[Dshield] 1214 (Kazaa) multiple hits & 80 as well
jsage at finchhaven.com
Sat Jun 22 05:24:34 GMT 2002
On Fri, Jun 21, 2002 at 06:35:52AM -0500, Ed Truitt wrote:
> Does your ISP supply dynamic (DHCP) addresses, or static? If the former, it
> may explain (partially) your getting hit with the KaZaA probes - this is
> quite common on dynamically-allocated IPs.
Yet another issue to consider:
If you currently have a dynamic IP that was "owned" previously by a
KaZaA user, that IP address is retained in a cache by the *other*
KaZaA users that person was connecting to..
So when one of those *other* KaZaA users comes online, and/or starts
up KaZaA, he immediately starts scanning that list of IP addresses,
looking for previous partners that are currently online.
I believe this explains why KaZaA probes suddenly appear out of
nowhere, even when you (or I, I'm on a dialup at home..) have been on
the same IP address for hours and hours.
"You are in a little maze of twisty passages, all different."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
More information about the list