Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Odd traffic on port 7002 need help figuring it out.

From: steveg <steveg () stevegcentral com>
Date: Thu, 13 Jun 2002 15:24:57 -0700 (PDT)


That's the one !! I just installed the latest HL upgrade yesterday. I
couldn't figure out how they could be related mostly since I was not seeing
any traffic on the inside but apparently that was my fault.

Thanks for all the answers I got. I truly appreciate the help

steveg

 On Thu, 13 Jun 2002, nito wrote:


On Wednesday 12 June 2002 23:18, steveg wrote:


20:33:07.209934 > myfirewallbox.63425 > 63.251.143.213.7002: S


You might see traffic to/from 63.251.143.213.7002 if you're playing
multiplayer Half-Life or its derivatives.


%dig half-life.central.won.net

half-life.central.won.net. 3600 IN      CNAME   junee.boston.sierra.com.
junee.boston.sierra.com. 86400  IN      A       63.251.143.213


This hostname:port is listed in the half-life file, woncomm.lst:


// Server Lists
//
Titan
{
 half-life.east.won.net:6003
 half-life.west.won.net:6003
 half-life.central.won.net:6003
}

Auth
{
 half-life.east.won.net:7002
 half-life.west.won.net:7002
 half-life.central.won.net:7002
}

Master
{
 half-life.east.won.net:27010
 half-life.west.won.net:27010
 half-life.central.won.net:27010
}

ModServer
{
 half-life.east.won.net:27011
 half-life.west.won.net:27011
 half-life.central.won.net:27011
}

Regards,

   nito




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: