No accurance in IANA : http://www.iana.org/assignments/port-numbers http://www.snort.org/ports.html?port=6398 It's not in the snort port database. It's not in the trojan list : http://www.simovits.com/nyheter9902.html http://www.sys-security.com/html/papers/trojan_list.html So a capture of the tcp stream could be useful ;-) alx On Tue, 12 Mar 2002, John Campbell wrote: > Hi all, > > Very unusual activity noted on 3/11/2002: hundreds of hosts packeting > one of our dns/email servers on port 6398. Firewall bounced and logged > everything. Sources all over the map but the majority look like ISP end > users. Sources sent between 1 and 48 packets each. Sorry no packet > trace - firewall just drops and logs. Anybody seen anything like this? > A couple of days earlier, we had a number of hits on same box for 6346 > (gnutella.) > > Curious if anyone else has seen anything similar. > > John Campbell, GCWN > Information Security Engineer > Washington School Information Processing Cooperative > (WSIPC) > Email: jcampbellat_private > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > -- Alexandre Dulaunoy adulauat_private http://www.conostix.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 12:40:05 PST