Security Incidents mailing list archives

Re: Port 6688 Traffic

From: Patrick van Zweden <pvzweden () CAIW NL>
Date: Mon, 25 Sep 2000 08:17:38 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 13:36 22-9-2000 -0700, you wrote:

I am seeing "suspicious" traffic on port 6688. I have not found

references

to this port in the ususal resources (/etc/services,


My guess is that this is Gnutella

Someone recognize this protocol? This is what happens when I try to
telnet to one of these machines,

 Escape character is '^]'.
 1
 1HELP
 INVALID REQUESTConnection closed by foreign host.


Try to type a http request for a file and see what happens. Gnutella
works with a http-like protocol for downloading the files (don't know
if it's completely http).

Cu,

Patrick
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0

iQA/AwUBOc7f8i24bpT1ip5mEQK/mQCeLuXmz5hsFDe0PD24FFTn6lNWutQAmweB
8LOjcBtbAiaaFiwmzUzBx5+a
=abGC
-----END PGP SIGNATURE-----

----
P. van Zweden (pvzweden () caiw nl)
.. Programmers are busy writing the next best idiot proof software. The
universe, in the meantime, is busy making the next best idiot. The universe
is winning

Current thread:

Port 6688 Traffic Crist Clark (Sep 24)
- Re: Port 6688 Traffic Patrick van Zweden (Sep 25)
- Re: Port 6688 Traffic H D Moore (Sep 25)
- <Possible follow-ups>
- Re: Port 6688 Traffic Vern Paxson (Sep 26)