Snort mailing list archives
GNUTELLA goes berserk
From: "Distribution Lists" <dist-lists () e-securenetworks net>
Date: Tue, 19 Nov 2002 13:33:20 -0600 (CST)
I noticed this a while back. Every now and then snort will pick up lots of portscan on port 6346, which is used by Gnutella. I know that that there are users on my private LAN that use Gnutella, but not at the times that Snort has detected the portscans. Has anyone seen anything similar ? Any explanation to this ? 07/24-03:26:00.670670 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:30:29.695242 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:31:34.950557 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:32:42.764238 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:33:40.086794 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:35:41.910639 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-03:36:51.916230 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-14:51:24.972247 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-14:54:22.552018 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-14:57:36.724448 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:19:40.723331 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:22:12.266157 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:27:32.316704 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:28:36.327405 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:29:40.338466 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-15:31:20.204561 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-16:19:59.870509 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-16:23:56.688415 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] 07/24-16:28:48.996486 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to port 6346 from 148.63.173.101 (STEALTH) [**] ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- GNUTELLA goes berserk Distribution Lists (Nov 19)