On Thu, 23 May 2002 06:10:28 -0400 begin Joel Hammer <[EMAIL PROTECTED]> spewed forth:
> I have an XP home edition on my home network behind my firewall. I know > nothing about XP. > This morning at localtime 5:45 am I noticed a connection with a lot of > data being send to this address from my XP machine: > 217.84.15.157.1214 > 192.168.1.9.1632 Ah yes, Morpheus. This is one of those Morpheus Music City/ Kazaa -type programs running on your XP system. It d/l music, then, by default, notifies the master server, and next thing you know 10,000 folks the world over are d/l from you. Hope you have a T-3 (or you'll need to block several ports), because this trash will saturate your bandwidth. It's reporting to the server that it has a 100Mb (or 10Mb) connection to the world (it's ethernet connection to your firewall). > The XP machine of course is the 192 address. > nslookup gave some typical appearing DHCP type name, which I didn't > write down! > I looked at the XP box. It had been left on, with a user logged in. IE > was running but I couldn't enlarge the icon at the bottom of the screen. > I shut down the XP box, the connection stopped, and nslookup no longer > resolved the ip address above. I know that XP has vulnerabilities, but I > thought the firewall would protect it (foolish dreamer). > SO, the question is, is this a hack? Is there some port I need to block > on my firewall to prevent this sort of access? > Joel Don't you just love lusers? Ciao, David A. Bandel -- Focus on the dream, not the competition. -- Nemesis Racing Team motto _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.