Security Incidents mailing list archives

Re: Port 3889 Traffic

From: Eric Ceradsky <eric.ceradsky () sbcglobal net>
Date: 11 May 2004 06:43:21 -0000

In-Reply-To: <F2F587B9DD51284EB3197919CADBC468053245 () forums 20vturbo com>

See I original thought and still suspect torrent traffic. 

Slackware.org is using torrents for downloading thier free distro ISOs now. I bet that was it. I was running slackware 
before and had to grab an ISO from them. I didn't notice the traffic before cause I didn't have logging turn up until 
now. And when I was done people were prob still trying to hit my ip for my seed.

So I released my IP and got a new one and the traffic stopped and I haven't seen if for the last few days.

Its sounds like to me that makes the most sense. However the one thing that was making me question was the fact that I 
know torrents run on ports 6881-6889 not 3889. 

But that link does show that its changable.. maybe some bit torrent client has a default that changes it to 3889 
because obviously I was seeing several different clients with the same port so the odds of them just randomly using 
that port would see to high.

Anyway that seems to be the most logical explaination.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Port 3889 Traffic Eric Ceradsky (May 10)
- Re: Port 3889 Traffic kang (May 10)
  - RE: Port 3889 Traffic Samuel Petreski (May 10)
    - Re: Port 3889 Traffic kang (May 10)
  - Re: Port 3889 Traffic KUIJPERS Jimmy (May 10)
- <Possible follow-ups>
- RE: Port 3889 Traffic Josh.Berry (May 10)
  - Re: Port 3889 Traffic Francisco J. Pecorella R. (May 10)
    - RE: Port 3889 Traffic Rob Shein (May 10)
- RE: Port 3889 Traffic Meidinger Chris (May 10)
- RE: Port 3889 Traffic sk3tch (May 10)
- Re: Port 3889 Traffic Eric Ceradsky (May 11)
- RE: Port 3889 Traffic Dennis Schut (May 11)
- RE: Port 3889 Traffic Steven Trewick (May 11)