someone unknown sending spam from my id address

TheMSsForum.com: The Microsoft Software Forum

I was recently contacted by Road Runner because someone
got into my computer from the internet and was using my ip
address to send spam. I've added a firewall and have it
set so that I have to permit or deny any access to or from
my computer. I get two messages (every minute!) that I
can't find information on. Following is the Incoming
Message Alert!from Kerio firewall software:

"Someone from 192.168.1.1, port 1901 wants to send UDP
datagram to port 1900 owned by 'SSDP Service on Windows
Millennium' on your computer"

Details about application: c:\windows\system\ssdpsrv.exe

Can someone tell me what legitimate program might be
needing this access? I do not host a site on my computer.
I have high speed internet access through Time Warner/Road
Runner. I don't file share with anyone and only have one
computer connected.
Top

Re: someone unknown sending spam from my id address by Kent

Kent
Sat Jun 28 11:47:10 CDT 2003

That is related to Universal Plug and Play. You might want that on your
local network if you are using a UPnP DSL/cable router. Otherwise you
can disable the SSDP service using services.msc on Windows XP.

You want some process sending on smtp port 25/tcp.

--
Kent W. England, Microsoft MVP for Windows



"Pat August" <paugust@kc.rr.com> wrote in
message news:07cb01c33d93$a2e26a20$a501280a@phx.gbl...

> I was recently contacted by Road Runner because someone
> got into my computer from the internet and was using my ip
> address to send spam. I've added a firewall and have it
> set so that I have to permit or deny any access to or from
> my computer. I get two messages (every minute!) that I
> can't find information on. Following is the Incoming
> Message Alert!from Kerio firewall software:
>
> "Someone from 192.168.1.1, port 1901 wants to send UDP
> datagram to port 1900 owned by 'SSDP Service on Windows
> Millennium' on your computer"
>
> Details about application: c:\windows\system\ssdpsrv.exe
>
> Can someone tell me what legitimate program might be
> needing this access? I do not host a site on my computer.
> I have high speed internet access through Time Warner/Road
> Runner. I don't file share with anyone and only have one
> computer connected.

Top

Re: someone unknown sending spam from my id address by Pat

Pat
Sat Jun 28 13:05:09 CDT 2003

Help me understand why I want some process sending on smtp
port 25/tcp. Do I need it to get to web sites, send
mail? What process should I try to find to run on port
25. The Kerio software isn't showing anything on a port
numbered 25. Appreciate your help, PA
>-----Original Message-----
>That is related to Universal Plug and Play. You might
want that on your
>local network if you are using a UPnP DSL/cable router.
Otherwise you
>can disable the SSDP service using services.msc on
Windows XP.
>
>You want some process sending on smtp port 25/tcp.
>
>--
>Kent W. England, Microsoft MVP for Windows
>
>
>
>"Pat August" <paugust@kc.rr.com> wrote in
>message news:07cb01c33d93$a2e26a20$a501280a@phx.gbl...
>
>> I was recently contacted by Road Runner because someone
>> got into my computer from the internet and was using my
ip
>> address to send spam. I've added a firewall and have it
>> set so that I have to permit or deny any access to or
from
>> my computer. I get two messages (every minute!) that I
>> can't find information on. Following is the Incoming
>> Message Alert!from Kerio firewall software:
>>
>> "Someone from 192.168.1.1, port 1901 wants to send UDP
>> datagram to port 1900 owned by 'SSDP Service on Windows
>> Millennium' on your computer"
>>
>> Details about application: c:\windows\system\ssdpsrv.exe
>>
>> Can someone tell me what legitimate program might be
>> needing this access? I do not host a site on my
computer.
>> I have high speed internet access through Time
Warner/Road
>> Runner. I don't file share with anyone and only have
one
>> computer connected.
>
>.
>
Top

Re: someone unknown sending spam from my id address by John

John
Sat Jun 28 14:07:55 CDT 2003

"Pat August" <paugust@kc.rr.com> wrote in message
news:07cb01c33d93$a2e26a20$a501280a@phx.gbl...
> I was recently contacted by Road Runner because someone
> got into my computer from the internet and was using my ip
> address to send spam. I've added a firewall and have it
> set so that I have to permit or deny any access to or from
snip...

