Re: Odd connection attempts from many addresses

From: John Bland (shrikeat_private)
Date: Fri Jan 25 2002 - 09:48:49 PST

  • Next message: Daniel F. Chief Security Engineer -: "DDoS attack."

    On Fri, 25 Jan 2002, James Hoagland wrote:
    
    > Hello John,
    >
    > Have you looked into whether your host X is advertising a service on
    > the ports in question?  A game server or some such.
    
    Yes. It turns out that 'X' was running an AudioGalaxy satellite and the
    connections appear to be P2P requests (the src and dest ports match the
    particular protocols) which matches the random nature of the hosts and the
    seemingly centrally managed port numbers they were trying to access.
    
    Cheers,
           JB
    
    -- 
    John Bland M.Phys (Hons) AMInstP /    \ PhD Student & Sys Admin
    Email: j.bland at cmp.liv.ac.uk /      \ Condensed Matter Group
    http://ringtail.cmp.liv.ac.uk/ /        \ Liverpool  University
     "Don't make me bite you in hard-to-reach places!" -- The Tick
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 10:49:35 PST