[Dshield] Roadrunner (Long post, apologies)

Johannes B. Ullrich jullrich at euclidian.com
Mon Oct 29 13:00:20 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> ZALog.txt:FWIN,2001/10/28,20:00:16 +0:00
> GMT,65.34.72.90:1341,213.105.159.132:6346,TCP (flags:S)

The target port is 6346 for all the lines. This is 'Gnutella', one of the 
more agressive file sharing programs. You can see these hits for days 
after someone used Gnutella at this IP address.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE73VLmVOIizK5pIDMRArc+AKCtT6fInEOJr5/EJliIzFcZZmSlCACdFC3m
xKV97HjKBmuTKnmoIkn22HU=
=82Bq
-----END PGP SIGNATURE-----




More information about the list mailing list