I talked about NET SEND SPAM and methods to stop it later. Now it is the time to fight back.
Who sent the spam?
“What is the IP address of the spammer?” You probably eager to know. Well. It is not easy. It is almost impossible to get the IP address of the sender. If you are very technical and want to know more about the details, please read this article first.
Install a firewall
A better way than shutting down the Messenger service is to install a firewall. By install a firewall, you gain the follow benifit.
- You eliminate NET SEND SPAM and other kind of attack and virus.
- You log the IP address of all attackers so you can take actions to fight back.
There are handful of great personal firewall software available. If you are using Windows XP, you already have a firewall installed. It is called Windows Internet Connection Firewall (a.k.a. ICF). You only need to follow these steps to enabled it.
To enable or disable Internet Connection Firewall
- Open Network Connections (Click Start, click Control Panel, and then doubleclick Network Connections.)
- Click the Dialup, LAN or HighSpeed Internet connection that you want to protect, and then, under Network Tasks, click Change settings of this connection.
- On the Advanced tab, under Internet Connection Firewall, select one of the following:
- To enable Internet Connection Firewall (ICF), select
the Protect my computer and network by limiting or preventing access to
this computer from the Internet check box.
- To disable Internet Connection Firewall, clear the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. This disables the firewall, your computer and network are then vulnerable to intrusions.
Source: Use the Internet Connection Firewall to Secure Your Small Network
Enable Firewall logging
This is a good article on how to enable firewall logging. After you enable the logging, you keep the record of all attack to your server.
Analysis the report
On of the easy way is to utilize myNetWatchMan. Follow the steps to register and download an agent. The agent will check the log file on your computer and send the attack information to the server. After aggregating all the report from many agents (about 5000+ currently), it will send abuse compliane to the network owner, thus prevent futher spam.
You can also check for yourselves. Here is an sample from my personal firewall log:
2002-11-08 21:38:25 DROP UDP 18.104.22.168 22.214.171.124 1026 137 78 - - - - - - -
If you find a lot DROP lines from a source while it indicates port is UDP 137, it seems like a spam.
Use this command in Command line (replace the IP address with the IP you saw in your log file
NBTSTAT -a 126.96.36.199
You will get return like this:
Node IpAddress: [188.8.131.52] Scope Id: 
NetBIOS Remote Machine Name Table
Name Type Status
SPAM-01 <00> UNIQUE Registered
SPAM <00> GROUP Registered
SPAM-01 <20> UNIQUE Registered
SPAM <1E> GROUP Registered
MAC Address = 00-10-A4-BB-E2-C3
Note the last line: it is the MAC address of the spammer. MAC address is the serial number of a Network Interface card. It is burnt into the chip and cannot be changed. Unfortunately, there is no reliable way to narrow down to certain geographic location from IP address. But by know the MAC address, it is very solid evidence that the package is sent out from the computer of the MAC address owner.
We need more
The topic of NET SEND SPAM never stops. I will fine tune this article and replace some general concept to some resources and steps. I believe we need to unite to fight back to NET SEND SPAM.
you can change the mac address of your card in windows, goto network properties and advanced and change it.
I didn’t know we can change MAC address. I checked on the net. It is true.
Here is some resource:
How can I change my media access control (MAC) address under Windows
What is MAC Address:
Find manufature from MAC Address:
go to the shit, danmit.
There is a simpler way to fix this:
Right click on “My Computer”
-double-click “services and applications”
-right click “messenger”
i would like to get a weekly update
Or another way is to open up CMD and type in net stop messenger
Dainel, thanks for your contribution.
OMG! Thankyou so very much for this article! I received 2 netsend spams for the first time today. I’m now ready to fight back if the idiot decides to spam my ip again!
`net stop messenger` only hides the problems. It does not cure the problem. In fact messenger spam is good because it tell you (indirectly) that you should be running a firewall on your computer!
There are other ways of useing net send besides spam, it could be used to send a general warning over a large network, a quick way to send a short message, or like my friends use it, to annoy the heck out of any one they can get a IP adress for(We do this as a joke amognset selves at Lan partys). So this like many other functions was not made to do this, bu like e-mail, it is used for these perposes.
you could simply turn off NETSEND on your computer :)
START > PROPERTIES > CONTROLPANEL > ADMINISTRATOR > SERVICES (cant remember which service it is though.)
hi i want that how can i see IP adress of my chat friend and how can i send them mesg from IP adress plz tell me .bye
what the f**k just happened here. Besides, wtf is via mail
i talk like this
from here on
plz ansewer soon
There is also a scenario, where the corporate pc will not have admin rights. where stopping the service is not possible.
wen i wont 2 sing in msn it wont let me bec somethin 2 do wid the net work can u tell me how 2 sign in wid out dat comin up and can u sign me in its sexy_bitch_cleo’hotmail.co.uk plez get me 2 sign in bec all my m8ts hav msn and i carnt talk 2 dem bec i carnt sign in so plez help me
There is simplest way for it. It is not must you should turn off the messenger service, might you need it for some other tasks. I mean if you are using it with other friends. Simply visit the web site and find the website ip address by typing “netstat -n” at command prompt. And simply block that IP from your firewall.
If you need more please let me know by email.
jou are so male hahahahah
my outlook send this message [***SPAM*** Score/Req: 07.20/05.00] how to stop