Preventing the NT Messenger From Use as a Spam Portal?

zbowling (Zac Bowling) asks: "I currently use Comcast cable internet, and I consistently get hit with spam popups. These are not the ones you get from a webpages or media, these are dialog box popups from people scanning all possible IPs for the open messenger port on most NT or Win2k machines. The NT Messenger service (also the same as Novells Network Alert system) is reserved for admins, so they can send messages to the domain or a single workstation for any reason. This service has been taken advantage of by spammers looking for a cheap way to spam someone. One message I got was a spam to get me to buy a firewall product from them to prevent this from happening. I'm sure you can shut of that service or block that port except from people in your subnet. Does anyone know of any resources on the topic?"

Its called common sense.

[LWolenczak]

As far as I know, there is nothing out there, but if your on broadband,just turn off the messenger service, you don't need it. Every Admin job I've ever had the messenger service was used by employees to play pratical jokes on staff that did not know about it. Infact, at one job, Clopatra and Ceaser were talking using the messenger service to a WinNT Exchange server called Hermes.

Re:Its called common sense.

[Blkdeath]

As far as I know, there is nothing out there,

Yes, there is. There's (un)common sense. Disable the Messenger service. If you need it, chances are you're on a computer that shouldn't have broadband directly connected to it anyways (ie; a computer on a domain). If this is the case, install a personal firewall and hope your network admin never finds out.

Which brings me to my second point; hardware and, to my chagrin, even software firewalls. They block such ports, unless you allow them through. Drop $70CDN and pick yourself up a four-port broadband NAT router for chrissakes and quit whining at Slashdot for one of the simplest possible "problems" to solve.

And Cliff, c'mon, why? Why? WHY?

Re:Its called common sense.

[rkz]

you know what the first thing i did when i got my windows XP box? shut down all the services i didnt need and only turned on ones i needed when i needed them. I think this came from securing all those linux boxes running hundreds of stupid services. (WHY THE FUCK IS CUPS RUNNING BEFORE I'VE ADDED A PRINTER) Anyway getting to the point I've never had one of these messenger spams. Turn off the fuckin service

Write your congressman.

[Lord+Bitman]

It is an insult that typing in a URL can be considered "hacking", while sending bogus data to an unknowingly open machine in order to get it to do things which it was never intended to do is not.

Re:Write your congressman.

[PerryMason]

The knee-jerk reaction is to consider this Messenger service spamming as a hack, but you have to stop and consider the wider implications of calling it 'hacking'.

If we are to make this sort of thing illegal, its a very small step to consider any connection to an open port that isn't what the recipient (ie server operator) expected to receive as hacking. This is likely to lead to even less of a focus on delivering a secure software product, rather relying on the threat of legal action to secure systems, much like the DMCA. Its using the sledgehammer of the law to crack a small nut that technology is already more than capable to dealing with.

If you really feel the need to write to somebody, write to Microsoft and tell them that the default state of a system following an install is insecure and that you will stop purchasing their products if they can't provide something secure enough to put on the internet.

Re:Write your congressman.

[Lord+Bitman]

I already don't buy MS products. Sure, things should be secure to begin with, but are we really going to say "If it has a blatant security flaw, it doesnt count as hacking."?

Spammed by anti-spam product adverts. Defeat?

[tgrotvedt]

Maybe you could, uh, buy that firewall product the spammer advertised....

that's kind of... weird though.

Re:Spammed by anti-spam product adverts. Defeat?

[GimmeFuel]

Buying the advertised product would stop it just for you, but would encourage the spammer further, making it worse for everyone else. Instead, get a free firewall like ZoneAlarm and stop it that way.

Re:Spammed by anti-spam product adverts. Defeat?

Zonealarm is not Free Software, and in addition installs spyware. You want to use Tiny Personal Firewall instead.

Re:Spammed by anti-spam product adverts. Defeat?

[RzUpAnmsCwrds]

Instead of installing a firewall that messes with your IP stack and adds spyware, just disable the stinking service.

Re:Spammed by anti-spam product adverts. Defeat?

[Yottabyte84]

Can you provide more information about the spyware zone alarm installs? A link perhaps?

Re:Spammed by anti-spam product adverts. Defeat?

