Re: I am popular today...

[rmacphe () COMPTON NET (Rod MacPherson)]

Napster runs on a (semi)randomly chosen port. It could very well be 6688 on
one of your machines.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Dirk Koopman
Sent: Saturday, April 29, 2000 7:51 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: I am popular today...

If that is what is running on port 6688 then probably yes, although very
close questioning of the users seem to indicate that napster "isn't being
used".

There does seem to be a awful lot of activity between one of my machines and
the various icmp addresses on port 6688. I thought napster ran on a
different
port?

On 29-Apr-2000 Ryan Sweat wrote:
>      You or one of your machines have Napster running ?  This is the
likely
> cause for the ping requests.  Napster's clients ping the host when making
a
> query to find the response time of that host.
>
> Ryan
> ----- Original Message -----
> From: "Dirk Koopman" <djk () TOBIT CO UK>
> To: <INCIDENTS () SECURITYFOCUS COM>
> Sent: Friday, April 28, 2000 3:45 AM
> Subject: I am popular today...
>
>
> > Are ALL these people _really_ interested in the response time of my class
> C?
> > Or is this some kind of of (pointless) DoS? Has one of hidden M$ machines
> > been acquired by some trojan?
> >
> > Are you one of these?
> > ---------------------------- cut
> here --------------------------------------
> > Apr 27 16:44:24 gate iplog[10085]: ICMP: echo from
> cgowave-33-48.cgocable.net
> > (8 bytes)
> > Apr 27 16:46:23 gate iplog[10085]: ICMP: echo from i0567.vwr.wanadoo.nl
(8
> > bytes)
> > Apr 27 17:42:49 gate iplog[10085]: ICMP: echo from
> > csvr4068.st-poelten.cso.net (8 bytes)
> > Apr 27 18:07:01 gate iplog[10085]: ICMP: echo from A5a74.pppool.de (8
> bytes)

--
Dirk-Jan Koopman, Tobit Computer Co Ltd
At the source of every error which is blamed on the computer you will find
at least two human errors, including the error of blaming it on the
computer.