Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Messenger advertisements are annoying

  1. #1
    Junior Member
    Join Date
    Mar 2003
    Posts
    4

    Question Messenger advertisements are annoying

    After reading the newbie guidelines and tutorials I’m a bit paranoid to ask my first question.

    Well here goes: -

    It’s about spamming programs that use the net send command: -

    Is it possible to find out the ip address from the sender or am I missing something obvious?

    I know you can disable the messenger service to stop these but that’s not the point. I can’t seem to find any info about tracing the ip from the source. On the message it only displays the ‘so called’ host name and message. I am trying to find out the ip of the source. I believe there are programs out there that manage mass messaging, that are supposed to give out a bogus pc id and ip. Although there are quite a few arguments in the forums about anonymity on the internet most that I have read say tracing is always possible.

    There seem so many different network monitoring tools out there. Can someone recommend a good one for me to start with?

    Thanks in advance.
    Stay cool, hang loose and admit nothing

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    117
    Why not log all incoming on port 139?
    there are a lot of programs wich displays/log what and when, when it comes to ports...
    Active Ports, does not have a log, but displays nice stats
    .sig - There never was a .sig?
    I own a Schneider EuroPC with MS-Dos 3.3 and it works.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    yes it is possible to trace if you have something to go on and like Vigge said there are many programs out their that log traffic. its also a fact that you should have a firewall. so get something like zonealarm.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    18
    I would say that you are best off to just uninstall MSN Messenger.

    If you are running Windows XP, Messenger can be easily uninstalled by running the following command, from Start and then Run:


    RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msmsgs.inf,BLC.Remove

    You will also need to disable the Messenger Service.
    You may also want to refer to the following website:

    Stop Messenger Spam, windows MSN pop-up spam

  5. #5
    Junior Member
    Join Date
    Mar 2003
    Posts
    29
    Would using Trillian help?

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    117
    This isnt about MSN Messenger, this has to do with the Net Send (Alerter) command on windows systems.
    Example: c:\net send ip-addy message.


    .sig - There never was a .sig?
    I own a Schneider EuroPC with MS-Dos 3.3 and it works.

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    786

    I had something similar happen to my school...

    shot_gun_stu: Logging port 139 is the only way I know. But there is just one problem with doing so... If you are on a LAN (like school), there is a LOT of legitimate traffic on port 139...along with all of the other ports, normal broadcast messages, etc...

    Just recently, my school was "bombed" with these messages. The person who did so had the nerve to use part of the name of one of the web-servers on the LAN to throw everyone off. After that, I had Ethereal setup, but at first it was logging ALL incomming data. I had 100+ packets a second - obviously not something that would make it easy to search through a week later when it might happen again. I was later able to get it to log port 139 data, but I still had to deal with about a packet a minute. The computer was on for several days, and no other messages were tracked. However, I had about 5,000+ packets that were to port 139. Luckily, filtering came in handy to only show the net-send messages (there were none).

    You might think that using Ethereal to find these and get the IP are handy, but there is on major problem on a LAN like schools, etc... It eats up a LOT of power, and eventually HDD space if not configured properly. I typically had 10-20% CPU power used by Ethereal on my webserver (whose partial name was used) and it was a P4 1.6GHz system, but with 128MB RAM... Even with all of that..., I have NOT found out who sent the message because I wasn't prepared for it before-hand... And there haven't been many messages after that, so I stopped using my time to search for them.

    I hope that helps sheds some insight...


    -Tim_axe

  8. #8
    Junior Member
    Join Date
    Mar 2003
    Posts
    4
    Many thanks for your replies.

    Vigge, tried the Active Ports and liked it, thanks.

    Tedob1, I had Zone Alarm but had problems with my internet connection sharing on my LAN (even when closed). I’m currently using the Internet Connection Firewall that comes with xp. Not to sure how it compares to Zone Alarm though.

    Tim_axe. I think I’ll try Ethereal as I’m only running a small LAN.

    I’ll be honest with you, I need to read up a bit more about ports and the services that run on them, so if anyone can recommend a good tutorial
    Stay cool, hang loose and admit nothing

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    This thread has run its course and I am coming late to the party, but I wanted to put my $.02 in. I agree that one of the easiest things to do would be to disable the Messenger Service if you have no need for it or block port 139 if you are only looking to stop the pop-up messages. One of the selling points to the spammers is the ability to send spam messages to you while remaining "virtually" untraceable. But, you can set up some sort of filter or logging to log traffic incoming on port 139 to try and identify the source.

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Hmmm, I would suggest reading the logs on the machine, they would include the sender's ip or host name. After that you do want to capture traffic on your network, but your can keep it simple by filtering traffic to the specific protocol or port number.


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •