[Dshield] 1214 (Kazaa) multiple hits & 80 as well
ed.truitt at etee2k.net
Fri Jun 21 11:35:52 GMT 2002
Does your ISP supply dynamic (DHCP) addresses, or static? If the former, it
may explain (partially) your getting hit with the KaZaA probes - this is
quite common on dynamically-allocated IPs.
As far as the port 80 probes, again if the addresses are assigned
dynamically, then it is quite possible for the same attacker to have
different IPs. At least one of the DSL providers has been known to change
IPs while the machines are connected (I don't know *how* they accomplish it,
----- Original Message -----
To: DS mailing list
Sent: Thursday, June 20, 2002 5:40 PM
Subject: [Dshield] 1214 (Kazaa) multiple hits & 80 as well
I know that port 1214 is a Kazaa port. But, this same IP address has been
hiting me on that port for 2 days now! This is just from today, from the
last time I sent my log in.
Funny thing is, I don't run Kazaa or any other File Sharing utilities. Just
wonder what he's up to?
Then..... This guy keeps scanning port 80. The IP is very close to mine.
Notice that the attacker's ip changes from 18.104.22.168 to 22.214.171.124
and other 165.247.xx.xxx variations. DO you think it is the same person?
What do you guys think?
More information about the list