[sepluv]

Zonealarm is not Free Software

I use TPF with MS Windows too but it is not free software either. It is freeware (or shareware depending on which way you look at it).

iq_in_binary

[iq+in+binary]

Interesting, Comcast is the top baby Bell where I come from. What state are you in? I've never heard of such problems with their service before. I wouldn't consider is Comcast's problem if I were you.

Instead, look for a local spammer; as this would be the most likely culprit of such a crime.

turn the service off

[FrenZon]

If you don't need it, go to your services menu, and set the messenger service to 'off'.

Re:turn the service off

[gl4ss]

exactly, it's such a basic question/answer that i must wonder how the f it managed to get into ask slashdot. actually, i think that this is dupe of some sort too.. if you really can't be bothered to the menu where you can turn off services(he even knows that he should just turn off the service), how are you bothered enough to post an ask slashdot question..

not only that but theres gazillion websites that cover such annoyances, including annoyances.org.

Re:turn the service off

[xombo]

Or in more detail (this guy obvisously needs it like this):
In the lower left hand of your screen, you should see a button labled "Start" click it with your left mouse button, unless you are left handed, try the right mouse button. Now, point to settings, then click "Control Panel". Then double click the administrator tools icon. goto "services". Now, there will be a service listed as "Messenger Service" Right click this (if you are left handed, left click), and click properties. Then choose the automatic box, and change it to disabled. Click Apply, then OK, and reboot your computer and show me your boobies (or your girlfriends boobies if you are a man).

Resource

[skinfitz]

Does anyone know of any resources on the topic?

Yes, it's called Google.

Re:Resource

Informative? This is +5 informative?

I thought this was +5 funny -- however, it scares me that more people think it's "informative" than "funny".

Is this the first time that some of you have heard about "Google"? :)

Re:Resource

Ahh but if you click the link, it is a link to a predefined google search for dealing with messenger spam you see, so it's "informative". :)

Re:Resource

[lo_fye]

What a useless reply!
Everyone knows Google.

The other day I asked a mailing list I'm on to summarize Extreme Programming in a sentence or two.

All the replies I got were pretty much the same "Try searching Google"

Reallly? I can find stuff on Google?

Jeezus!

The whole reason for asking is that you CAN'T FIND INFO ON IT!

Please, if someone asks a question that you could give a useful answer to, DO SO.

If you can't give a useful answer, just don't answer!

Re:Resource

It's *not* a useless reply, you stinky GNU living-in-your-parents'-basement hippie. The link posted goest directly to a google search, the first result of which answers his question. Hence "informative".

Now go back to whacking off to anime pr0n in your furry costume, please.

Re:Resource

[Slack3r78]

Normally, I'd agree with you. There have been times here on Slashdot that I've asked questions that have seemingly simple answers because I knew it'd be easier to get a 1 or 2 sentence summary on it from a fellow geek rather than read a hundred pages of theory and try to decipher it for myself. However, your parent poster in this case has a valid point. I had problems with messenger spam myself, and the first thing I did was hit up Google in search of an answer. In literally less than 5 minutes, I had my computer's set up fixed, and have not dealt with it since.

The point is, it's all a matter of context - if the question can be answered extremely quickly with a cursory Google scan, isn't submitting a /. story a longer, far less efficient way of getting the answer? Especially when this is such a well known, well documented problem/fix.

Re:Resource

You can find stuff on Google?

I'm not so sure. I put in "Extreme Programming" in Google, and the top two websites seemed to summarize it fairly well.

It sounds as if you suffer from the same constellation of symptoms: Laziness and the expectation you have of people to take their (A) time and (B) effort to educate you simply because you ask.

Last I checked, I paid professors to teach me things like organic chemistry and molecular biology. Last I checked, consultants were paid for their expertise.

Raise the bar. If you know how to Google, then get to it. Chop, chop! If you fill a listserv with questions that can be Googled, shame on you for wasting others' time.

Check out

[arcadum]

This teaches you alot

Shut off the service

[Baloo+Ursidae]

Go into Control Panel, then Services.
Scroll down to Messenger and right click, hit Properties.
Set Startup Type to Disabled.
If the Service status says Started, click Stop.
Click OK and close out of Services and Control Panel.

Re:Shut off the service

[genka]

He didn't ask how to stop the service. He wants to know if he can make it accessible only from a local subnet. I think he even knows that there are things like routers and they can use ACLs, but he wants to do limit Messenger access by tweaking configuration of his computers. I doubt it is possible.

Stopping NT Messenger Spam

[Wrexen]

Step 1) Go to google
Step 2) Type in "NT messenger spam"
Step 3) Hit the "I'm feeling lucky" button
Step 4) Stop NT Messenger Spam
Step 5) Submit question to "Ask Slashdot" anyway
Step 6) ????
Step 7) Profit!

Simple

Create a whitelist of IPs and generate a set of rules for INPUT tabl... oh... sorry, never mind...

How the .....

[Korgan]

I can't believe this post got this far. A solution can even be found on Yahoo!

Dude, core rule of running ANY OS is to disable anything you don't use. If you don't know which services/daemons you do or don't need, then install a software based firewall on the OS until you can get help to start securing the OS properly.

For windows, software like Zone Alarm (http://www.zonelabs.com) is a good start. McAfee, Symantec and a whole heap of other companies offer similar products also.

For *BSD (Including OSX) IPF is available on nearly all variants. For GNU/Linux, NetFilter/IPTables in the modern kernels and IPCHAINS and IPFWADM in the older kernels.

For commercial versions of Unix, There are a quite a few options, but most home users aren't going to be running Solaris or HP-UX or AIX or other such OSs.

Re:How the .....

And Windows makes this really easy by providing a nice, annotated list of what each service does and why you would or wouldn't need it. It even has a nice GUI that helps you configure your system in a secure manner.

Oh, wait. No it doesn't. It has a big scary dialog that comes up and says "Disable this only if you're absolutely sure you don't need it. Go buy an MCSE if you're not sure."

Never mind.

Re:How the .....

[(H)elix1]

Dude, core rule of running ANY OS is to disable anything you don't use.

First off - Amen!

The problem is the bloody default install. If I was asked, you want this... I would have said no now that I know what it was. Looking at the description, "Sends and receives messages transmitted by administrators or the Alerter Service", it is not obvious you can nuke this service. The other problem is few would suspect random spammers could use it to broadcast messages when the description implies administrators. If it is part of the windows update stuff, the last thing I would want to do is block the steady stream of patches.

On my work laptop, my bride's navi, and a few other boxes I had no idea the messaging service was even there until I took my firewall out to swap in a fanless cpu/mainboard to replace the power hungry p60 that covered my internal network.

A bit of googling goes a long way, however.... I'd wait for the dupe before I pulled out my soap box.

Re:How the .....

[richmlpdx]

If you're going to run a software firewall, I reccommend the Sygate Personal Firewall Pro. Its one of the better Windows based software firewalls out there.

No sig.

router?

[lburdet]

if you still need to keep the service "Active", i'm assuming you have more than one machine behind the cable connection?
If you have more than one machine, surely you have some form of routing?
And if you have a router, then why don't you just block the port on the router, leave it open on the internal nodes, and lest i forget, not submit a googleable question to /. ?

Shorter Procedure

Go to the Start menu
Select Shut Down
Put Computer in Box
Take it back to the store and tell them you want your money back, because you're too stupid to use a computer

"block incoming NetBIOS"

[Futurepower(R)]

Installing ZoneAlarm is not enough. You must go to Security/Local/Customize in ZoneAlarm and select "block incoming NetBIOS".

Re:"block incoming NetBIOS"

[duffbeer703]

Or, you could just get rid of NetBIOS and you'd ahve no problem at all.

blocking netbios ports not working

[Ender+Ryan]

A couple weeks ago my coworker closed down the port for netbios on our firewall. Over the next couple weeks these messenger spams continued to get through. Thinking my coworker must be an idiot, I checked out the firewall myself, and tested it from outside our network. NETBIOS is indeed blocked. Frustrated as hell, I double triple and quadrouple checked to be sure as hell it is blocked. Indeed, it is.

I do not wish to manually turn off the messenger service on every single win box on our network, so does anyone have any idea what could be going on?, or do I need to just start sniffing?

Isn't this the same question as ...

[jpkunst]

... this one?

JP

Slashdot is for posting, not roasting.

[Futurepower(R)]

Slashdot Readers: If you don't like an Ask Slashdot question, ignore it!

Don't waste everyone's time posting a comment saying that you knew the answer when you were 8 or 18 years old, and Slashdot is lame for posting such a simple question.

Slashdot is meant to be a community. Not everyone in a community has the same knowledge. Questions that are simple for you may be difficult for someone else.

Yes, many questions can be answered by Google, IF you already know the answer and therefore know the correct key words.

Re:Slashdot is for posting, not roasting.

[Blkdeath]

Don't waste everyone's time posting a comment saying that you knew the answer when you were 8 or 18 years old, and Slashdot is lame for posting such a simple question.

Yes, but how far will it go? There has to be a line drawn in the sand somewhere so that these people will do atleast some legwork before resorting to Ask Slashdot. We're not here to pander to the incapable; this is a news site, not an infant hand-holding rag.

If we lower the bar sufficiently with such basic questions, we'll find ourselves plagued by a continual slew of Computer 101 HOWTO documents that teach everything except how to learn to do things for yourself.

I might add that the question itself was worded in such a way as to indicate that the reader does in fact understand the utility of the messenger service, vis;

The NT Messenger service ... is reserved for admins, so they can send messages to the domain or a single workstation for any reason.

So he knows what "Messenger" is and understands that it is a "Service" for "NT" based operating systems. I'll go so far as to Google for NT Messenger Service and see what we get? Messages about the topic at hand. I see no less than six helpful pages listed in the results. Further;

I'm sure you can shut of that service or block that port except from people in your subnet.

"Shut of{sic} that service"? Blocking ports? It sounds to me as if this poster knows exactly what he has to do, he just has to go about actually doing it.

Re:Slashdot is for posting, not roasting.

[MrWa]

Slashdot is meant to be a community. Not everyone in a community has the same knowledge. Questions that are simple for you may be difficult for someone else.

But questions that have already been asked in Ask Slashdot deserve to be ridiculed to the fullest extent possible in an online community. Part of being a community is not just looking for quick, simple answers that you are too lazy to find for yourself.

Of course, part of the "Slashdot community" is submitting and griping about double posts, so I guess this one just falls right inline with everything else.

For the record: Ask Slashdot is the most useful when the questions actually require thought, opinion, and input from the "community".

Re:Slashdot is for posting, not roasting.

[mrscott]

Who cares if he knows or doesn't know something? All you have to do is lok at the article and IGNORE IT. We aren't being plagued with anything at all.

Re:Slashdot is for posting, not roasting.

[Blkdeath]

Who cares if he knows or doesn't know something? All you have to do is lok at the article and IGNORE IT. We aren't being plagued with anything at all.

Ok, I'll ignore it. Then I'll get tired of scrolling past it and I'll disable the "Ask Slashdot" section. Then a dozen others will do the same. A few hundred more, a few hundred more, and before you know it the only people left reading Ask Slashdot are the people too simple to memorize more than one URI on the web who need their mothers' help when they find themselves faced with an unconventional button fly.

This isn't a case of "This doesn't interest me, I'll scroll past and find some Anime to drool over", this is a case of "Somebody let the special ed class use the computers and Slashdot went to hell in a handbasket."

While we're at it, let's post some articles detailing how, precisely, to build a Linux kernel - FROM SCRATCH! From there, we'll move onto such enthrallingly informative topics as "Steve Jobs bought a NEW TURTLENECK!" and scrolling down the list we see "Floppy disks for dummies. Why don't they hold as much as CD-Rs?" with the optional follow-up article; "CD-Rs - Why Do They Taste Funny?"

If you think I'm exagerating, read the article summaries for the past few months. Notice a trend? Boy, am I ever ignoring a lot by now. I'm starting to think of CNN as a plausible alternative news medium.

Just disable the service

[Noah+Adler]

How about just typing net stop messenger at a command prompt?

Problem solved, eh? Should this really have been an Ask Slashdot?

Re:Just disable the service

[Stalemate]

I know what you mean. Even if he didn't know that exact command, he could have written a program to just pipe random character strings through cmd.exe and hope he turned off the service before he formatted his c: drive.

You just can't help someone if they aren't willing to help themselves.

