[Dshield] Roadrunner (Long post, apologies)

Jeff Miller jrm.wa at verizon.net
Mon Oct 29 14:35:19 GMT 2001


Weeks, at least.  I'm still getting them.

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Johannes B. Ullrich
Sent: Monday, October 29, 2001 5:00 AM
To: dshield at dshield.org
Subject: RE: [Dshield] Roadrunner (Long post, apologies)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> ZALog.txt:FWIN,2001/10/28,20:00:16 +0:00
> GMT,65.34.72.90:1341,213.105.159.132:6346,TCP (flags:S)

The target port is 6346 for all the lines. This is 'Gnutella', one of the
more agressive file sharing programs. You can see these hits for days
after someone used Gnutella at this IP address.


- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE73VLmVOIizK5pIDMRArc+AKCtT6fInEOJr5/EJliIzFcZZmSlCACdFC3m
xKV97HjKBmuTKnmoIkn22HU=
=82Bq
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list