Hey there Christian, The activity you are experiencing on your firewall is normal when running Kazaa. This is due to the fact that Kazaa uses port 1214 as one of its operation ports, and causes firewalls to pick up and log its activity as scanning - there are two situations where this Kazaa activity would be logged by your firewall, these are: When your son attempts to download a file off another Kazaa user, a connection is made - some firewalls constitute this as a port scan. OR ALTERNATIVELY When another Kazaa user attempts to download locally stored files off your machine, a connection is also made in this situation and is classed as a port scan.
I hope this helps you understand what is going on, he isn't doing anything malicious it is just how Kazaa works and how many firewalls react to its activity. Regards, Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com/ New Zealand Is your box REALLY secure? >From: Christian Simatos <[EMAIL PROTECTED]> >Reply-To: Christian Simatos <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Kazaa? >Date: Fri, 11 Oct 2002 13:52:37 +0200 >MIME-Version: 1.0 >Received: from outgoing.securityfocus.com ([205.206.231.26]) by >mc3-f21.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 11 >Oct 2002 12:41:09 -0700 >Received: from lists.securityfocus.com (lists.securityfocus.com >[205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid >CC51B8F57D; Fri, 11 Oct 2002 12:26:21 -0600 (MDT) >Received: (qmail 12560 invoked from network); 11 Oct 2002 18:49:55 -0000 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >X-Mailer: The Bat! (v1.60q) Personal >Organization: cs >X-Priority: 3 (Normal) >Message-ID: <[EMAIL PROTECTED]> >In-Reply-To: <[EMAIL PROTECTED]> >References: <[EMAIL PROTECTED]> >Return-Path: >[EMAIL PROTECTED] >X-OriginalArrivalTime: 11 Oct 2002 19:41:11.0262 (UTC) >FILETIME=[26DC1FE0:01C2715E] > >Hello, > >My son has installed Kazaa on his pc. > >My personal antivirus is reporting that kazaa (I suppose because it's port >1214) is scanning my own PC from ports which increase regularly. >I googled to try and find information, but I have not found this behavior >described. >- Can anyone help me? >- Is it the normal Kazaa behavior? >- Can I prevent it? (other than de-install kazaa) > >FWIN,2002/10/11,12:33:21 +2:00 GMT,192.168.0.3:1031,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1054,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1055,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1056,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1064,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1065,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1066,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1067,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:18 +2:00 GMT,192.168.0.3:1071,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:35 +2:00 GMT,192.168.0.3:1078,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:35:55 +2:00 GMT,192.168.0.3:1119,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1120,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1121,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1122,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1135,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1136,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:38:39 +2:00 GMT,192.168.0.3:1234,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:41:07 +2:00 GMT,192.168.0.3:1284,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:41:37 +2:00 GMT,192.168.0.3:1288,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:41:58 +2:00 GMT,192.168.0.3:1290,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:42:49 +2:00 GMT,192.168.0.3:1302,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:43:40 +2:00 GMT,192.168.0.3:1317,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:44:31 +2:00 GMT,192.168.0.3:1318,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:48:01 +2:00 GMT,192.168.0.3:1319,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:00:26 +2:00 GMT,192.168.0.3:1320,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:12:52 +2:00 GMT,192.168.0.3:1330,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:25:18 +2:00 GMT,192.168.0.3:1332,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:37:43 +2:00 GMT,192.168.0.3:1333,192.168.0.2:139,TCP >(flags:S) > > Thanks, Chris _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
