It is very common for it to be scanning 1214. It is doing this just to see if it can download files from you. Most likely he does have a trojan on his computer because he is scanning port 139(unless you are using netbios).
Tyler >From: Christian Simatos <[EMAIL PROTECTED]> >Reply-To: Christian Simatos <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Kazaa? >Date: Fri, 11 Oct 2002 13:52:37 +0200 >MIME-Version: 1.0 >Received: from outgoing.securityfocus.com ([205.206.231.26]) by >mc5-f5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 11 Oct >2002 12:41:09 -0700 >Received: from lists.securityfocus.com (lists.securityfocus.com >[205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid >CC51B8F57D; Fri, 11 Oct 2002 12:26:21 -0600 (MDT) >Received: (qmail 12560 invoked from network); 11 Oct 2002 18:49:55 -0000 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >X-Mailer: The Bat! (v1.60q) Personal >Organization: cs >X-Priority: 3 (Normal) >Message-ID: <[EMAIL PROTECTED]> >In-Reply-To: <[EMAIL PROTECTED]> >References: <[EMAIL PROTECTED]> >Return-Path: >[EMAIL PROTECTED] >X-OriginalArrivalTime: 11 Oct 2002 19:41:10.0261 (UTC) >FILETIME=[26436250:01C2715E] > >Hello, > >My son has installed Kazaa on his pc. > >My personal antivirus is reporting that kazaa (I suppose because it's port >1214) is scanning my own PC from ports which increase regularly. >I googled to try and find information, but I have not found this behavior >described. >- Can anyone help me? >- Is it the normal Kazaa behavior? >- Can I prevent it? (other than de-install kazaa) > >FWIN,2002/10/11,12:33:21 +2:00 GMT,192.168.0.3:1031,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1054,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1055,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:00 +2:00 GMT,192.168.0.3:1056,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1064,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1065,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1066,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:02 +2:00 GMT,192.168.0.3:1067,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:18 +2:00 GMT,192.168.0.3:1071,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:35 +2:00 GMT,192.168.0.3:1078,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:35:55 +2:00 GMT,192.168.0.3:1119,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1120,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1121,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:35:56 +2:00 GMT,192.168.0.3:1122,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1135,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:36:12 +2:00 GMT,192.168.0.3:1136,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:38:39 +2:00 GMT,192.168.0.3:1234,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:41:07 +2:00 GMT,192.168.0.3:1284,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:41:37 +2:00 GMT,192.168.0.3:1288,192.168.0.2:1214,TCP >(flags:S) >FWIN,2002/10/11,12:41:58 +2:00 GMT,192.168.0.3:1290,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:42:49 +2:00 GMT,192.168.0.3:1302,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:43:40 +2:00 GMT,192.168.0.3:1317,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:44:31 +2:00 GMT,192.168.0.3:1318,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,12:48:01 +2:00 GMT,192.168.0.3:1319,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:00:26 +2:00 GMT,192.168.0.3:1320,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:12:52 +2:00 GMT,192.168.0.3:1330,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:25:18 +2:00 GMT,192.168.0.3:1332,192.168.0.2:139,TCP >(flags:S) >FWIN,2002/10/11,13:37:43 +2:00 GMT,192.168.0.3:1333,192.168.0.2:139,TCP >(flags:S) > > Thanks, Chris _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
