On Thu, 23 May 2002 06:10:28 -0400
begin Joel Hammer <[EMAIL PROTECTED]> spewed forth:
> I have an XP home edition on my home network behind my firewall. I know
> nothing about XP.
> This morning at localtime 5:45 am I noticed a connection with a lot of
> data being send to this address from my XP machine:
> 217.84.15.157.1214 > 192.168.1.9.1632
Ah yes, Morpheus. This is one of those Morpheus Music City/ Kazaa -type
programs running on your XP system. It d/l music, then, by default,
notifies the master server, and next thing you know 10,000 folks the world
over are d/l from you. Hope you have a T-3 (or you'll need to block
several ports), because this trash will saturate your bandwidth. It's
reporting to the server that it has a 100Mb (or 10Mb) connection to the
world (it's ethernet connection to your firewall).
> The XP machine of course is the 192 address.
> nslookup gave some typical appearing DHCP type name, which I didn't
> write down!
> I looked at the XP box. It had been left on, with a user logged in. IE
> was running but I couldn't enlarge the icon at the bottom of the screen.
> I shut down the XP box, the connection stopped, and nslookup no longer
> resolved the ip address above. I know that XP has vulnerabilities, but I
> thought the firewall would protect it (foolish dreamer).
> SO, the question is, is this a hack? Is there some port I need to block
> on my firewall to prevent this sort of access?
> Joel
Don't you just love lusers?
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
_______________________________________________
Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
