Re: Firewall logging port 6346
From: David Hickman (dhickman@yahoo.com)
Date: 01/30/03
- Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
- Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Hickman <dhickman@yahoo.com> To: Jos Kirps|EducDesign <jos.kirps@educdesign.lu>, incidents@securityfocus.com Date: Thu, 30 Jan 2003 09:40:56 -0600
i made the mistake of running gnutella over a year ago and I still
have machines hitting my firewall.
Jos Kirps|EducDesign wrote:
> Date: Wed, 29 Jan 2003 19:21:44 +0100
> Subject: Firewall logging port 6346
> From: Jos Kirps|EducDesign <jos.kirps@educdesign.lu>
> To: incidents@securityfocus.com
>
>
> My firewall has logged 131.114.2.90 trying to connect to
> my port 6346, this has been happening for quite some time
> now, about once a minute.
>
> I know that this is the standard port for Gnutella (it also
> says gnutella-svc), but I would like to know if this is just
> a server trying to connect to the wrong machine (I'm using
> a modem to connect to the internet, dynamic IP, maybe
> someone was communicating with 131.114.2.90 before
> I connected using this IP?), or could this be some malware?
>
> I traced the 131.114.2.90 machine back to ser-fib.unipi.it
> (131.114.191.50), but traceroute couldn't get any further.
> Could this mean that the network is slow / broken down
> there in Italy (I suppose it's Italy).
>
> Best regards,
>
> Jos Kirps
>
> -----------------------------------------------------
> EducDesign S.A.
> Where Learning and Technology meet
>
> 20, rue de l'Ecole, L-3233 Bettembourg
> Luxembourg (Europe)
> tel. +352 51 66 52
> fax. +352 52 26 76
> -----------------------------------------------------
> http://www.educdesign.lu
> info@educdesign.lu
> -----------------------------------------------------
> IT-Services
> Intranet-Internet Solutions & Multimedia
> Innovation Managment & Project Development
> Consulting, Training & Coaching in IT and Education
> -----------------------------------------------------
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management and
> tracking system please see: http://aris.securityfocus.com
>
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Tomasz Papszun: "Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
- Previous message: Michael Rowe: "Re: Packet from port 80 with spoofed microsoft.com ip"
- Maybe in reply to: Jos Kirps|EducDesign: "Firewall logging port 6346"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
