Direct Advertiser and net send - evil!

[soltrain]

This seems like a pretty new development to me, and as usual, I'm shocked by how what advertisers will achieve just to bombard you with more crap any way they can. Companies now use the 'net send' command in Win 2k flavors (not sure about 98) to send you authentic looking messages that appear in a dialog box independent of your browser. Yesterday I recieved one from 'BIGOPPORTUNITIES4U.com', and now I pick them up a couple times a week. The companies use programs like directadvertiser for the mass 'net send' commands, and just input your IP address and message. I'm sure you can block the specific messaging port, or shut down the service, I just want to know how they get the net send request to travel across routers and subnets. I know you can use net send on the same subnet, but when I tried sending a message to the IP I picked up off of netstat (when I recieved the message), I got a 'the message alias could not be found on the network'.

Does anyone know how they do it?

 

[randal]

good question. I don't know, but I'll hazard a guess -- maybe they have their server setup to have a huge network mask, like say ... 0.0.0.0 ... with this sort of network, maybe win2k would think that every node on the internet is local, and hence, able to be net messaged. I'll try this out at work and give it a shot.

randal

 

[randal]

yep, just tested it here at work and successfully used net send to send a message from 209.12.107.x to 209.12.9.x with a mask of 255.255.0.0 (all of 209.12.x.x being local). When I changed my mask to 255.255.255.0, it would not send (this would be across networks).

Cheers,
randal

 

[DJP]

yeah it looks like you can just set your netmask appropriately and net send away. not really a problem though- one can just disable the messenger service or get a firewall (how about zonealarm) and let it block port 18 (on nt) and 139 (2k/xp)

 

[soltrain]

hmm.. so you can just change your netmask to something huge, and thus trick windows. Deep... so that's how they do it.

Although... how would you make your netmask so large and keep your internet connection going? wouldn't your network settings be incorrect to connect to your ISP? A netmask like 255.255.0.0 would signify some 65,000 hosts right?

 

[randal]

well, yes, but nobody else recognizes that you are part of their network -- the ISP thinks that you only have your little section of the internet, as do the ISP's routers -- no matter what your windoze machine may be telling everyone. As long as the gateway is correct, packets will head on out to their destination. The subnet changing trick is used to fool *only* windows -- the limitation is built into the "net send" code, not networking in general.

i.e. net send checks to see if the recipient is on a local network. if not, it says it can't reach it. if windows thinks it's on *every* network in the world, then all 4+ billion hosts magically become local, and net send will work to any of them.

cheers,
randal

 

[ProviaFan]

Ugh, I just had one of these on my Win2k pro "router" system when I woke up. :|

I guess this is yet another weird, unusual, and annoying ad that I must explain to mom how to get rid of if it pops up while she's browsing (my current <sarcasm>favorite</sarcasm> is the kind of ad that appears as an <img> in the browser, but appears to be a real window; both my dad and she try to "close" them, and end up with a buttload of more popups). :disgust: