| 1 |
On Wednesday 14 May 2008, Justin wrote: |
| 2 |
> reader@×××××××.com schrieb: |
| 3 |
> > Justin <justin@×××××××××.net> writes: |
| 4 |
> >>> If so what is the massive chinese interest in icq? |
| 5 |
> >> |
| 6 |
> >> found this in the net: |
| 7 |
> >> |
| 8 |
> >> http://www.grc.com/port_1026.htm |
| 9 |
> >> http://www.grc.com/port_1027.htm |
| 10 |
> > |
| 11 |
> > That doesn't give any analysis of why this port is being hammered by |
| 12 |
> > hundreds, even thousands of IP originating in china. |
| 13 |
> > |
| 14 |
> > It only guesses at what `might' be the reason such a port my be open, |
| 15 |
> > and how to close it... but even that part has no detail. |
| 16 |
> > |
| 17 |
> > It appears to be, at root, just another snivel about how MS does |
| 18 |
> > things with no substance. |
| 19 |
|
| 20 |
This is typical grc.com style FUD for paranoid MSWindows users. He is a |
| 21 |
really good salesman in IT snakeoil (his background is in marketing). |
| 22 |
|
| 23 |
> I understand it the other way round. It is not an active knocking on |
| 24 |
> your ports, but a passive MS thing. Lots of Chinese bought a new |
| 25 |
> computer with an MS operating system, which is sending out to the world. |
| 26 |
|
| 27 |
The two ports in question relate to the Windows Messenger service and the way |
| 28 |
it listens for UDP connections on ports in the 1026-1030 range. If you have |
| 29 |
disabled your Messenger Service there's probably nothing to fear. If on the |
| 30 |
other hand you have just woken up to the MSWindows miracle, just booted up |
| 31 |
your brand new unpatched WinXP and connected it to the Internet for the first |
| 32 |
time, wey-hey! Mandarin party time :-p |
| 33 |
|
| 34 |
LOL! Actually it could be a trojan listening on these ports, although on a |
| 35 |
box I just checked they are bound to 127.0.0.1. My money is on some new |
| 36 |
Messenger Spam attack similar to the one that was doing the rounds a few |
| 37 |
years ago. I thought that MS brought out a patch that disabled the Windows |
| 38 |
Messenger service by default since SP2 if not earlier? |
| 39 |
|
| 40 |
A packer sniffer ought to show up if something is amiss with the box. |
| 41 |
-- |
| 42 |
Regards, |
| 43 |
Mick |
Archives