Logging of connects to port 6346

From: kbergenat_private
Date: Mon Apr 14 2003 - 15:58:03 PDT

Next message: Mike Parkin: "Re: New trojan? Old trojan with new characteristics? Anyone seenthis?"

Previous message: defaillanceat_private: "Port 3366 activity"
Next in thread: LordInfidel: "RE: Logging of connects to port 6346"
Reply: LordInfidel: "RE: Logging of connects to port 6346"
Reply: Nicolas Couture: "Re: Logging of connects to port 6346"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To all,

I have read all of the back information that I could find, and still do not
have my question answered. While I realize this is an old question, the
number of attempted connects that I get seem to be exorbitant.

I have logged 7520 attempted connects to my dynamic IP address between the
period of 04/03/03 at 09:03 and 04/10/03 at 16:15 ... or approximately 7 1/2
days. The logging is off of my Linksys router using the Kiwi syslogd
program.

I have tried writing to the ISP of some of more numerous attempts. Most say
that if you are talking about port 6346, then it is due to a dynamic IP
address change, and there is nothing they will do. This is because they are
assuming that you have recently taken over the IP address of a machine
running a Gnutella service such as Limewire.

I do not believe their answer, because I have been using an "always on"
connection. I have had the same IP address since 04/04/03 at 14:29.
Therefore, I counter that the connecting machines would not be connecting to
me for the reasons that the ISP believes.

I believe that the connection attempts must be stemming from another source.
The conspiratorial side of me thinks "What better way to attack people then
to attack a port that ISP's will ignore complaints on".

Has anybody else seen similar problems? Can anybody help me with information
on why these connection attempts are so numerous?

Regards,
Keith Bergen.

Here are some sample logs of the connects. Keep in mind that at this point
I've had the IP address since 04/03.

2003-04-09 22:03:13	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 2162 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:10:13	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 172.184.54.229 4133 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:14:34	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 213.93.197.49 52180 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:17:41	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 56471 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:21:54	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4375 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:26:58	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4698 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:38:20	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 58305 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:44:49	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 64548 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:54:42	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4652 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:58:55	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 60201 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:02:17	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 24.61.163.93 41634 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:10:21	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 3120 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:10:57	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.98.148.93 2984 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:13:16	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 199.222.161.102 59116 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:15:10	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 3234 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:19:30	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 33887 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:34:57	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 1347 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:54:13	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 1883 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:54:36	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4478 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:14:06	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4309 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:39:06	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4273 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:41:01	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 199.222.161.102 25513 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:00:03	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 64925 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:22:50	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 80.142.44.128 4713 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:23:50	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 2632 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:07:55	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4958 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:09:05	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 62.119.135.194 1118 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:21:43	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 212.239.186.34 1952 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:35:44	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 24.61.163.93 56279 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:52:12	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 3327 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:05:05	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 65420 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:25:44	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 80.136.105.197 3944 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:35:45	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 1826 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:38:41	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 38561 65.81.41.141 6346<010>
commonModelId 
2003-04-10 04:19:37	Local7.Error	192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4176 65.81.41.141 6346<010>
commonModelId 



----------------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-incidents2
Download your free fully functional
trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
----------------------------------------------------------------------------

Next message: Mike Parkin: "Re: New trojan? Old trojan with new characteristics? Anyone seenthis?"
Previous message: defaillanceat_private: "Port 3366 activity"
Next in thread: LordInfidel: "RE: Logging of connects to port 6346"
Reply: LordInfidel: "RE: Logging of connects to port 6346"
Reply: Nicolas Couture: "Re: Logging of connects to port 6346"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 09:57:36 PDT