Re: TCP port 6346
From: Harri Nyman (harri@midian.net)Date: 07/31/01
- Previous message: denis: "Re: Port 119 Scans"
- In reply to: Dean Cunningham: "TCP port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B66EAF4.6CD723F6@midian.net> Date: Tue, 31 Jul 2001 20:29:24 +0300 From: Harri Nyman <harri@midian.net> To: Dean Cunningham <Dean.Cunningham@ew.govt.nz> Subject: Re: TCP port 6346
Gnutella file sharing client - as the iana numbers show. That break
simply shows that someone went to sleep and then reactivated their
client, I bet it's misconfigured bearshare for win98 platform.
Harri Nyman
Midian Communications
Dean Cunningham wrote:
>
> Any suggestions as to reason for this port to be used?
> 24.6.190.57 (cx659386-a.chspk1.va.home.com) has been knocking on my door for
> the last two days.
> About every 2 minutes, 01:00 GMT 11:00 GMT , a break of 14 hours and then
> they have started up again.
> This indicates (at least to me) they are not benign.
> 202.36.122.31 is a broadcast ip address for a portion of a subnetted IP, so
> no actual machine exists on our network.
> No NAT.
> Our proxy server sits on the same subnet?
>
> Summary:
> Source: 24.6.190.57
> Destination: 202.36.122.31
> Time NZST: 31 Jul 2001 12:41 to 12:58 (+1200)
> Time GMT: 31 Jul 2001 00:41 to 00:58
> Protocols: TCP port 6346
>
> Iana (http://www.iana.org/assignments/port-numbers) shows
>
> gnutella-svc 6346/tcp gnutella-svc
> gnutella-svc 6346/udp gnutella-svc
> gnutella-rtr 6347/tcp gnutella-rtr
> gnutella-rtr 6347/udp gnutella-rtr
>
> Is it possible for a user at my site to be trying to run gnutella (we allow
> high ports out) and I am just getting a reflection?
>
> your thoughts?
>
> regards
> Dean
> ***************************************************
> This e-mail is not an official statement of the
> Waikato Regional Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: denis: "Re: Port 119 Scans"
- In reply to: Dean Cunningham: "TCP port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
