Re: Firewall logging port 6346

From: David Hickman (dhickmanat_private)
Date: Thu Jan 30 2003 - 07:40:56 PST

Next message: Tomasz Papszun: "Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"

Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i made the mistake of running gnutella over a year ago and I still
have machines hitting my firewall.

dhickmanat_private


Jos Kirps|EducDesign wrote:

> Date: Wed, 29 Jan 2003 19:21:44 +0100
> Subject: Firewall logging port 6346
> From: Jos Kirps|EducDesign <jos.kirpsat_private>
> To: incidentsat_private
> 
> 
> My firewall has logged 131.114.2.90 trying to connect to
> my port 6346, this has been happening for quite some time
> now, about once a minute.
> 
> I know that this is the standard port for Gnutella (it also
> says gnutella-svc), but I would like to know if this is just
> a server trying to connect to the wrong machine (I'm using
> a modem to connect to the internet, dynamic IP, maybe
> someone was communicating with 131.114.2.90 before
> I connected using this IP?), or could this be some malware?
> 
> I traced the 131.114.2.90 machine back to ser-fib.unipi.it
> (131.114.191.50), but traceroute couldn't get any further.
> Could this mean that the network is slow / broken down
> there in Italy (I suppose it's Italy).
> 
> Best regards,
> 
> Jos Kirps
> 
> -----------------------------------------------------
> EducDesign S.A.
> Where Learning and Technology meet
> 
> 20, rue de l'Ecole, L-3233 Bettembourg
> Luxembourg (Europe)
> tel. +352 51 66 52
> fax. +352 52 26 76
> -----------------------------------------------------
> http://www.educdesign.lu
> infoat_private
> -----------------------------------------------------
> IT-Services
> Intranet-Internet Solutions & Multimedia
> Innovation Managment & Project Development
> Consulting, Training & Coaching in IT and Education
> -----------------------------------------------------
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management and 
> tracking system please see: http://aris.securityfocus.com
> 
> 
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tomasz Papszun: "Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 11:01:14 PST