[Dshield] Roadrunner

Jeff Miller jrm.wa at verizon.net
Mon Oct 29 04:07:11 GMT 2001

6346 is the Gnutella network (LimeWire).  You see those "hits" when you shut
down your LimeWire app.  You're busted....

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Peter Street
Sent: Sunday, October 28, 2001 1:58 PM
To: dshield at dshield.org
Subject: [Dshield] Roadrunner

Just noticed quite a few reports in ZA-Pro's logs from

FWIN,2001/10/28,20:38:22 +0:00
GMT,,,TCP (flags:S)

These appear to be targeting lots of different ports, including:
4597, 1979, 1173, 1428, 2978, 3547, 3765, 1044, 1860, 1881, 1136
and quite a few others.  (If it would help, I can put a full list up).

Basically, is there somewhere I can find out what they were trying to
do?  AFAIK it's still happening (I'm running Windows XP Pro RC2 (Build
2525), and I have IIS 5.1 working with my development website on it -
does anyone know of any exploits and patches I need to consider with

Any help would be much appreciated.

Peter Street
Web Developer / Manager
LazerFX Productions
www.lazerfx.co.uk (Under Construction)

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list