Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logging of connects to port 6346

From: Nicolas Couture <nc () stormvault net>
Date: 15 Apr 2003 13:16:38 -0400
On Mon, 2003-04-14 at 18:58, kbergen () bellsouth net wrote:

To all,


...


I have tried writing to the ISP of some of more numerous attempts. Most say
that if you are talking about port 6346, then it is due to a dynamic IP
address change, and there is nothing they will do. This is because they are
assuming that you have recently taken over the IP address of a machine
running a Gnutella service such as Limewire.


They're right.
 

I do not believe their answer, because I have been using an "always on"
connection. I have had the same IP address since 04/04/03 at 14:29.
Therefore, I counter that the connecting machines would not be connecting to
me for the reasons that the ISP believes.


ISPs doesn't belives. An other fact would be that the exowner of the IP
address you're using was using the Gnutella network to share big files
and a descent amount of people had their download incomplete for what
ever reason. Now if they try to resume their download(s), your
"firewall/router" will detect the connection attempts and you will
receive this information for an undefined amount of time. 
 

I believe that the connection attempts must be stemming from another source.
The conspiratorial side of me thinks "What better way to attack people then
to attack a port that ISP's will ignore complaints on".

Has anybody else seen similar problems? Can anybody help me with information
on why these connection attempts are so numerous?




----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: