[Dshield] Port 3315

Johannes B. Ullrich jullrich at sans.org
Sun Dec 7 02:37:28 GMT 2003

Post a couple logs to help us understand what may be going on. My first
guess would be P2P 'afterglow' as you suggest.

Characteristics of this:
A not very large number, but very diverse, sources and a slow dropoff
(no new sources after a while)

On Sat, 2003-12-06 at 18:33, Göran Strömstén wrote:
> Hi out there !
> Anyone whos's got an idea what's going on when my connection is recieving virtually a flood of attempts to reach port 3315 from various locations, these using various ports ? This represents over 90 % percent of all traffic stopped by my firewall during the last few days.
> One answer would be that since I have an dynamic IP-address, I have recently ended up with an IP-address earlier used by someone who has been using some kind of filesharing, Kazaa etc, but it might as well be something going on out there since this traffic is totally different from the normal background hum.
> Any suggestions appreciated !
> GS
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031206/93aa232a/attachment.bin

More information about the list mailing list