('binary' encoding is not supported, stored as-is) Hi, It is about 2:00 am here in California and for about the last hour since I got onto my pc, I have see a lot of traffic blocked by ZoneAlarm with a that was trying to connect to my box on udp port 41170. I started running Ethereal after I saw he first 10 packets or so. Ethereal identified the first udp/41170 packet it saw as being part of the "slimp3" protocol. The funny thing is that it hasn't identified the "slimp3" protocol since. The source address of the packets are almost all different as are the source ports (which are all udp and pretty high up ports). I did check out a little over a dozen address and they are from broadband companies and some foreign countries. I have been checking the packet contents in Ethereal and the content looks different in each packet. Just wanted to compare notes with anyone else out there and I'm sorry if I have wasted anyone's time with this post. Later, B. Thomason P.S. There were about three posts or so back in March of this year about this kind of activity. ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 17 2003 - 18:02:42 PDT