Firewall logging port 6346

From: Jos Kirps|EducDesign (jos.kirps@educdesign.lu)
Date: 01/29/03

  • Next message: Thiago Conde Figueiró: "Re: Packet from port 80 with spoofed microsoft.com ip" 
    Date: Wed, 29 Jan 2003 19:21:44 +0100
From: Jos Kirps|EducDesign <jos.kirps@educdesign.lu>
To: incidents@securityfocus.com

    My firewall has logged 131.114.2.90 trying to connect to
    my port 6346, this has been happening for quite some time
    now, about once a minute.

    I know that this is the standard port for Gnutella (it also
    says gnutella-svc), but I would like to know if this is just
    a server trying to connect to the wrong machine (I'm using
    a modem to connect to the internet, dynamic IP, maybe
    someone was communicating with 131.114.2.90 before
    I connected using this IP?), or could this be some malware?

    I traced the 131.114.2.90 machine back to ser-fib.unipi.it
    (131.114.191.50), but traceroute couldn't get any further.
    Could this mean that the network is slow / broken down
    there in Italy (I suppose it's Italy).

    Best regards,

    Jos Kirps

    -----------------------------------------------------
    EducDesign S.A.
    Where Learning and Technology meet

    20, rue de l'Ecole, L-3233 Bettembourg
    Luxembourg (Europe)
    tel. +352 51 66 52
    fax. +352 52 26 76
    -----------------------------------------------------
    http://www.educdesign.lu
    info@educdesign.lu
    -----------------------------------------------------
    IT-Services
    Intranet-Internet Solutions & Multimedia
    Innovation Managment & Project Development
    Consulting, Training & Coaching in IT and Education
    -----------------------------------------------------

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    Relevant Pages

    • Re: Turning on Media Sharing in WMP11
      ... I believe it forms quite a reasonable network media device. ... Turning on SSDP (it was disabled as was uPnP) to Manual and then UPnP ... If there is a firewall, or NAT, built into your ... You need to open port s: ...
      (microsoft.public.windowsmedia.player)
    • Re: May need to move from SBS because of connection issues
      ... Just to make sure you are clear regarding port 4125, ... access remote systems and you are behind a firewall on a non-SBS network, ... established that RWW worked TO your SBS network from outside. ... have been proof that the required ports were forwarded to the SBS server. ...
      (microsoft.public.windows.server.sbs)
    • Re: Identifying Internet Attacks
      ... contain the hacker to a particular machine, leave the machine on the network ... Some firewall software such as ... open ports; however, this will not identify which program is using the port. ... firewall logs, the IIS web and ftp server logs and Windows security event ...
      (microsoft.public.inetserver.iis.security)
    • Re: Leopard Firewall Warning
      ... machines on a particular network can access a port. ... The new scheme is an XP-style application based firewall; ... This, as an example, allows an attacker, once ...
      (uk.comp.sys.mac)
    • Re: firewall ports
      ... > I am wondering how safe my network is with the firewall i have set up.. ... how does this compromise the security to my network if at all? ... non-standard ports, anyone can run nmap or any type of port scanner to see ...
      (comp.security.firewalls)