Remember the Windows Messenger spam that I received, and thought I had dealt with by configuring my network to not accept any Internet traffic from the outside world on the relevant ports? Alas, I was wrong; I received another batch of annoying popup dialog boxes a few days ago. Perplexed, I was — my network fix should have prevented this!

My daily read of Heather, though, led me to Wired’s discovery of the newest method of pissing people off, which shed some light on the situation: the popups somehow use port 135, not the traditional ports 137 through 139. Newly vested with the information, my router should finally be all set to repel this odious form of spam…


This tool works good to block these messenger Spams. WhiteLid i don’t know how this tool blocks the spam, but it works!?!?


• Posted by: Chris on Oct 20, 2002, 11:23 AM

Chris, it seems that WhiteLid works by turning off the Messenger service. Yep, that’s right — you’re paying $20 so that <sarcasm>you don’t have to go through the terrible ordeal of opening the Services control panel, finding the Messenger service, and disabling it yourself</sarcasm>…

(And for me, turning off the Messenger service isn’t a great thing to do, since there are a few network services running on my network that use it, like backups and uninterruptible power sources.)

• Posted by: Jason on Oct 20, 2002, 10:37 PM

This is a good example of why most firewall experts recommend you start by denying everything and then specifically enable services you intend to provide.

We have an interesting study in contrasts at work over this - our department used the default-deny approach while everyone else is blocking things as soon as they become problems. They’re burning a ton of time playing whack-the-mole like this and dealing with the inevitable compromises; we haven’t had to touch our firewall rules since we set it up.

• Posted by: Chris Adams on Oct 20, 2002, 10:46 PM

The REALLY annoying thing to the average user, who knows NOT how to turn off thier messenger service in my opinion is this: One of the TOP offenders of the MS messenger service popup spam IS WhiteLid!

• Posted by: RJ on Dec 9, 2002, 10:56 AM

oh and btw, the service Chris is talking about is located in the Win2k system under Administrative Tools. Inside there the service is listed simply as Messenger. You may have to make the Administrative Tools portion visible in your start menu via Settings, Taskbar & Start Menu, then click on the Advanced tab. At the bottom of that little panel you will see lots of check boxes unchecked. Go check them out, some useful stuff there MS left off as default. Hope this helps some people… =)

• Posted by: RJ on Dec 9, 2002, 11:04 AM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!