Re: Kazaa?

["KoRe MeLtDoWn" <koremeltdown () hotmail com>]

Hey there Christian,
The activity you are experiencing on your firewall is normal when running 
Kazaa.
This is due to the fact that Kazaa uses port 1214 as one of its operation 
ports, and causes firewalls to pick up and log its activity as scanning - 
there are two situations where this Kazaa activity would be logged by your 
firewall, these are:
When your son attempts to download a file off another Kazaa user, a 
connection is made - some firewalls constitute this as a port scan.
OR ALTERNATIVELY
When another Kazaa user attempts to download locally stored files off your 
machine, a connection is also made in this situation and is classed as a 
port scan.

I hope this helps you understand what is going on, he isn't doing anything 
malicious it is just how Kazaa works and how many firewalls react to its 
activity.

Regards,

Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/

New Zealand

Is your box REALLY secure?


> From: Christian Simatos <christiansimatos () freesurf fr>
> Reply-To: Christian Simatos <christiansimatos () freesurf fr>
> To: security-basics () securityfocus com
> Subject: Kazaa?
> Date: Fri, 11 Oct 2002 13:52:37 +0200
> MIME-Version: 1.0
> Received: from outgoing.securityfocus.com ([205.206.231.26]) by 
> mc3-f21.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 11 
> Oct 2002 12:41:09 -0700
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid 
> CC51B8F57D; Fri, 11 Oct 2002 12:26:21 -0600 (MDT)
> Received: (qmail 12560 invoked from network); 11 Oct 2002 18:49:55 -0000
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> X-Mailer: The Bat! (v1.60q) Personal
> Organization: cs
> X-Priority: 3 (Normal)
> Message-ID: <3679787808.20021011135237 () freesurf fr>
> In-Reply-To: <20021010154441.7355.qmail () mail securityfocus com>
> References: <20021010154441.7355.qmail () mail securityfocus com>
> Return-Path: 
> security-basics-return-15130-koremeltdown=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 11 Oct 2002 19:41:11.0262 (UTC) 
> FILETIME=[26DC1FE0:01C2715E]
>
> Hello,
>
> My son has installed Kazaa on his pc.
>
> My personal antivirus is reporting that kazaa (I suppose because it's port
> 1214) is scanning my own PC from ports which increase regularly.
> I googled to try and find information, but I have not found this behavior
> described.
> - Can anyone help me?
> - Is it the normal Kazaa behavior?
> - Can I prevent it? (other than de-install kazaa)
>
> FWIN,2002/10/11,12:33:21 +2:00 GMT,192.168.0.3:1031,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1054,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1055,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1056,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1064,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1065,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1066,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1067,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:18 +2:00 GMT,192.168.0.3:1071,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:35 +2:00 GMT,192.168.0.3:1078,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:55 +2:00 GMT,192.168.0.3:1119,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1120,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1121,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1122,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1135,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1136,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:38:39 +2:00 GMT,192.168.0.3:1234,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:41:07 +2:00 GMT,192.168.0.3:1284,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:41:37 +2:00 GMT,192.168.0.3:1288,192.168.0.2:1214,TCP 
> (flags:S)
> FWIN,2002/10/11,12:41:58 +2:00 GMT,192.168.0.3:1290,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:42:49 +2:00 GMT,192.168.0.3:1302,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:43:40 +2:00 GMT,192.168.0.3:1317,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:44:31 +2:00 GMT,192.168.0.3:1318,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,12:48:01 +2:00 GMT,192.168.0.3:1319,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,13:00:26 +2:00 GMT,192.168.0.3:1320,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,13:12:52 +2:00 GMT,192.168.0.3:1330,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,13:25:18 +2:00 GMT,192.168.0.3:1332,192.168.0.2:139,TCP 
> (flags:S)
> FWIN,2002/10/11,13:37:43 +2:00 GMT,192.168.0.3:1333,192.168.0.2:139,TCP 
> (flags:S)
>
>  Thanks, Chris





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com