Gnutella file sharing client - as the iana numbers show. That break simply shows that someone went to sleep and then reactivated their client, I bet it's misconfigured bearshare for win98 platform. Harri Nyman Midian Communications Dean Cunningham wrote: > > Any suggestions as to reason for this port to be used? > 24.6.190.57 (cx659386-a.chspk1.va.home.com) has been knocking on my door for > the last two days. > About every 2 minutes, 01:00 GMT 11:00 GMT , a break of 14 hours and then > they have started up again. > This indicates (at least to me) they are not benign. > 202.36.122.31 is a broadcast ip address for a portion of a subnetted IP, so > no actual machine exists on our network. > No NAT. > Our proxy server sits on the same subnet? > > Summary: > Source: 24.6.190.57 > Destination: 202.36.122.31 > Time NZST: 31 Jul 2001 12:41 to 12:58 (+1200) > Time GMT: 31 Jul 2001 00:41 to 00:58 > Protocols: TCP port 6346 > > Iana (http://www.iana.org/assignments/port-numbers) shows > > gnutella-svc 6346/tcp gnutella-svc > gnutella-svc 6346/udp gnutella-svc > gnutella-rtr 6347/tcp gnutella-rtr > gnutella-rtr 6347/udp gnutella-rtr > > Is it possible for a user at my site to be trying to run gnutella (we allow > high ports out) and I am just getting a reflection? > > your thoughts? > > regards > Dean > *************************************************** > This e-mail is not an official statement of the > Waikato Regional Council unless otherwise stated. > Visit our website http://www.ew.govt.nz > *************************************************** > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 11:21:04 PDT