Security Incidents: morpheus/kazaa probes/scans

[k <tattooman () scott culp should read 1984 while ondrugz com>]

during the past week, i have noticed a *very* substantial and alarming
number of unsolicited morpheus/kazaa scans/probes (port 1214).  before
last week, the targeted systems, which reside on roadrunner cablemodem
networks, were receiving an average of 40 separate probes/day, with less
than 5 morpheus/kazaa probes/day.  currently, those same systems have been
getting over 300 morpheus/kazaa probes/day for the past 5 days.  the
elevated probe numbers have been relatively constant.  no file sharing
software is or ever has been run (or installed) on any of the systems.
ALL unsolicited incoming traffic is filtered/blocked/dropped.  NO public
services (www, ftp, etc) have ever been run on any of the systems.  the
probes have been coming from a wide variety of systems all over the world,
including .edu and .gov.

i have not seen any substantial increase in similar scans on corporate
networks that i monitor.

anybody else seen an increase in morpheus/kazaa scans, or have any insight
into the reasons (new vuln scanning tool, new morpheus/kazaa exploits,
etc)?

thanks,
k


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com