Vulnerability Development mailing list archives
Re: things to break..
From: jpr5 () BOS BINDVIEW COM (Jordan Ritter)
Date: Tue, 25 Jan 2000 11:26:09 -0500
On Sun, 23 Jan 2000, Matthew S. Hallacy wrote: # speaking of napster, it seems that it portscans you upon connection to # their server, the firewall where i work kept setting off my pager and I # found that it was someone loading napster. I've since banned the use of # it, but it's still quite curious.. Here is a portion of my defacto letter I send out to any report I receive that they've been "portscanned" by one of our (Napster) boxes: --- The connections you have recorded on your network and relayed to us are neither probes nor attacks on your network. Instead, the activity you have observed is part of an automatic configuration of the Napster mp3 client. To explain briefly, when a user installs Napster on their system and logs in for the first time, they are prompted to automatically configure their file transfer settings. Since file transfers are done client to client, this involves finding an acceptable port on the client from which it can listen for incoming connections, should another client wish to download a file from it. As part of the automatic configuration, the Napster server connects back to the client over a small range of port numbers in an attempt to negotiate an appropriate port. A few of these ports are non-standard, such as '6699'. Others are well-known, such as telnet (23) and ftp (21). This is done so as to allow users to bypass some firewalls, which may allow well-known traffic to pass through. Since this cannot be determined passively, the Napster server must actively try to seek a working port. We apologize for any alarm or inconvenience this activity has caused, but hope that the above explanation suffices to put you at ease, insofar as the reported activity is in no way related to any attempt to penetrate into or discern information about your network. --- Sorry for not paying attention to this thread, not sure how I missed it.. --jordan
Current thread:
- HTTP scanners?, (continued)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. John Galt (Jan 24)
- Re: things to break.. Matt Conover (Jan 25)
- Re: things to break.. Simple Nomad (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- ICQ Pass Cracker. WolF Knox (Jan 26)
- Re: ICQ Pass Cracker. Blue Boar (Jan 26)
- Re: ICQ Pass Cracker. Usman (Jan 26)
- Re: ICQ Pass Cracker. Vladimir Dubrovin (Jan 27)
- Shadow kjkotas (Jan 24)