Re: things to break..

[jpr5 () BOS BINDVIEW COM (Jordan Ritter)]

On Sun, 23 Jan 2000, Matthew S. Hallacy wrote:

# speaking of napster, it seems that it portscans you upon connection to
# their server, the firewall where i work kept setting off my pager and I
# found that it was someone loading napster. I've since banned the use of
# it, but it's still quite curious..

Here is a portion of my defacto letter I send out to any report I receive
that they've been "portscanned" by one of our (Napster) boxes:

---
   The connections you have recorded on your network and relayed to us
   are neither probes nor attacks on your network.  Instead, the
   activity you have observed is part of an automatic configuration of
   the Napster mp3 client.

   To explain briefly, when a user installs Napster on their system
   and logs in for the first time, they are prompted to automatically
   configure their file transfer settings.  Since file transfers are
   done client to client, this involves finding an acceptable port on
   the client from which it can listen for incoming connections,
   should another client wish to download a file from it.  As part of
   the automatic configuration, the Napster server connects back to
   the client over a small range of port numbers in an attempt to
   negotiate an appropriate port.  A few of these ports are
   non-standard, such as '6699'.  Others are well-known, such as
   telnet (23) and ftp (21).  This is done so as to allow users to
   bypass some firewalls, which may allow well-known traffic to pass
   through.  Since this cannot be determined passively, the Napster
   server must actively try to seek a working port.

   We apologize for any alarm or inconvenience this activity has
   caused, but hope that the above explanation suffices to put you at
   ease, insofar as the reported activity is in no way related to any
   attempt to penetrate into or discern information about your
   network.
---

Sorry for not paying attention to this thread, not sure how I missed it..

--jordan