Security Incidents mailing list archives

Re: Munged Napster Sessions

From: ifightspam () BIGFOOT COM (Aussie)
Date: Sat, 18 Mar 2000 03:57:32 +1100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vanja Hrustic <vanja () RELAYGROUP COM> wrote:

A silly question: is any of sites involved located at *.demon.co.uk, by
any chance?

I think that quite many people these days are seeing false alarms caused
by traffic which comes from demon. Demon blames it on "network
equipment". For example, a guy (using demon.co.uk) is browsing my
website, and during that session, a packet is sent to random high port
(like 3xxxx). Packets are really strange; sometimes they have all bits
set, sometimes not.

I just got used to that :)


Actually, I have a couple of ICQ contacts that are connecting through
demon.co.uk and I get at least 2 odd connection attempts each time they
send to me or receive a message from me. These ports can be in 3xxxx or
right down to 20, 24, 90 etc. I've never worked out why they are
sending the packets, and ICQ works perfectly anyway, so I would be
interested to know why I'm getting stupid connection attempts ONLY from
this ISP.

Aussie

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: Please verify this signature.  http://www.pgpi.com

iQA/AwUBONHXXJZb9oayhFBBEQL+0wCaA6ww/3KS2gUxvl9vAuGxVQH8L7kAoKjz
X+wLUbZPxNc9MI7wOedc1Zub
=yjSJ
-----END PGP SIGNATURE-----

Current thread:

Re: Munged Napster Sessions Stephen P. Berry (Mar 17)
- <Possible follow-ups>
- Re: Munged Napster Sessions Aussie (Mar 17)
  - Re: Munged Napster Sessions Michael Damm (Mar 20)
  - Re: Munged Napster Sessions Fyodor (Mar 20)