FW: [Dshield] Activity on port 3110, mostly udp with occasionaltcp

Brad Morgan B-Morgan at concentric.net
Fri Jun 13 03:56:24 GMT 2003


According to my latest Daily DShield Report there were 2195 packets from 85
sources.

I've captured 4000+ packets and data portion of the UDP packets is anywhere
from 35-45 bytes and doesn't contain any recognizable ASCII text, but...

As luck would have it, when I reloaded my ethereal dump file, I found some
UDP packets near the end of the trace with 12 bytes of data.  These contain
the ASCII string "KaZaA".

I suspected this was some sort of peer to peer sharing protocol that was run
by the previous owner of the IP address I obtained just before this all
started, but I couldn't find any evidence to support my suspicions.

Does anyone know how to tell all these bozo machines that I don't want to
play anymore?  I guess I could ask my ISP to DHCP assign me a different
address. 






More information about the list mailing list