Gary Flynn wrote: > > BTW. It doesn't come through netbios. We've got ports 137-139 and > 445 blocked and we've seen it. > > It comes from the Windows Messenger service. This service is > an RPC service. Client contact the RPC port (135) which then > tells the client which high port the Messenger service is > listening on. The Messenger service runs by default on NT, > 2k, and XP computers. One site I looked at said it runs > as service.exe. Correction. svchost.exe A high UDP port opens from this process when I send a message locally. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 18:32:39 PDT