spoofed P2P

Last post 10-14-2007 2:50 PM by lnicula. 3 replies.

Page 1 of 1 (4 items)
	Sort Posts: Previous Next

10-12-2007 10:47 AM

Norman8
Joined on 10-12-2007
Posts 2

spoofed P2P

Reply Contact

My event log has many entries of : description: a remote client initialized an unexpected P2P connection.

This is in reference to Yahoo messenger program and someone I have added to my list. Could someone please explain what this is? what is this person trying to do or send me?

I have searched Blink and the web to get clarity on this, but to no avail. Any information would be greatly appreciated. I am running 3.2.0.1678 Blink personal on XP.

Thank You

Filed under: blink, protection

10-12-2007 12:10 PM In reply to

lnicula
Joined on 06-05-2007
Irvine
Posts 694

Re: spoofed P2P

Reply Contact

Can you please post the content of one of these events please? You can edit out any IP address if you wish.

Regards
Laurentiu Nicula

10-14-2007 1:23 PM In reply to

Norman8
Joined on 10-12-2007
Posts 2

Re: spoofed P2P

Reply Contact

YMSG: spoofed P2P connection

Severity:High

Description: A remote client initialized an unexpected P2P connection

Process Path C:\Program files\yahoo!\messenger\YahooMessenger.exe

Attacker IP:

Action: logged event

Victim IP:

Alert: NO

Attacker Port:1570

Victim Port: 5101

Could this have occured using MSN messenger from Yahoo address? I thank you in advance for any insight on this reoccurring event log. I was not able to copy and paste from the event log~wish I could have.

Norman8

Filed under: blink, protection

10-14-2007 2:50 PM In reply to

lnicula
Joined on 06-05-2007
Irvine
Posts 694

Re: spoofed P2P

Reply Contact

Thank you.

We will analyze this event and fix it if is reported in error. It is likely that this is a false positive. To disable it, right click on the event, Go To Rule and disable it by unchecking the rule.

Regards
Laurentiu Nicula

Page 1 of 1 (4 items)