Security Basics mailing list archives
Re: Kazaa?
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Sun, 13 Oct 2002 01:06:08 +0000
Hey there Christian,The activity you are experiencing on your firewall is normal when running Kazaa. This is due to the fact that Kazaa uses port 1214 as one of its operation ports, and causes firewalls to pick up and log its activity as scanning - there are two situations where this Kazaa activity would be logged by your firewall, these are: When your son attempts to download a file off another Kazaa user, a connection is made - some firewalls constitute this as a port scan.
OR ALTERNATIVELYWhen another Kazaa user attempts to download locally stored files off your machine, a connection is also made in this situation and is classed as a port scan.
I hope this helps you understand what is going on, he isn't doing anything malicious it is just how Kazaa works and how many firewalls react to its activity.
Regards, Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com/ New Zealand Is your box REALLY secure?
From: Christian Simatos <christiansimatos () freesurf fr> Reply-To: Christian Simatos <christiansimatos () freesurf fr> To: security-basics () securityfocus com Subject: Kazaa? Date: Fri, 11 Oct 2002 13:52:37 +0200 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.26]) by mc3-f21.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 11 Oct 2002 12:41:09 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid CC51B8F57D; Fri, 11 Oct 2002 12:26:21 -0600 (MDT)Received: (qmail 12560 invoked from network); 11 Oct 2002 18:49:55 -0000 Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com X-Mailer: The Bat! (v1.60q) Personal Organization: cs X-Priority: 3 (Normal) Message-ID: <3679787808.20021011135237 () freesurf fr> In-Reply-To: <20021010154441.7355.qmail () mail securityfocus com> References: <20021010154441.7355.qmail () mail securityfocus com>Return-Path: security-basics-return-15130-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 11 Oct 2002 19:41:11.0262 (UTC) FILETIME=[26DC1FE0:01C2715E]Hello, My son has installed Kazaa on his pc. My personal antivirus is reporting that kazaa (I suppose because it's port 1214) is scanning my own PC from ports which increase regularly. I googled to try and find information, but I have not found this behavior described. - Can anyone help me? - Is it the normal Kazaa behavior? - Can I prevent it? (other than de-install kazaa)FWIN,2002/10/11,12:33:21 +2:00 GMT,192.168.0.3:1031,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1054,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1055,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1056,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1064,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1065,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1066,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1067,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:18 +2:00 GMT,192.168.0.3:1071,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:35 +2:00 GMT,192.168.0.3:1078,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:35:55 +2:00 GMT,192.168.0.3:1119,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1120,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1121,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1122,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1135,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1136,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:38:39 +2:00 GMT,192.168.0.3:1234,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:41:07 +2:00 GMT,192.168.0.3:1284,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:41:37 +2:00 GMT,192.168.0.3:1288,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:41:58 +2:00 GMT,192.168.0.3:1290,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:42:49 +2:00 GMT,192.168.0.3:1302,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:43:40 +2:00 GMT,192.168.0.3:1317,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:44:31 +2:00 GMT,192.168.0.3:1318,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:48:01 +2:00 GMT,192.168.0.3:1319,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:00:26 +2:00 GMT,192.168.0.3:1320,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:12:52 +2:00 GMT,192.168.0.3:1330,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:25:18 +2:00 GMT,192.168.0.3:1332,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:37:43 +2:00 GMT,192.168.0.3:1333,192.168.0.2:139,TCP (flags:S)Thanks, Chris
_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Current thread:
- RE: Kazaa? Nicko Demeter (Oct 15)
- RE: Kazaa? Mike Dresser (Oct 16)
- <Possible follow-ups>
- Re: Kazaa? fluffy () fluffybacon co uk (Oct 15)
- Re: Kazaa? KoRe MeLtDoWn (Oct 15)
- Re[2]: Kazaa? Christian Simatos (Oct 15)
- RE: Re[2]: Kazaa? Nicko Demeter (Oct 16)
- Re[2]: Kazaa? Christian Simatos (Oct 15)
- Re: Kazaa? Tyler Oar (Oct 15)
- RE: Kazaa? Kevin Jackson (Oct 15)
- Re: Kazaa? Eimantas V (Oct 15)
- Re: Kazaa? Rodrigo Ramos (Oct 15)
- Re: Kazaa? AI Jordanov (Oct 15)
- Re: Kazaa? Neils Christoffersen (Oct 16)
- RE: Re[2]: Kazaa? Chris Santerre (Oct 16)