Jetico 1.x UDP inbound on port 0(zero)

Discussion in 'other firewalls' started by Ciaba, May 29, 2007.

Thread Status:
Not open for further replies.
  1. Ciaba
    Offline

    Ciaba Registered Member

  2. hiro
    Offline

    hiro Registered Member

    Hi, Ciaba

    - is receive datagram on port 0, you can block this port.
    - (perché non fai domande al tuo forum materno)
  3. Ciaba
    Offline

    Ciaba Registered Member

    ...perchè non ti fai i caz.i tuoi e mi lasci vivere in pace?
  4. fax
    Offline

    fax Registered Member

    LOL... a real gentleman :D

    Fax
  5. Climenole
    Offline

    Climenole Look 'n' Stop Expert

    Hi Ciaba :)

    May be an other MS Net Send Messenger spam...

    Most of the time they are sent on UDP ports 1026, 1027 and 1028 from any remote port including the port 0 ...

    The included data looks like this :

    « ALERT...

    SYSTEM ERROR !..
    System Error detected
    in C:\WINDOWS\system32
    Windows suggests visiting www.BLAH BLAH BLAH cleanthispc.com
    to download free repair tool

    ALERT...

    Windows has encounted an Internal Error.
    Your registry is corrupted..
    .http:// BLAH BLAH BLAH msreg.com..To repair your system
    ASAP!!.

    ALERT...

    STOP
    WINDOWS REQUIRES IMMEDIATE ATTENTION...
    Windows has found CRITICAL SYSTEM ERRORS...
    To fix the errors please do the following:
    1. Download Registry Repair from: http:// www.BLAH BLAH BLAH winregfix32.com.
    2. Install Registry Repair.
    3. Run Registry Repair.
    4. Reboot your computer.
    FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!..
    »

    and other stOOpids messages...

    They comes mostly from zombie PCs in the Pacific ring (check the IP addresses range..)

    [220.*.*.*] , [222.*.*.*], etc.

    Ref.: http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

    If Windows is up-to-date this service is disabled.
    And your FW block this: that's okay.

    By the way: all packets from or to the port 0 must be blocked...


    :)
  6. Ciaba
    Offline

    Ciaba Registered Member

    ...hey Climenole, tnx for explanations, my system is up to date and no errors event, I've yet bloked that port but why from eMule? I've looking for IP and are from many different phone companyes...so not blacklisted IP range or similar. Is possible a DoS acrivity?
    Last edited: May 30, 2007
  7. Ciaba
    Offline

    Ciaba Registered Member

    ...The class is not whater. :D
  8. Climenole
    Offline

    Climenole Look 'n' Stop Expert

    Hi Ciaba :)

    eMule ? Check yout rule set!
    NetSendMessenger spam packets can't be interfere with UDP packets to eMule...

    eMule reject these packets since they don't have the data and format required to be relayed in this p2p network...

    Don't waste your time to check from where these NSM spam come from...
    It comes from Zombies PC. They are remotly controlled by spammers and they used them for relaying the spam. (In pacific ring, est europa and so on...)

    No Denial of Service with this.
    With Windows up-to-date and theese packets blocked by the firewall nothings can happen...

    :)
  9. Ciaba
    Offline

    Ciaba Registered Member

    ...oki man, tx for so...:thumb:
  10. fax
    Offline

    fax Registered Member

    LOL :D

    Fax
Thread Status:
Not open for further replies.