Any suggestions as to reason for this port to be used? 24.6.190.57 (cx659386-a.chspk1.va.home.com) has been knocking on my door for the last two days. About every 2 minutes, 01:00 GMT 11:00 GMT , a break of 14 hours and then they have started up again. This indicates (at least to me) they are not benign. 202.36.122.31 is a broadcast ip address for a portion of a subnetted IP, so no actual machine exists on our network. No NAT. Our proxy server sits on the same subnet? Summary: Source: 24.6.190.57 Destination: 202.36.122.31 Time NZST: 31 Jul 2001 12:41 to 12:58 (+1200) Time GMT: 31 Jul 2001 00:41 to 00:58 Protocols: TCP port 6346 Iana (http://www.iana.org/assignments/port-numbers) shows gnutella-svc 6346/tcp gnutella-svc gnutella-svc 6346/udp gnutella-svc gnutella-rtr 6347/tcp gnutella-rtr gnutella-rtr 6347/udp gnutella-rtr Is it possible for a user at my site to be trying to run gnutella (we allow high ports out) and I am just getting a reflection? your thoughts? regards Dean *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:24:51 PDT