Security Incidents mailing list archives
Re: Logging of connects to port 6346
From: Nicolas Couture <nc () stormvault net>
Date: 15 Apr 2003 13:16:38 -0400
On Mon, 2003-04-14 at 18:58, kbergen () bellsouth net wrote:
To all,
...
I have tried writing to the ISP of some of more numerous attempts. Most say that if you are talking about port 6346, then it is due to a dynamic IP address change, and there is nothing they will do. This is because they are assuming that you have recently taken over the IP address of a machine running a Gnutella service such as Limewire.
They're right.
I do not believe their answer, because I have been using an "always on" connection. I have had the same IP address since 04/04/03 at 14:29. Therefore, I counter that the connecting machines would not be connecting to me for the reasons that the ISP believes.
ISPs doesn't belives. An other fact would be that the exowner of the IP address you're using was using the Gnutella network to share big files and a descent amount of people had their download incomplete for what ever reason. Now if they try to resume their download(s), your "firewall/router" will detect the connection attempts and you will receive this information for an undefined amount of time.
I believe that the connection attempts must be stemming from another source. The conspiratorial side of me thinks "What better way to attack people then to attack a port that ISP's will ignore complaints on". Has anybody else seen similar problems? Can anybody help me with information on why these connection attempts are so numerous?
---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- Logging of connects to port 6346 kbergen (Apr 15)
- Re: Logging of connects to port 6346 Nicolas Couture (Apr 17)
- <Possible follow-ups>
- RE: Logging of connects to port 6346 LordInfidel (Apr 17)