Re:THANK YOU MR. ELECTED PRESIDENT

You are a moron. Tax cuts STIMULATE the economy...apparently something never done to your BRAIN! In fact Bush is doing a GREAT job...something you liberals just can't stand. Keep on trying to find something to nail Bush on... keep looking - your not going to find it. What liberals don't understand is they are being USED by their "leaders" in DC. Wake up, learn about the Libertarian way...and be an individual for God's sake. http://www.lp.org/

New Windows

[mrscott]

At the risk of being flamed for a pro-Microsoft comment, take a look at Windows Server 2003. Out of the box, it is pretty tightly locked down. No services are installed by default -- an admin has to proactively enable things like IIS, DNS, etc. Permissions are no longer defaulted to "Everyone Full Control" as they were in the past. While I'm sure that there will still be holes found, at least the ones provided by a default installation have been addressed.

Re:New Windows

[ConceptJunkie]

Yes, and when all the stupid security flaws in Windows 2003 come to light, Microsoft will be ready with Windows 2005, ad infinitum.

If Microsoft cared about anything other than selling you the next version, they would make it much easier for admins and end-users (especially end-users) to properly lock down their machines. The problem is that most of Microsoft's so-called useful functionality and "innovation" is what causes these security problems in the first place. Oh that and the Computer Science 101-level mistake of not checking your freakin' memcpy( )'s to make sure they're not overrunning buffers.

Sure, 2003 is better, but there is no reason in the world why XP, and 2000, and NT4, etc, couldn't have been better too, seeing as how Microsoft is largely playing catchup with problems that have been solved for years on the Linux/Unix side of things.

For all their vaunted wealth and so-called expertise, Microsoft comes off as an incredibly amateur operation at times... and this is coming from someone with 15 years of experience developing under MS OS's and tools.

If a disorganized bunch of random hackers can put together an operating system and tools that can rival a $500 billion dollar company, that says as much for the quality of talent at that company as it does for the brilliance of those hackers.

I'm not flaming you for being pro-Micorosoft or commenting that they did something right... they do do some things right, but it's obvious if they gave half a damn about anything other than maintaining their government-sanctioned monopoly, they would and could do a lot more things right.

As any good scientist will tell you, correlation does not imply causation, but everything Microsoft does can be explained by the above paragraph, so eventually you have to think there's something to it.

First off, anyone who thinks breaking up MS would have been a solution to anything is sadly mistaken. Microsoft's biggest problem, from a quality point-of-view is that they _can't_ operate like one big company. Even going back to the original Windows SDK, it's blatantly obvious that part of Microsoft couldn't or wouldn't communicate with each other and I would go so far as to suggest that different parts of the company are actually in competition with each other, which is why MS products are so inconsistent, particularly at the API level. Of course, it doesn't help that half their software was bought from other companies, so there is no unified strategy for software development and no standards that will actually help someone other than Microsoft itself.

Actually it is called Linksys

[Glonoinha]

Original poster : go to BestBuy or whereever and buy a Linksys 4 port router/firewall : Linksys Model# BEFSR41. They are dirt cheap now that the wireless stuff is out, cost maybe $50. Gives you two things :

1. Your ip address is now a black hole. Nothing comes in. Cable modem is a shared medium meaning it is entirely possible that your neighbors could be snooping your hard drive. Not likely, but possible (I have done it in the past ... it is fun:) The router stops all inbound traffic at the door, or pretty much most of it. Those pesky Messenger spam go away. Also protects you from the damn Nimda (?) type worms that attack exposed web servers.

2. You can plug more than one computer into the 4 10/100 ports the unit has, now you have more than one computer surfing at cable speed. Also have your internal network between computers. If you had friends and they came over they could plug their machines in and have instant access to the web also. Acts as a DHCP server so you don't need to configure one.

If you have a cablemodem, you really, really need a hardware firewall/router, and the Linky is a very easy to use unit. Just be sure to change the password, everybody on the planet knows how to hack their way in if it is left to the default.

Re:Actually it is called Linksys

[MillionthMonkey]

Your ip address is now a black hole. Nothing comes in. Cable modem is a shared medium meaning it is entirely possible that your neighbors could be snooping your hard drive. Not likely, but possible (I have done it in the past ... it is fun:)

Wow, a real cyberterr'ist. Why do you hate America so much?

I've got DSL and I'm hiding behind one of those little 4 port Linksys routers. They're essential even if you only have one computer- you'd have to be crazy to connect a machine directly to a broadband modem using the buggy and insecure software that ISPs give out. The only drawback is if something goes wrong with the connection and you have to get past idiot tech support people who are reading from the standard ISP tech support script:

while(!connection.works()) {
blameCustomerSetup();
uninstall();
reinstall();
}

If you can manage to get someone on the phone who knows their ass from a hole in the ground, they're usually relieved to hear you're using one since they make troubleshooting much easier.

