Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

application popup tracking

Status
Not open for further replies.
Ovatvvon

Ovatvvon

Programmer
Joined
Feb 1, 2001
Messages
1,514
Location
US
I made some posts regarding this issue a couple weeks ago, but I never really got an answer to this questions:

How can I find out what the IP address is of the sender of this new style of SPAM being sent via Messenger Service? It's not available in the Event Viewer.


Example:
-----------------------------
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 11/6/2002
Time: 6:27:45 PM
User: N/A
Computer: XXXXXXXXXX
Description:
Application popup: Messenger Service : Message from CXX49 to XXX.XXX.XXX.XXX on 11/6/2002 6:27:45 PM

CONGRATULATIONS YOUR A WINNER !

You won a vacation for two.

Just complete the special finalists' registration
form and be sure to include your Confirmation Number:

Confirmation Number: H-9312D

-Ovatvvon :-Q
 
Sort by date Sort by votes
You could do a netstat right after you see the message and try to find it that way. Depending on how they are sending the message you would see connections on UDP ports 137, 138, or TCP ports 135, 139, 445

Only other way I can think of is with some kind of firewall. I use RedHat linux with iptables myself. With that, I can log access to certain ports. You could probably use something as simple as ZoneAlarm to find the source IP address. Either way, you should have some kind of firewall.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iCDT
  • Locked
  • Question Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
432
hairlessupportmonkey
hairlessupportmonkey
lecombs1950
  • Locked
  • Question Question
PKI and Client server application
Replies
0
Views
255
lecombs1950
lecombs1950
lameid
  • Locked
  • Question Question
Remote Desktop Services - No Domain - Some desktop and Some Application
Replies
0
Views
246
lameid
lameid
NoCalAdmin
  • Locked
  • Question Question
alterntate application to dumpsec
Replies
0
Views
194
NoCalAdmin
NoCalAdmin
Mighty
  • Locked
  • Question Question
Setup Multi-Threaded ASP Application
Replies
0
Views
210
Mighty
Mighty

Part and Inventory Search

Sponsor

Back
Top