RE: Firewall logging port 6346
From: Christopher Wagner (chrisw@pacaids.com)
Date: 01/30/03
- Previous message: Bruce McLeod: "RE: MSDE contained in..."
- Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
- Next in thread: Vestal, David: "Re: Firewall logging port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Christopher Wagner <chrisw@pacaids.com> To: "'incidents@securityfocus.com'" <incidents@securityfocus.com> Date: Wed, 29 Jan 2003 16:02:03 -0800
If you are using a dynamic ip then the obvious answer is the correct one.
Most likely the person on that IP before you was sitting on the Gnutella
network for some time. I know of no specific malware that uses this port (I
don't know everything though!!!!) I would be unconcerned. It does not mean
the network is broken there in Italy, it just means that the client on that
end is attempting to resume a download they were transferring before from
that client (instead of searching again to find different sources).
- Christopher Wagner
chrisw@pacaids.com
Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116
-----Original Message-----
From: Jos Kirps|EducDesign [mailto:jos.kirps@educdesign.lu]
Sent: Wednesday, January 29, 2003 3:22 PM
To: incidents@securityfocus.com
Subject: Firewall logging port 6346
My firewall has logged 131.114.2.90 trying to connect to
my port 6346, this has been happening for quite some time
now, about once a minute.
I know that this is the standard port for Gnutella (it also
says gnutella-svc), but I would like to know if this is just
a server trying to connect to the wrong machine (I'm using
a modem to connect to the internet, dynamic IP, maybe
someone was communicating with 131.114.2.90 before
I connected using this IP?), or could this be some malware?
I traced the 131.114.2.90 machine back to ser-fib.unipi.it
(131.114.191.50), but traceroute couldn't get any further.
Could this mean that the network is slow / broken down
there in Italy (I suppose it's Italy).
Best regards,
Jos Kirps
-----------------------------------------------------
EducDesign S.A.
Where Learning and Technology meet
20, rue de l'Ecole, L-3233 Bettembourg
Luxembourg (Europe)
tel. +352 51 66 52
fax. +352 52 26 76
-----------------------------------------------------
http://www.educdesign.lu
info@educdesign.lu
-----------------------------------------------------
IT-Services
Intranet-Internet Solutions & Multimedia
Innovation Managment & Project Development
Consulting, Training & Coaching in IT and Education
-----------------------------------------------------
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
SPAM: ---- Start SpamAssassin results
SPAM: 0 hits, 5 required;
SPAM:
SPAM: ---- End of SpamAssassin results
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Vestal, David: "Re: Firewall logging port 6346"
- Previous message: Bruce McLeod: "RE: MSDE contained in..."
- Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
- Next in thread: Vestal, David: "Re: Firewall logging port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
