Security Incidents mailing list archives

Logging of connects to port 6346

From: <kbergen () bellsouth net>
Date: Mon, 14 Apr 2003 18:58:03 -0400
To all,

I have read all of the back information that I could find, and still do not
have my question answered. While I realize this is an old question, the
number of attempted connects that I get seem to be exorbitant.

I have logged 7520 attempted connects to my dynamic IP address between the
period of 04/03/03 at 09:03 and 04/10/03 at 16:15 ... or approximately 7 1/2
days. The logging is off of my Linksys router using the Kiwi syslogd
program.

I have tried writing to the ISP of some of more numerous attempts. Most say
that if you are talking about port 6346, then it is due to a dynamic IP
address change, and there is nothing they will do. This is because they are
assuming that you have recently taken over the IP address of a machine
running a Gnutella service such as Limewire.

I do not believe their answer, because I have been using an "always on"
connection. I have had the same IP address since 04/04/03 at 14:29.
Therefore, I counter that the connecting machines would not be connecting to
me for the reasons that the ISP believes.

I believe that the connection attempts must be stemming from another source.
The conspiratorial side of me thinks "What better way to attack people then
to attack a port that ISP's will ignore complaints on".

Has anybody else seen similar problems? Can anybody help me with information
on why these connection attempts are so numerous?

Regards,
Keith Bergen.

Here are some sample logs of the connects. Keep in mind that at this point
I've had the IP address since 04/03.

2003-04-09 22:03:13     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 2162 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:10:13     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 172.184.54.229 4133 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:14:34     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 213.93.197.49 52180 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:17:41     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 56471 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:21:54     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4375 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:26:58     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4698 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:38:20     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 58305 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:44:49     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 64548 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:54:42     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4652 65.81.41.141 6346<010>
commonModelId 
2003-04-09 22:58:55     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 60201 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:02:17     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 24.61.163.93 41634 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:10:21     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 3120 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:10:57     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.98.148.93 2984 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:13:16     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 199.222.161.102 59116 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:15:10     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 3234 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:19:30     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 33887 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:34:57     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 1347 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:54:13     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 1883 65.81.41.141 6346<010>
commonModelId 
2003-04-09 23:54:36     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4478 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:14:06     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 63.202.234.52 4309 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:39:06     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4273 65.81.41.141 6346<010>
commonModelId 
2003-04-10 00:41:01     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 199.222.161.102 25513 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:00:03     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 64925 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:22:50     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 80.142.44.128 4713 65.81.41.141 6346<010>
commonModelId 
2003-04-10 01:23:50     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 2632 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:07:55     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4958 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:09:05     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 62.119.135.194 1118 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:21:43     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 212.239.186.34 1952 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:35:44     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 24.61.163.93 56279 65.81.41.141 6346<010>
commonModelId 
2003-04-10 02:52:12     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 3327 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:05:05     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 81.224.231.248 65420 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:25:44     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 80.136.105.197 3944 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:35:45     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 1826 65.81.41.141 6346<010>
commonModelId 
2003-04-10 03:38:41     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 66.93.128.118 38561 65.81.41.141 6346<010>
commonModelId 
2003-04-10 04:19:37     Local7.Error    192.168.1.1
1.3.6.1.4.1.3955.1.1.0 @in 209.217.122.150 4176 65.81.41.141 6346<010>
commonModelId 



----------------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-incidents2
Download your free fully functional
trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
----------------------------------------------------------------------------
Current thread:

Logging of connects to port 6346 kbergen (Apr 15)
- Re: Logging of connects to port 6346 Nicolas Couture (Apr 17)
- <Possible follow-ups>
- RE: Logging of connects to port 6346 LordInfidel (Apr 17)