Assuming the RR is right and have actually IDed the IP correctly and haven't
just reacted to a forged mail header it might be something as simple as some
piece of malware that has taken up residence on your system and is sending
mail. Have you run Spyware S&D and Lavasoft AdAware on your system? Do you
have an anti-virus program and keep it updated?
--
John McGaw
[Knoxville, TN, USA]

Return address will not work. Please
reply in group or through my website:
http://johnmcgaw.com

Top

Re: someone unknown sending spam from my id address by YK

YK
Sat Jun 28 15:56:17 CDT 2003

Pat August wrote:
> I was recently contacted by Road Runner because someone
> got into my computer from the internet and was using my ip
> address to send spam. I've added a firewall and have it
> set so that I have to permit or deny any access to or from
> my computer. I get two messages (every minute!) that I
> can't find information on. Following is the Incoming
> Message Alert!from Kerio firewall software:
>
> "Someone from 192.168.1.1, port 1901 wants to send UDP
> datagram to port 1900 owned by 'SSDP Service on Windows
> Millennium' on your computer"
>
> Details about application: c:\windows\system\ssdpsrv.exe
>
> Can someone tell me what legitimate program might be
> needing this access? I do not host a site on my computer.
> I have high speed internet access through Time Warner/Road
> Runner. I don't file share with anyone and only have one
> computer connected.

Pat, below are some great references:
http://www.3feetunder.com/krick/startup/list.html <== lists many startup
applications
http://grc.com/freepopular.htm look for UnPlug...
http://www.tomcoyote.org/hjt/ Hijack help

Top

Re: someone unknown sending spam from my id address by Pat

Pat
Sat Jun 28 21:26:57 CDT 2003

Now I'm running E Trust EZ armor, before Road Runner
contacted me, I had an old version of McAfee. I believed
someone had gotten on my computer because it was running
VERY slow and connections were constantly timing out. EZ
Armor found 6 infected files and cleaned them. I
downloaded all the updates from Microsoft to make sure I
have the latest security updates. The worry I have now is
that I'm not sure what to permit and deny through the
firewall. How do I find out what IPs I should allow to
connect and what I should deny? I appreciate any advice
you have. I am going to find and run Spyware S&D and
Lavasoft AdAware, you suggested.
>-----Original Message-----
>"Pat August" <paugust@kc.rr.com> wrote in message
>news:07cb01c33d93$a2e26a20$a501280a@phx.gbl...
>> I was recently contacted by Road Runner because someone
>> got into my computer from the internet and was using my
ip
>> address to send spam. I've added a firewall and have it
>> set so that I have to permit or deny any access to or
from
>snip...
>
>Assuming the RR is right and have actually IDed the IP
correctly and haven't
>just reacted to a forged mail header it might be
something as simple as some
>piece of malware that has taken up residence on your
system and is sending
>mail. Have you run Spyware S&D and Lavasoft AdAware on
your system? Do you
>have an anti-virus program and keep it updated?
>--
>John McGaw
>[Knoxville, TN, USA]
>
>Return address will not work. Please
>reply in group or through my website:
>http://johnmcgaw.com
>
>.
>
Top

Re: someone unknown sending spam from my id address by David

David
Sun Jun 29 07:19:25 CDT 2003

unless you are running a server you should allow nothing to connect in to
you from the internet. going out you should only allow programs that you
know need access, your web browser and mail client are two common ones.

"Pat" <paugust@kc.rr.com> wrote in message
news:173a01c33de5$e9cf54f0$a601280a@phx.gbl...
> Now I'm running E Trust EZ armor, before Road Runner
> contacted me, I had an old version of McAfee. I believed
> someone had gotten on my computer because it was running
> VERY slow and connections were constantly timing out. EZ
> Armor found 6 infected files and cleaned them. I
> downloaded all the updates from Microsoft to make sure I
> have the latest security updates. The worry I have now is
> that I'm not sure what to permit and deny through the
> firewall. How do I find out what IPs I should allow to
> connect and what I should deny? I appreciate any advice
> you have. I am going to find and run Spyware S&D and
> Lavasoft AdAware, you suggested.
> >-----Original Message-----
> >"Pat August" <paugust@kc.rr.com> wrote in message
> >news:07cb01c33d93$a2e26a20$a501280a@phx.gbl...
> >> I was recently contacted by Road Runner because someone
> >> got into my computer from the internet and was using my
> ip
> >> address to send spam. I've added a firewall and have it
> >> set so that I have to permit or deny any access to or
> from
> >snip...
> >
> >Assuming the RR is right and have actually IDed the IP
> correctly and haven't
> >just reacted to a forged mail header it might be
> something as simple as some
> >piece of malware that has taken up residence on your
> system and is sending
> >mail. Have you run Spyware S&D and Lavasoft AdAware on
> your system? Do you
> >have an anti-virus program and keep it updated?
> >--
> >John McGaw
> >[Knoxville, TN, USA]
> >
> >Return address will not work. Please
> >reply in group or through my website:
> >http://johnmcgaw.com
> >
> >.
> >


Top