Security Basics mailing list archives
Re: Kazaa?
From: "Tyler Oar" <tyler_oar () hotmail com>
Date: Sat, 12 Oct 2002 04:46:51 +0000
It is very common for it to be scanning 1214. It is doing this just to see if it can download files from you. Most likely he does have a trojan on his computer because he is scanning port 139(unless you are using netbios).
Tyler
From: Christian Simatos <christiansimatos () freesurf fr> Reply-To: Christian Simatos <christiansimatos () freesurf fr> To: security-basics () securityfocus com Subject: Kazaa? Date: Fri, 11 Oct 2002 13:52:37 +0200 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.26]) by mc5-f5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 11 Oct 2002 12:41:09 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid CC51B8F57D; Fri, 11 Oct 2002 12:26:21 -0600 (MDT)Received: (qmail 12560 invoked from network); 11 Oct 2002 18:49:55 -0000 Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com X-Mailer: The Bat! (v1.60q) Personal Organization: cs X-Priority: 3 (Normal) Message-ID: <3679787808.20021011135237 () freesurf fr> In-Reply-To: <20021010154441.7355.qmail () mail securityfocus com> References: <20021010154441.7355.qmail () mail securityfocus com>Return-Path: security-basics-return-15130-tyler_oar=hotmail.com () securityfocus com X-OriginalArrivalTime: 11 Oct 2002 19:41:10.0261 (UTC) FILETIME=[26436250:01C2715E]Hello, My son has installed Kazaa on his pc. My personal antivirus is reporting that kazaa (I suppose because it's port 1214) is scanning my own PC from ports which increase regularly. I googled to try and find information, but I have not found this behavior described. - Can anyone help me? - Is it the normal Kazaa behavior? - Can I prevent it? (other than de-install kazaa)FWIN,2002/10/11,12:33:21 +2:00 GMT,192.168.0.3:1031,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1054,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1055,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1056,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1064,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1065,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1066,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1067,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:18 +2:00 GMT,192.168.0.3:1071,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:35 +2:00 GMT,192.168.0.3:1078,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:35:55 +2:00 GMT,192.168.0.3:1119,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1120,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1121,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1122,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1135,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1136,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:38:39 +2:00 GMT,192.168.0.3:1234,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:41:07 +2:00 GMT,192.168.0.3:1284,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:41:37 +2:00 GMT,192.168.0.3:1288,192.168.0.2:1214,TCP (flags:S) FWIN,2002/10/11,12:41:58 +2:00 GMT,192.168.0.3:1290,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:42:49 +2:00 GMT,192.168.0.3:1302,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:43:40 +2:00 GMT,192.168.0.3:1317,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:44:31 +2:00 GMT,192.168.0.3:1318,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,12:48:01 +2:00 GMT,192.168.0.3:1319,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:00:26 +2:00 GMT,192.168.0.3:1320,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:12:52 +2:00 GMT,192.168.0.3:1330,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:25:18 +2:00 GMT,192.168.0.3:1332,192.168.0.2:139,TCP (flags:S) FWIN,2002/10/11,13:37:43 +2:00 GMT,192.168.0.3:1333,192.168.0.2:139,TCP (flags:S)Thanks, Chris
_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Current thread:
- RE: Kazaa? Nicko Demeter (Oct 15)
- RE: Kazaa? Mike Dresser (Oct 16)
- <Possible follow-ups>
- Re: Kazaa? fluffy () fluffybacon co uk (Oct 15)
- Re: Kazaa? KoRe MeLtDoWn (Oct 15)
- Re[2]: Kazaa? Christian Simatos (Oct 15)
- RE: Re[2]: Kazaa? Nicko Demeter (Oct 16)
- Re[2]: Kazaa? Christian Simatos (Oct 15)
- Re: Kazaa? Tyler Oar (Oct 15)
- RE: Kazaa? Kevin Jackson (Oct 15)
- Re: Kazaa? Eimantas V (Oct 15)
- Re: Kazaa? Rodrigo Ramos (Oct 15)
- Re: Kazaa? AI Jordanov (Oct 15)
- Re: Kazaa? Neils Christoffersen (Oct 16)
- RE: Re[2]: Kazaa? Chris Santerre (Oct 16)