[proxyTools-users] Open Port ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

http://www.wired.com/news/technology/0,1282,55795,00.html?tw=wn_ascii

This is an article about new adverts that exploit a backdoor in windows
(via port 135) to send adverts straight to peoples machines. What it
says it that some firewall leave port 135 open - so it might be worth
having this one checked by master.pl by default - may be useful to some
users blocked by corporate firewalls. Unfortunately not me though - I
edited master.pl and it`s blocked on mine !! I guess no proxies are
going to be listening on port 135 but even so......
Having said that - leaving it open is a security risk not to mention the
possiblity of those adverts......

Mike

Quote :-

According to Flynn, many network administrators are puzzled over how the
ads have weaseled through firewalls onto users' computers. While Windows
Messenger traditionally uses commonly protected ports 137 and 139, Flynn
said the recent pop-ups appear to use port 135, which is often left
unprotected by a firewall because it's a vital conduit for communicating
with a Microsoft service called RPC.

Since mid-September, numerous myNetWatchman participants have received
repeated probes on port 135 from a handful of Internet protocol
addresses assigned to Everyones Internet (EV1.net), an Internet service
provider in Houston, according to Baldwin. The numeric addresses
translate into "NetBIOS machine names" that begin with WEBPOPUP and that
have appeared in several recent ads, he said.

EV1.net officials, who did not respond to interview requests, are
investigating the issue, according to Baldwin.

Now that spammers have pioneered the Windows Messenger technology, worm
writers may be next to target the service, according to Harlan Carvey, a
security engineer with a financial services firm.

"I'm sure we're going to see spyware or malware that makes use of this,"
Carvey said.

Carvey and other security experts said users can protect themselves from
unwanted pop-ups by disabling the Windows Messenger service and/or
properly configuring their firewalls.

--
This email is confidential & intended solely for the use of the
individual to whom it is addressed.  Any views presented are solely
those of the author & do not necessarily represent those of Towcester
Building Supplies.
If you are not the intended recipient, be advised that
you have received this email in error & that any use, dissemination,
forwarding, printing, or copying of this email is strictly prohibited.
Any files attached to this email will have been checked with virus
software before transmission. However, you should carry out your own
virus check before opening any attachment.
Towcester Building Supplies accepts no liability for any loss or damage
which may be caused by software viruses.