I am working with a guy here who is troubleshooting a connection through our firewalls so I’m grep’ing through live firewall logs. Almost immediately after placing his host online it was getting bombarded with connection attempts, likely connection attempts to entire blocks, not just our host specifically (I could tell if I actually looked at the source IP instead of the destination IP, but I’m too lazy and too busy blogging right now).

Anyway, some of the connections that caught my eye were UDP:1026 and UDP:1027, which indicate Messenger spam. You remember; the old spam that uses the equivalent of ‘net send’ to pop up a window that looks like a system message to the user.

It’s unbelievable that something like this is still effective today. I imagine its mostly home users who are the intended targets but it’s so prevalent that it’s become part of the ‘noise of the Internet.’

For more information about this topic

• No Related Post