[lug] linux firewall, popup windows spam blocking
D. Stimits
stimits at attbi.com
Thu Jun 26 21:29:42 MDT 2003
D. Stimits wrote:
> It seems that www.byebyeads.com is illegally violating Colorado spam
> laws (and probably newer national laws), and fraudulently claiming on
> their web page that their spam is legal. They seem to believe this
> because they are using the windows pop-up message service, rather than
> email. I know because they caused an application to crash by popping up
> such a message while an application was loading, and somehow managed to
> break the screenshot mechanism at the same time.
>
> What I'm wondering is if anyone knows what I can block on my linux
> firewall to block popups from other networks? Are these popups UDP or
> TCP? What port or ports are used? I already have 137:139 blocked, and
> some others. I even have zonealarm firewall on the windows machine
> itself, but it still allowed this popup. I'd like to totally remove this
> remote ability via the linux end, as nothing related to security on
> windows can be trusted.
>
> D. Stimits, stimits AT attbi DOT com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
An update on this. The culprit was not being caught previously because
they are not using a well-known port under 1024. The offender is using
port 1026 (UDP), and the sender is 63.215.251.101, which is hosted by
Level 3 Communications in Broomfield.
So, consider Level 3 your enemy, block 63.215.251.101, and block UDP on
port 1026.
D. Stimits, stimits AT attbi DOT com
More information about the LUG
mailing list