Jetico 1.x UDP inbound on port 0(zero)

Ciaba · #1 May 29th, 2007, 07:02 AM

...hi all, any know what kind of event is this?

http://img257.imageshack.us/img257/9...0bisxd8.th.jpg

hiro · #2 May 29th, 2007, 07:23 AM

Hi, Ciaba

- is receive datagram on port 0, you can block this port.
- (perché non fai domande al tuo forum materno)

Ciaba · #3 May 29th, 2007, 01:16 PM

...perchè non ti fai i caz.i tuoi e mi lasci vivere in pace?

fax · #4 May 29th, 2007, 01:59 PM

Quote:

Originally Posted by Ciaba

...perchè non ti fai i caz.i tuoi e mi lasci vivere in pace?

LOL... a real gentleman

Fax

Climenole · #5 May 29th, 2007, 02:51 PM

Hi Ciaba

Quote:

Originally Posted by Ciaba

...hi all, any know what kind of event is this?

May be an other MS Net Send Messenger spam...

Most of the time they are sent on UDP ports 1026, 1027 and 1028 from any remote port including the port 0 ...

The included data looks like this :

« ALERT...

SYSTEM ERROR !..
System Error detected
in C:\WINDOWS\system32
Windows suggests visiting www.BLAH BLAH BLAH cleanthispc.com
to download free repair tool

ALERT...

Windows has encounted an Internal Error.
Your registry is corrupted..
.http:// BLAH BLAH BLAH msreg.com..To repair your system
ASAP!!.

ALERT...

STOP
WINDOWS REQUIRES IMMEDIATE ATTENTION...
Windows has found CRITICAL SYSTEM ERRORS...
To fix the errors please do the following:
1. Download Registry Repair from: http:// www.BLAH BLAH BLAH winregfix32.com.
2. Install Registry Repair.
3. Run Registry Repair.
4. Reboot your computer.
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!..
»

and other stOOpids messages...

They comes mostly from zombie PCs in the Pacific ring (check the IP addresses range..)

[220.*.*.*] , [222.*.*.*], etc.

Ref.: http://www.microsoft.com/windowsxp/u.../stopspam.mspx

If Windows is up-to-date this service is disabled.
And your FW block this: that's okay.

By the way: all packets from or to the port 0 must be blocked...

Ciaba · #6 May 29th, 2007, 07:36 PM

...hey Climenole, tnx for explanations, my system is up to date and no errors event, I've yet bloked that port but why from eMule? I've looking for IP and are from many different phone companyes...so not blacklisted IP range or similar. Is possible a DoS acrivity?

Ciaba · #7 May 29th, 2007, 07:57 PM

Quote:

Originally Posted by fax

LOL... a real gentleman

Fax

...The class is not whater.

Climenole · #8 May 29th, 2007, 08:11 PM

Hi Ciaba

Quote:

Originally Posted by Ciaba

...hey Cimenole, tnx for explanations, my system is up to date and no errors event, I've yet bloked that port but why from eMule? I've looking for IP and are from many different phone companyes...so not blacklisted IP range or similar. Is possible a DoS acrivity?

eMule ? Check yout rule set!
NetSendMessenger spam packets can't be interfere with UDP packets to eMule...

eMule reject these packets since they don't have the data and format required to be relayed in this p2p network...

Don't waste your time to check from where these NSM spam come from...
It comes from Zombies PC. They are remotly controlled by spammers and they used them for relaying the spam. (In pacific ring, est europa and so on...)

No Denial of Service with this.
With Windows up-to-date and theese packets blocked by the firewall nothings can happen...

Ciaba · #9 May 30th, 2007, 01:22 AM

...oki man, tx for so...

fax · #10 May 30th, 2007, 05:47 AM

Quote:

Originally Posted by Ciaba

...The class is not whater.

LOL

Fax

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search