Security Incidents mailing list archives
Re: tcp port 8000 from ss06.live365.com
From: AlexM () CHANCERY COM (Alex McCubbin)
Date: Wed, 24 May 2000 12:55:44 -0700
Makes sense that it came from a "broadcast station" as typically in my experience that port is used for Nullsoft's Shoutcast server software (of WinAMP fame)... They might have momentarily misconfigured a relay IP or someone on your network is trying to set up a shoutcast server... =) However, if that's not the case, I've heard that the NTMail product may have used port 8000 as well... http://www.ntmail.co.uk/ - specifically http://www.ntmail.co.uk/support/faq/index.htm?number=142&method=number Cheers, Alex.
-----Original Message----- From: Robert Joosten [mailto:robertj () WIREHUB NL] Sent: Tuesday, May 23, 2000 12:12 PM To: INCIDENTS () SECURITYFOCUS COM Subject: tcp port 8000 from ss06.live365.com Hi, My firewall blocked quite a few connection attempts to port 8000 (I've seen iRDMI listed; still don't know what that is ;(. One log example: "23/05/2000 20:41:10.029738 tun0 @0:13 b ss06.live365.com,45514 -> ipxxx-xx-xxx-xxx.xxx.wirehub.net,8000 PR tcp len 20 44 -S IN" The block did occure at: 20:41:06, 20:41:10, 20:41:16, 20:41:29, 20:41:58 and 20:42:51. I've never seen such a attempt before. www.live365.com seemed to be home of a broadcast station. my syslog maps IP > addres and I don't have captured data-packet to look at right now. Anyone has seen simular attempts logged or tell me what that port is used for ? r, -= Robert
Current thread:
- tcp port 8000 from ss06.live365.com Robert Joosten (May 23)
- Re: tcp port 8000 from ss06.live365.com meijin (May 24)
- Re: tcp port 8000 from ss06.live365.com gabriel rosenkoetter (May 24)
- Word Virus? Joseph Addison (May 24)
- <Possible follow-ups>
- Re: tcp port 8000 from ss06.live365.com Alex McCubbin (May 24)