For sometime now I have noticed that on occasion ZA syas I am getting alot of scans ot one particular port (TCP1214)...well after receiving 19 of them in about an 1 1/2 hrs this morning I decided to investigate. It seems that two very popular file sharing programs (Kazaa and Morpehous) use that port and that periodically someone will use those programs to look for music to download and quite often that looking will just be over a block of addresses. So there is no secret conspiracy out there, no Trojan using that one (I think a yet should be added to that...), just some desparate soul searching for some obscure song that no-one seems to have (yeah,right, and I have some nice oceanfront properity....just outside of Tuscon that I can let go really cheap..... http://www.PCGuide.com/ubb/biggrin.gif http://www.PCGuide.com/ubb/wink.gif http://www.PCGuide.com/ubb/biggrin.gif ). But in all seriousness, it is not really something to worry about , it is someone using a very popular program for some not so nefarious purpose.....

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Most interesting mjc. Only trouble I forsee is that if such programs were to get popular/commonplace and scan big blocks of addresses then ZA and other firewall alerts are gonna (a) get really annoying and (b) possibly mask trojan and other malicious scans. http://www.PCGuide.com/ubb/eek.gif

------------------
Take nice care of yourselves - Paul

Already doing a and increasing...and b is a really good possibility although not too likely, since most trojans like to use unused ports to do their "dirty work" (like transmit your credit card numbers back to their home server, or open a backdoor to your machine) and those that use your machine to launch a DoS attack would use either the more common email and http ports or some other more essential port

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

mjc, either you've been using Morpheus (that's how Morpheus users get ip's to log onto) or it is someone that's trying to break in through that port

------------------
When in doubt search on Google

Thinking about that a bit further, if you're on dialup or otherwise have a dynamic ip then your ip changes all the time and someone could've been logged onto the fastrack system (Morpheus,Kazaa,Grockster) as a Supernode with you're current ip.

------------------
When in doubt search on Google