Security Incidents mailing list archives

Re: tcp port 8000 from ss06.live365.com

From: AlexM () CHANCERY COM (Alex McCubbin)
Date: Wed, 24 May 2000 12:55:44 -0700


Makes sense that it came from a "broadcast station" as typically in my experience that port is used for Nullsoft's 
Shoutcast server software (of WinAMP fame)...  They might have momentarily misconfigured a relay IP or someone on your 
network is trying to set up a shoutcast server... =)

However, if that's not the case, I've heard that the NTMail product may have used port 8000 as well...  
http://www.ntmail.co.uk/ - specifically http://www.ntmail.co.uk/support/faq/index.htm?number=142&method=number

Cheers, Alex.

-----Original Message-----
From: Robert Joosten [mailto:robertj () WIREHUB NL]
Sent: Tuesday, May 23, 2000 12:12 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: tcp port 8000 from ss06.live365.com

Hi,

My firewall blocked quite a few connection attempts to port
8000 (I've seen
iRDMI listed; still don't know what that is ;(.

One log example:
"23/05/2000 20:41:10.029738 tun0 @0:13 b ss06.live365.com,45514 ->
ipxxx-xx-xxx-xxx.xxx.wirehub.net,8000 PR tcp len 20 44 -S IN"

The block did occure at: 20:41:06, 20:41:10, 20:41:16,
20:41:29, 20:41:58
and 20:42:51.

I've never seen such a attempt before. www.live365.com seemed
to be home of
a broadcast station. my syslog maps IP > addres and I don't
have captured
data-packet to look at right now.

Anyone has seen simular attempts logged or tell me what that
port is used for ?

r,
-= Robert

Current thread:

tcp port 8000 from ss06.live365.com Robert Joosten (May 23)
- Re: tcp port 8000 from ss06.live365.com meijin (May 24)
- Re: tcp port 8000 from ss06.live365.com gabriel rosenkoetter (May 24)
- Word Virus? Joseph Addison (May 24)
- <Possible follow-ups>
- Re: tcp port 8000 from ss06.live365.com Alex McCubbin (May 24)