I've heard stories about people with default installations of cable company software who are able to open "Network Neighborhood" and actually see all their neighbors' computers. Microsoft has a habit of establishing dumb names for special directories ("My Documents", "My Received Files", "My Music", "My Network Places", etc.) but in this case they chose a term that was right on target!

Re:Actually it is called Linksys

[jon+doh!]

i usually have a windows box around that i can throw on the outside of my firewall when there are difficulties connecting. that way i can 1) see if the problem is the firewall (it never is), and 2) truthfully tell the "tech support" person that i've rebooted, yes, i'm running windows, no the connection still isn't up. then they tell me they'll start a ticket, and i get my connection back eventually.

Re:Actually it is called Linksys

O/T, but oh well, I'll AC.

Most users won't need to remote admin their firewalls, so when I set somebody else up (and they don't have a wireless lan), I leave the router default on and remote admin off. Easier for me, easier for any other help they get. More secure than having any password remotely accessible.

Also, the parent post is the only freaking answer to the question, which was "How do I leave Messenger on and still avoid pop-ups from the outside world?" For those who care, the specific ports are 135, and 137-139. 135 is used by most of these outside pop-ups.

Re:Actually it is called Linksys

Linksys isn't bad, but their routers aren't stateful. Netgear has basically the same solution, but (in my experience at least) more stable _and_ has the added bonus of stateful packet inspection. Their "websafe" cable/dsl router should do the job and has a little 4 port switch built in.

Or you could build your own firewall out of an old junker PC and Linux or *BSD, but that might be a little more effort than you're up for. :)

Re:Actually it is called Linksys

aggreed. unless of course you're utterly lazy and can't keep up with all the port numbers for games/voice-chat/etc. and have put yourself in the dmz

NOT NetBIOS, but RPC

[mhesseltine]

The Messenger service sends and recieves messages not using the NetBIOS protocol, but RPC. Therefore, you need to block port 135 to stop the messenger.

As many others have said, you could also just turn the service off. I haven't seen anyone mention Black Viper as a resource for explaining what could be shut off and how to do it.

Running XP? Just turn on Connection firewall

In XP there's a networking preference dialog that lets you enable "Internet Connection Firewall". Enable it (which is the default, no?) and all the Messenger spam will disappear. Enjoy.

rpc blocked too

[Ender+Ryan]

I am testing it right now, port 135 is blocked. Nothing goes in or out of our network on port 135. This is freakin weird, I got no idea wtf is going on here. Guess I'm gonna have to do some sniffin to figure this out.

Re:rpc blocked too

[jonadab]

Couple of things to check:

1. Are you talking about 135 TCP or 135 UDP? I don't happen to
know which one it should be.

2. Could the stuff be coming from inside the firewall?

I've never had any MSN spam

And I run MSN 100% of the time, both at work and at home. Set up your firewall rules correctly, or turn off your messenger service...

I don't see this as any issue. It's like saying that spam is an issue with Microsoft Outlook.

Re:THANK YOU MR. ELECTED PRESIDENT

[GnarlyNome]

Although I agree with most of what you say, you seem to be having a problem presenting it The Libertarian way is not attractive to most people because
1. They are products of the Public Education System
2. Most people will follow anyone who says "I Know THE Answer. and
3. people(as Indivudals )are great but People(as populations)are no good shits.
4. Liberals and Conservitives are both into reducing your freedoms

Microsoft may have different plans for you...

[Futurepower(R)]

Yes, except that the next Windows update may add it back without telling you.

Re:Microsoft may have different plans for you...

[duffbeer703]

I've never seen windows update automagically add protocols to your TCP/IP configuration.

My guess is that you are thinking of NetBEUI.

[Futurepower(R)]

My guess is that you are thinking of NetBEUI. This is NetBIOS, a feature of the TCP/IP protocol.

Windows NET SEND saga

[rakerman]

NET SEND on Windows

This was also asked before and before that and before before that. And if you search Slashdot on "messenger", many other times besides those three.

Just block the ports...

[IcephishCR]

they should be blocked anyway....135,137-139,445...then the yall go away...