Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Messenger Disabled But Firewall Keeps Blocking Constant Incoming To Upd Port 1026, 1027


  • Please log in to reply
9 replies to this topic

#1 tthadish

tthadish

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 10 August 2006 - 11:29 PM

Not sure what to do, since all the guidance on the internet says that to resolve,
disable Windows Messenger, but it's already disabled. Running Windows XP Home edition.

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:06 AM

Posted 10 August 2006 - 11:40 PM

Are you getting warnings from your firewall? or ?

#3 tthadish

tthadish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 10 August 2006 - 11:48 PM

Yes, I'm getting warnings from ZoneAlarm.

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:06 AM

Posted 10 August 2006 - 11:59 PM

Spammers have figured out how to send spam with it taking advantage of exploits on your computer.
What you describes sounds like
Windows Messenger Spam
To block the spam is to turn off Messenger Service.
To do that:
--In Windows XP, click Start>>Control Panel
--In Windows 2000, click Start>>Settings>>Control Panel
In both versions:
--Double click Administrative Tools
--Double click Services
--Double click Messenger
--Under Service Status, click Stop
--In the box next to Startup Type, select Disabled
--Click Apply>>OK

Alternatively, you can download a small program that will disable Messenger Service called “Shoot The Messenger” which is available at
http://www.grc.com/freepopular.htm
Download and run “Shoot The Messenger”

If ZA keeps sending alerts put a check mark in do not show this again.

#5 tthadish

tthadish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 11 August 2006 - 10:59 PM

Thanks for the advice, but I'm gonna refer you to the subject of my original posting...
Windows Messenger is already disabled. I already researched this and checked
that it's disabled before I posted the question...is there a possibility it could be anything else?

Is there something I need to do to make the ports more secure....? Or is there
some kind of freeware that would help me with this? This type of thing is outta my league.

Thanks.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:06 AM

Posted 12 August 2006 - 12:43 AM

Can you identify the IP's that the probes are coming from? These probes might not even be related to Windows Messenger. I frequently get probes at those ports, and I've never used or enabled windows messenger.

Here is an example of the information Smart Defense/ZoneAlarm provides me after such a probe:

ZoneAlarm Security Suite has blocked access to port 1026 on your computer
ZoneAlarm Security Suite has successfully stopped local network or Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe.

What happened?

ZoneAlarm Security Suite blocked traffic to port 1026 on your machine from port 38534 on a remote computer whose IP address is 204.16.208.114. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise.

Should I be concerned?

This alert should not be a cause for concern. ZoneAlarm Security Suite has protected your machine according to the firewall settings you have selected.

What should I do?

You do not need to do anything about this alert unless one of your programs is not functioning correctly or is unable to complete a task. In that case, you can temporarily lower your security level to medium to allow traffic to reach your computer. . Additional Program configuration options can be found in the help files.


And also:

The most common cause of this alert is that ZoneAlarm Security Suite may not be configured properly to allow traffic through the firewall. Please refer to the help files for information on configuring programs to function correctly with ZoneAlarm Security Suite. Possible explanations for the alert include:

* The communication may have been a legitimate attempt by your ISP, a mail server, or another service attempting to authenticate your IP address or host name.
* The ZoneAlarm Security Suite Internet Lock may be engaged
* There may be excessive network congestion or other network problems that prevent information from being transmitted completely and correctly.


Check the IP's of your server, ISP etc. and make sure they are in the trusted arena for their legitimate communications. Everything else stays blocked. It seems to me, that you don't need to be worried. ZoneAlarm is blocking the probes, and they are coming from OUTSIDE not INSIDE; unless there has been outgoing stuff ZoneAlarm has been blocking that you suspect may have sent for this incoming stuff.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:06 AM

Posted 12 August 2006 - 09:50 AM

It is common and normal for your ISP to ping you.
As OrangeBlossom suggested, check the IPs and then set ZA (which is keeping those blocked) to not issue alerts for thos specific IPS if they are legitimate.

As long as ZA blocks them you have no security risk regardless of where they are coming from.

How are you connected to the internet - direct broadband modem to your computer?
A router or hardware firewall may eliminate your visability on the internet if you are concerned.

Try Shields Up which will scan your computer for open ports and other security exploits:
https://www.grc.com/x/ne.dll?bh0bkyd2

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:06 AM

Posted 12 August 2006 - 01:39 PM

You can block the incoming UDP ports in your router or in your firewall . Keep a close eye on your programs tho' - just in case it's a legitimate app that needs it.

ID'ing the IP address that they're coming from is the key to determining if they're bad stuff, harmless stuff, or stuff that you want to allow.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 tthadish

tthadish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 14 August 2006 - 05:21 PM

Orange Blossom - as you advised, I looked up some of the IPs trying to send probes to my computer. Several were from "Fast Colocation Services", like the example you gave below, as well as other info. gathering websites from foreign countries. At least ZA is blocking all of these, so it gives me greater comfort.

Enthusiast - thanks for the referral to the Shields Up website...very cool tool. Only weakness in my system is that my computer responded to the ping sent by the Shields Up program, but ZA blocked all the incoming from that program anyway...if I wanted to pay for the ZA Pro version, it would solve this...since the free version of ZA seems to be very effective at blocking illegitimate incoming probes.

usasma - I'll look at the ZoneAlarm logs occasionally to check the IP addresses the incoming messages are coming from.

Thanks for all the suggestions, people...it's very helpful for a novice like me. :thumbsup:

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:06 AM

Posted 14 August 2006 - 05:53 PM

You're welcome, and :thumbsup:

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users