[ On Thursday, June 28, 2001 at 22:17:54 (+0300), Vangelis Haniotakis wrote: ] > Subject: Weird scan on port 1214 > > Now, port 1214 is reserved for what is called "Intelligent > Communications Protocol" on tcp and KAZAA on udp. I don't know what the > first one is, I do know that Kazaa is a file sharing thingy though. KAZAA is really just HTTP on a "private" port. You can connect to it with any HTTP browser and get more or less meaningful results. > The small packet count reminds one of a vulnerability scan. Has there > been any vulnerability known re: kazaa (the most probable target)? It's more likely they're just scanning for KAZAA servers. One of my clients received a copyright infringement notification from the Motion Picture Association Worldwide Anti-Piracy group the other day stating that such a client was running on a customer's machine and that it contained copyrighted materials. Whether your "scans" are from the likes of the MPA, or just from those trying to find files, or if there's a vulnerability in KAZAA and someone's trying to find targets, is anyone's guess at this point. What source address(es) did those connections appear to have come from? -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoodsat_private> <woodsat_private> Planix, Inc. <woodsat_private>; Secrets of the Weird <woodsat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jun 30 2001 - 08:51:42 PDT