Re: KazAa ?

From: Dave Korn (no.spam_at_my.mailbox.invalid)
Date: 06/28/03


Date: Sat, 28 Jun 2003 16:32:01 +0100


"The Saint" <gur_fnvag@gurfnvag.v-c.pbz> wrote in message
news:1100807632.41bd2ef0@thesaint.i-p.com...
> ~~ wrote:
>
> >I get about 300 packets containing sub-7 trojans everyday.
>
> Would you mind elaborating on that? Please give some details on the
> packet size/contents and what port(s) it attempts to exploit.
>

I think we have a firewall newbie here. IIRC Kazaa uses a range of ports,
one of which matches the default Sub7 port. So what the OP is presumably
seeing is actually connect-attempts to a port that the fwall describes as
being used by Sub7; they don't 'contain' the trojan, but under different
circumstances might be construed as attempts to access a Sub7 if there was
one installed on OP's machine.

OP: You've probably just picked up an IP address from your ISP that was
previously being used by someone who was in the middle of a Kazaa session
with some other machines. They must have suddenly gone offline without
shutting down Kazaa, and when you came online and got the IP address they
had been using, the other Kazaa peers kept sending packets because they
didn't know it was now a different machine. Just let your firewall block
the packets and don't worry about it.

        DaveK

--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
Burn your ID card!  http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.
PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E  6484 C441 CEC7 D2BD