Re: KazAa ?

From: Dave Korn (no.spam_at_my.mailbox.invalid)
Date: 06/28/03


Date: Sat, 28 Jun 2003 16:32:01 +0100


"The Saint" <gur_fnvag@gurfnvag.v-c.pbz> wrote in message
news:1100807632.41bd2ef0@thesaint.i-p.com...
> ~~ wrote:
>
> >I get about 300 packets containing sub-7 trojans everyday.
>
> Would you mind elaborating on that? Please give some details on the
> packet size/contents and what port(s) it attempts to exploit.
>

I think we have a firewall newbie here. IIRC Kazaa uses a range of ports,
one of which matches the default Sub7 port. So what the OP is presumably
seeing is actually connect-attempts to a port that the fwall describes as
being used by Sub7; they don't 'contain' the trojan, but under different
circumstances might be construed as attempts to access a Sub7 if there was
one installed on OP's machine.

OP: You've probably just picked up an IP address from your ISP that was
previously being used by someone who was in the middle of a Kazaa session
with some other machines. They must have suddenly gone offline without
shutting down Kazaa, and when you came online and got the IP address they
had been using, the other Kazaa peers kept sending packets because they
didn't know it was now a different machine. Just let your firewall block
the packets and don't worry about it.

        DaveK

--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
Burn your ID card!  http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.
PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E  6484 C441 CEC7 D2BD


Relevant Pages

  • Re: [opensuse] SuseFirewall IPv4 vs IPv6
    ... # network security threats. ... # Opening ports for LAN services in the external zone defeats the ... # this setting only works for packets destined for the local machine. ... # If the protocol is icmp then port is interpreted as icmp type ...
    (SuSE)
  • Re: What is going on with my Dialup?
    ... also forward it to an unused port, and have that port provide the ... verses the RST or ICMP 3,3. ... The lack of response causes the remote computer to make ... Others think that by not responding to unwanted packets, ...
    (comp.os.linux.networking)
  • Re: OT .. Road Warrior communications question
    ... The data on the Internet is sent in little packets. ... The packets addressed to port 80 ... Likewise, at the mail server receiving the packets, it knows the return ... Why would e-mail work on the web but not from your e-mail software? ...
    (alt.guitar.bass)
  • Re: Logs: Many hits with source port of 80
    ... The hits from source port 80 to dest port 37852 are IMHO almost ... you should probably see a couple other packets - perhaps ... packets if either you send the load balancer a packet, ... >>I have seen similar hits for the past three months. ...
    (Incidents)
  • Re: Error 720 connecting to server via VPN
    ... By default the router's firewall is configured to drop ICMP packets ... Select WAN Setup> Advanced> Respond to Ping on Internet Port. ... server and the Internet allow GRE packets. ... routers on the user's network are also configured to allow GRE packets. ...
    (microsoft.public.windows.server.sbs)