[Dshield] Roadrunner (Long post, apologies)

John Sage jsage at finchhaven.com
Mon Oct 29 14:37:09 GMT 2001


Peter:

ahh..

Completely different picture, when you post the actual log.

Various source ports (which is quite normal..) on 65.34.72.90 attempting 
a tcp connection to your 6346 (which others here have id'ed as 
gnutella..) on your IP of 213.105.159.132

Just a thought: you might want to obfuscate *your* ip, maybe making the 
first octet 213. xxx. and making the second octet .105. into .yyy.

We don't need to see your IP to make sense of what's going on, and 
there's no reason to advertise it ;-)

- John

Peter Street wrote:

> Sure thing.  I did a quick grep-for-NT of the file, and produced this
> output:
> 
> ZALog.txt:FWIN,2001/10/28,19:38:24 +0:00
> GMT,65.34.72.90:4403,213.105.159.132:6346,TCP (flags:S)
> ZALog.txt:FWIN,2001/10/28,19:38:42 +0:00
> GMT,65.34.72.90:1200,213.105.159.132:6346,TCP (flags:S)
> ZALog.txt:FWIN,2001/10/28,19:40:35 +0:00
> GMT,65.34.72.90:3906,213.105.159.132:6346,TCP (flags:S)


<snip-a-lot>




More information about the list mailing list