FW: [Dshield] Activity on port 3110, mostly udp with occasionaltcp
B-Morgan at concentric.net
Fri Jun 13 03:56:24 GMT 2003
According to my latest Daily DShield Report there were 2195 packets from 85
I've captured 4000+ packets and data portion of the UDP packets is anywhere
from 35-45 bytes and doesn't contain any recognizable ASCII text, but...
As luck would have it, when I reloaded my ethereal dump file, I found some
UDP packets near the end of the trace with 12 bytes of data. These contain
the ASCII string "KaZaA".
I suspected this was some sort of peer to peer sharing protocol that was run
by the previous owner of the IP address I obtained just before this all
started, but I couldn't find any evidence to support my suspicions.
Does anyone know how to tell all these bozo machines that I don't want to
play anymore? I guess I could ask my ISP to DHCP assign me a different
More information about the list