[unisog] KaZaA and Port 80?

H. Morrow Long morrow.long at yale.edu
Wed Oct 16 15:15:35 GMT 2002


Yes, we have been seeing KaZaa running at a lot of ports other
than 1214 these days.  Must be KaZaa v2.  I think that they are
trying to get around firewalls as well as Packeteers via this.

We've seen TCP port 80 as well as the apparent use of the MSDTC port (3372)
and others.

We've also heard of the use of 'http-tunnel' being used by some college
students to bypass blocks which some have put on the use of P2P clients.

http-tunnel apparently tunnel's the P2P client/server traffic out of
college's where it is blocked by making the P2P client appear to be a
web client going out to a web server.  Might also be what you are seeing?

http://www.nocrew.org/software/httptunnel.html
http://mailman.nocrew.org/pipermail/nocrew-httptunnel/2002/000499.html

http://www.dslreports.com/forum/news,22584~root=news,22584~parent=news,22584~mode=full

http://www.http-tunnel.com/HT_Quotes.asp


H. Morrow Long


Allen Chang wrote:
> I've been seeing a lot of computers with port 80 open that aren't running
> webservers.
> 
> [allen at hal ~]$ HEAD aaa.bbb.ccc.ddd
> 501 Not Implemented
> Client-Date: Wed, 16 Oct 2002 05:23:53 GMT
> Client-Peer: aaa.bbb.ccc.ddd:80
> X-Kazaa-IP: aaa.bbb.ccc.ddd:3143
> X-Kazaa-Network: KaZaA
> X-Kazaa-SupernodeIP: www.xxx.yyy.zzz:1349
> X-Kazaa-Username: kazaaliteuser
> 
> It looks to be KaZaA. Anyone else seen this recently and know what's going
> on? I haven't had a chance to run Vision/Active Ports on one of these
> computers to see what's going on.
> 
> @llen
> Network Security Coordinator
> Residential Computing
> UC Berkeley
> 




More information about the unisog mailing list