Snort mailing list archives

Previous By Date Next
Previous By Thread Next

GNUTELLA goes berserk

From: "Distribution Lists" <dist-lists () e-securenetworks net>
Date: Tue, 19 Nov 2002 13:33:20 -0600 (CST)
I noticed this a while back. Every now and then snort will pick up lots of
 portscan on port 6346, which is used by Gnutella.

I know that that there are users on my private LAN that use Gnutella, but
not at the times that Snort has detected the portscans.

Has anyone seen anything similar ?

Any explanation to this ?


07/24-03:26:00.670670  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:30:29.695242  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:31:34.950557  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:32:42.764238  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:33:40.086794  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:35:41.910639  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-03:36:51.916230  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-14:51:24.972247  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-14:54:22.552018  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-14:57:36.724448  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:19:40.723331  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:22:12.266157  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:27:32.316704  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:28:36.327405  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:29:40.338466  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-15:31:20.204561  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-16:19:59.870509  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-16:23:56.688415  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]
07/24-16:28:48.996486  [**] [100:1:1] spp_portscan: PORTSCAN DETECTED to
port 6346 from 148.63.173.101 (STEALTH) [**]





-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: