Re: Port 4662, 10 times more packets since november

From: jack (not@all.org)
Date: 02/16/03


From: jack <not@all.org>
Date: Sun, 16 Feb 2003 15:19:27 +0100

Kasper Dupont wrote:
> Is that a UDP or TCP port? I never received any packet
> on that port. Do you have static or dynamic IP address?

It's TCP, and its some of these edonkey/kazaa or things. - I have
the same problem here on my DSL. (There are some UDPs, to be
precise, but most of them are TCP to 4662; some to neighbouring
ports.)

The thing is that when You connect to Your ISP with dynamically
assigned IP numbers, You inherit one that somebody else used for
p2p things before. And it doesn't get better if You reject or drop
those packets... I tried it all.

To the OP: I am not doing this yet, but I've been thinking about
doing like so: In my firewall ruleset, I log all packets that are
not allowed with a "FIREWALL: " prefix. Now You could repeatedly
check "iptables -L" how many packets were caught there, and if the
number grows too big, make pppd drop the connection and get a new
one, hence a new IP.

This is a pain in the ass. I know.

I'm sitting in Germany, too, and connect via T-DSL. One thing I have
learned is that if You connect early in the morning, the situation
is somewhat better. I'm sure that that comes from that at that time,
the number of users that just dropped such a connection whose IP You
would then be assigned is less. - On weekends, I noticed that either
Saturday afternoon ("Bundesliga" Soccer League) or at night (Disco
and Party time) You have best chances to get an IP that is not
polluted with stale 4662 things.

Anyway, cheers, Jack.

-- 
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...