin, A moments thought would indicate that logic has a large flaw in it. MS is the largest selling OS world wide .. that would indicate I should see this traffic from all parts of the world. But what I see is probably 85 % chinese in origin. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
Mick wrote: This is typical grc.com style FUD for paranoid MSWindows users. He is a really good salesman in IT snakeoil (his background is in marketing). I'll second this. He's clown. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
On Wednesday 14 May 2008, Justin wrote: > [EMAIL PROTECTED] schrieb: > > Justin <[EMAIL PROTECTED]> writes: > >>> If so what is the massive chinese interest in icq? > >> > >> found this in the net: > >> > >> http://www.grc.com/port_1026.htm > >> http://www.grc.com/port_1027.htm > > > > That doesn't give any analysis of why this port is being hammered by > > hundreds, even thousands of IP originating in china. > > > > It only guesses at what `might' be the reason such a port my be open, > > and how to close it... but even that part has no detail. > > > > It appears to be, at root, just another snivel about how MS does > > things with no substance. This is typical grc.com style FUD for paranoid MSWindows users. He is a really good salesman in IT snakeoil (his background is in marketing). > I understand it the other way round. It is not an active knocking on > your ports, but a passive MS thing. Lots of Chinese bought a new > computer with an MS operating system, which is sending out to the world. The two ports in question relate to the Windows Messenger service and the way it listens for UDP connections on ports in the 1026-1030 range. If you have disabled your Messenger Service there's probably nothing to fear. If on the other hand you have just woken up to the MSWindows miracle, just booted up your brand new unpatched WinXP and connected it to the Internet for the first time, wey-hey! Mandarin party time :-p LOL! Actually it could be a trojan listening on these ports, although on a box I just checked they are bound to 127.0.0.1. My money is on some new Messenger Spam attack similar to the one that was doing the rounds a few years ago. I thought that MS brought out a patch that disabled the Windows Messenger service by default since SP2 if not earlier? A packer sniffer ought to show up if something is amiss with the box. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
[EMAIL PROTECTED] schrieb: Justin <[EMAIL PROTECTED]> writes: If so what is the massive chinese interest in icq? found this in the net: http://www.grc.com/port_1026.htm http://www.grc.com/port_1027.htm That doesn't give any analysis of why this port is being hammered by hundreds, even thousands of IP originating in china. It only guesses at what `might' be the reason such a port my be open, and how to close it... but even that part has no detail. It appears to be, at root, just another snivel about how MS does things with no substance. I understand it the other way round. It is not an active knocking on your ports, but a passive MS thing. Lots of Chinese bought a new computer with an MS operating system, which is sending out to the world. signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: Constant hammering from Chinese IPs on prt 102[67]
Justin <[EMAIL PROTECTED]> writes: >> If so what is the massive chinese interest in icq? >> >> > found this in the net: > > http://www.grc.com/port_1026.htm > http://www.grc.com/port_1027.htm That doesn't give any analysis of why this port is being hammered by hundreds, even thousands of IP originating in china. It only guesses at what `might' be the reason such a port my be open, and how to close it... but even that part has no detail. It appears to be, at root, just another snivel about how MS does things with no substance. -- gentoo-user@lists.gentoo.org mailing list