Port 6688 Traffic

[Crist Clark <crist.clark () GLOBALSTAR COM>]

I am seeing "suspicious" traffic on port 6688. I have not found references
to this port in the ususal resources (/etc/services,
http://advice.networkice.com/advice/Exploits/Ports/,
http://www.robertgraham.com/pubs/firewall-seen.html, etc.). My very
rough analysis of the pattern and after catching some traffic leads
me to guess that this might be a Napster port, Napster-workaround
port, or something similar.

Someone recognize this protocol? This is what happens when I try to
telnet to one of these machines,

  $ telnet remote-host.at-some.cable-isp.com 6688
  Trying 24.123.45.67...
  Connected to remote-host.at-some.cable-isp.com
  Escape character is '^]'.
  1

At this point, I don't know what to say, so I type something, 'HELP,' in
this example,

  1HELP
  INVALID REQUESTConnection closed by foreign host.

Anyone familiar with this? If it is Napster or some sharing program,
fine, whatever, I am worried about malware.
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com