Security Incidents mailing list archives
Re: Port 6688 Traffic
From: Patrick van Zweden <pvzweden () CAIW NL>
Date: Mon, 25 Sep 2000 08:17:38 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 13:36 22-9-2000 -0700, you wrote:
I am seeing "suspicious" traffic on port 6688. I have not found
references
to this port in the ususal resources (/etc/services,
My guess is that this is Gnutella
Someone recognize this protocol? This is what happens when I try to telnet to one of these machines,
Escape character is '^]'. 1 1HELP INVALID REQUESTConnection closed by foreign host.
Try to type a http request for a file and see what happens. Gnutella works with a http-like protocol for downloading the files (don't know if it's completely http). Cu, Patrick -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0 iQA/AwUBOc7f8i24bpT1ip5mEQK/mQCeLuXmz5hsFDe0PD24FFTn6lNWutQAmweB 8LOjcBtbAiaaFiwmzUzBx5+a =abGC -----END PGP SIGNATURE----- ---- P. van Zweden (pvzweden () caiw nl) .. Programmers are busy writing the next best idiot proof software. The universe, in the meantime, is busy making the next best idiot. The universe is winning
Current thread:
- Port 6688 Traffic Crist Clark (Sep 24)
- Re: Port 6688 Traffic Patrick van Zweden (Sep 25)
- Re: Port 6688 Traffic H D Moore (Sep 25)
- <Possible follow-ups>
- Re: Port 6688 Traffic Vern Paxson (Sep 26)