We've been getting some windows messenger spam - it's breaking thru our firewall to attack one of machines with a public IP.
We are blocking ports 135-139 tcp and udp. we are also blocking 1025-1029 udp.
what additional ports should we block?
It looks like the messenger spammers have found and are using another porthole.
Note: Disabling window messenger is not an option.