Jetico 1.x UDP inbound on port 0(zero)

...hi all, any know what kind of event is this?

http://img257.imageshack.us/img257/9185/jeticoporta0bisxd8.th.jpg

 

Hi, Ciaba

- is receive datagram on port 0, you can block this port.
- (perché non fai domande al tuo forum materno)

 

...perchè non ti fai i caz.i tuoi e mi lasci vivere in pace?

 

LOL... a real gentleman

Fax

 

Hi Ciaba

May be an other MS Net Send Messenger spam...

Most of the time they are sent on UDP ports 1026, 1027 and 1028 from any remote port including the port 0 ...

The included data looks like this :

« ALERT...

SYSTEM ERROR !..
System Error detected
in C:\WINDOWS\system32
Windows suggests visiting www.BLAH BLAH BLAH cleanthispc.com
to download free repair tool

ALERT...

Windows has encounted an Internal Error.
Your registry is corrupted..
.http:// BLAH BLAH BLAH msreg.com..To repair your system
ASAP!!.

ALERT...

STOP
WINDOWS REQUIRES IMMEDIATE ATTENTION...
Windows has found CRITICAL SYSTEM ERRORS...
To fix the errors please do the following:
1. Download Registry Repair from: http:// www.BLAH BLAH BLAH winregfix32.com.
2. Install Registry Repair.
3. Run Registry Repair.
4. Reboot your computer.
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!..
»

and other stOOpids messages...

They comes mostly from zombie PCs in the Pacific ring (check the IP addresses range..)

[220.*.*.*] , [222.*.*.*], etc.

Ref.: http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

If Windows is up-to-date this service is disabled.
And your FW block this: that's okay.

By the way: all packets from or to the port 0 must be blocked...

 

...hey Climenole, tnx for explanations, my system is up to date and no errors event, I've yet bloked that port but why from eMule? I've looking for IP and are from many different phone companyes...so not blacklisted IP range or similar. Is possible a DoS acrivity?

 

...The class is not whater.

 

Hi Ciaba

eMule ? Check yout rule set!
NetSendMessenger spam packets can't be interfere with UDP packets to eMule...

eMule reject these packets since they don't have the data and format required to be relayed in this p2p network...

Don't waste your time to check from where these NSM spam come from...
It comes from Zombies PC. They are remotly controlled by spammers and they used them for relaying the spam. (In pacific ring, est europa and so on...)

No Denial of Service with this.
With Windows up-to-date and theese packets blocked by the firewall nothings can happen...

 

...oki man, tx for so...

 

LOL

Fax