Re: Massive port probs on 3123

["Johannes Ullrich" <jullrich () euclidian com>]

> So I pick out one of the IP's and email the hostmaster about the attack, =
> and this is his reply below. .. .. Hello,
>    These 'attacks' are you running KaZaA. This IP is your KaZaA = supernode.
> Please learn how to use and understand your firewall.

Do you have a dynamic IP address? If so, you may be subject to "P2P Afterglow".
In short, P2P networks are not very good about taking dead hosts off their peer
list. Another user of your ISP used Kazaa, and disconnected just before you
connected to the ISP. You got lucky, and your ISP assigned you the same IP
address this user just freed up. However, his Kazaa buddies still try to
connect back and they can be very persistent about this.

BTW: To automate the 'nasty gram' writing, you may want to consider
using http://www.dshield.org ;-).




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------