[Operators] msn virus hitting transports?

Fabio Forno fabio.forno at gmail.com
Sun Mar 15 12:45:04 CDT 2009


Hi, I've recently noticed any insane amount of traffic in the python
msn transport. After a quick investigation I've discovered that it is
due to some msn client continuously sending invite packets like the
following one, appearing a virus trying to send some file:

INVITE MSNMSGR:gscotti at me.com MSNSLP/1.0
To: <msnmsgr:gscotti at me.com>
From: <msnmsgr:sonia.scotti at terra.com.br>
Via: MSNSLP/1.0/TLP ;branch={D1245860-8EDC-490C-902F-ADF51436A712}
CSeq: 0
Call-ID: {553C514F-9F1A-533A-68C0-574C3B665BEF}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-transrespbody
Content-Length: 30029

Listening: true
NeedConnectingEndpointInfo: true
Conn-Type: Port-Restrict-NAT
TCP-Conn-Type: Symmetric-NAT
IPv6-global:
UPnPNat: false
Capabilities-Flags: 1
IPv4External-Addrs: 201.41.41.98
IPv4External-Port: 63649
IPv4Internal-Addrs: 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
192.168.0.100 192.16....
091.121.143.160.60615-207.046.026.096.01863: MSG 235 D 549
MIME-Version: 1.0
Content-Type: application/x-msnmsgrp2p
P2P-Dest: sonia.scotti at terra.com.br


Has anybody noticed the same problem? Any idea about how blocking this
annoyance? (I was thinking of tinkering the msn gateway and throttle
or drop the connection, but perhaps there is something faster)

-- 
Fabio Forno, Ph.D.
Bluendo srl http://www.bluendo.com
jabber id: ff at jabber.bluendo.com


More information about the Operators mailing list