On Fri, 25 Jan 2002, James Hoagland wrote:
> Hello John,
>
> Have you looked into whether your host X is advertising a service on
> the ports in question? A game server or some such.
Yes. It turns out that 'X' was running an AudioGalaxy satellite and the
connections appear to be P2P requests (the src and dest ports match the
particular protocols) which matches the random nature of the hosts and the
seemingly centrally managed port numbers they were trying to access.
Cheers,
JB
--
John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin
Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group
http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University
"Don't make me bite you in hard-to-reach places!" -- The Tick
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 10:49:35 PST