Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping NetBIOS Spam?

Posted by Cliff on from the nothing-is-sacred dept.

MoonFacedAssassin asks: "I woke up this morning to find that my computer had a Windows messaging pop-up window with an advertisement about getting diplomas and degrees. I was quite shocked to find that my Bellsouth DSL IP address had been spammed. Has this happened to anyone else? Other than closing off the port which this can come through, are there any other ways to block this spam? And, how responsible is Bellsouth (or any ISP for that matter) in handling issues like this?"

6 of 97 comments (clear)

  1. Firewall yourself... by earthdark · · Score: 5, Informative

    TechTV covered this earlier this year so you might want to read their breif article for more information.

    Basically, they're port scanning for open port 139s and spam IP that comes up positive. Either turn off the messenger service in services or install a firewall/router and block incoming tcp connections on port 139 (NetBIOS).

    While you're at it, turn off the remote registry service...

  2. You said it yourself... by xt · · Score: 5, Insightful

    Block the port. To be honest, I can't understand why you would leave any ports open, when on an always-on connection, with a static IP address. Unless you have a service running on a port, that you want it to be public accessible, all other ports should be blocked and stealth. Experience says this is especially true for netbios ports...

    As for the second part, you cannot count on an ISP's usage terms to protect you from malicious acts. For good or for bad, they sell access services, not security services.

    1. Re:You said it yourself... by diesel_jackass · · Score: 5, Interesting
      >I wish I could pop up a message on their
      >screens. Something polite and respectful
      >like 'piss off you little bastard'.

      I don't know about popping a message, but you could have fun with Slap:

      Slap - If you're like me you run firewall software that tells you when someone tries to access your system. Sometimes I respond with a few packets of my own just to let them know that I am paying attention. I wrote Slap to make responding to these access attempts easier and more entertaining. Just enter the IP address of the person you wish to slap and click on the Slap button. The program will attempt to access all the ports in the list and send them a packet with a personal message. (The default message is 'Leave Me Alone!') Slap integrates with Black Ice and Zone Alarm and can use information received from these software firewalls to "Auto Slap" intruders and add their attacks to your list of responses. --Here is a cool Wav file to use with this.

      --
      THERE IS NO DATA. THERE IS O
  3. Re:Overlooking the obvious by jilles · · Score: 5, Insightful

    Especially not if you don't know how to configure it. There's even a GUI for disabling NETBIOS.

    --

    Jilles
  4. Re:um. by pruneau · · Score: 5, Informative

    I concur with you danielrose.

    <RANT> Without denying MoonFacedAssassin the right to a response to a very pertinent question, I think that posting that on Ask SlashJeeves shows a suprising level of ignorance from Cliff. Or he is at the end of some coding spree? Because this question does dot belong here, but rather on some newsgroup like comp.security.firewall (someone help me there).

    Anyway, let me end my RANT section by saying that the level of interest of ask slashdot has regularly reached new lows every day.

    I'm worried, to say the least

    </RANT>

    But let's drop the political/marketing aspect of that and take car of some real technical stuff:

    (Yeah you guessed it, I'm getting pedantic during insomnias (it's 3:00 here)).
    1. Get over it: an IP does not get spammed, because scannig block of addresses does not require any kind of disclosure from your ISP. They only have to have a router advertising their block of IP to the internet for those block of addresses to be scanned. Because having such a setup is one of the primary requirements to be an ISP. Sorry. Even residing into some secret whois database won't change anything there.

      Believe me, I've got firsthand experiences of having systems simply plug onto the internet, not even having some DNS record, and beeing scanned after one days of routable IP presence.

      And no, you don't want them to "protect" you from that, because if they start going big brother on you, you will notice a real drop on the number of things you can do online. Unless you really want only to surf and e-mail a bit, that will be perfectly understandable.

      But that's another debate: since internet is a jungle now, do we want to see some new kind of ISP that babysits theyr not-so-technical users ?

    2. The second thing that worries me is that if you got a window messaging message, this means that you probably have a whole slew of netbios services exposed to the internet. Now listen carefully: if you ever have a shared printer or worst, drive, your machine is already hacked. Even not having shares might no be sufficient to protect you.

      I'm not trying to scare you there, it`s just a fact.

      In this case, please unplug from the network and reinstall from scratch. Do not backup any executablte. And the first time you re-plug you machine on the internet, please go immediately shopping for a personnal firewall, like ZoneAlarm and such. Once this one is done, either make sure your anti-virus software is up to date, or get you one. This will give you a reasonnable amount of security.

    3. If you followed me this far, well thank you !!!
    Now, welcome to a brave new world !
    --
    [Pruneau /\o^O/\ warranty void if this .sig is removed]
  5. Dear Slashdot, by crapulent · · Score: 5, Funny

    Dear Slashdot,

    When I go to work, I leave my front door unlocked and slightly ajar. The other day when I got back, I found vagrants sleeping on my sofa and defecating in my sink. Other than closing and locking my door when I leave, how can I get rid of them? Has this ever happened to you? Also, can I sue my landlord over this? Thanks.

    Yours,
    Confused in Cleveland