[Dshield] PlanetLab port 8808

TRushing@hollandco.com TRushing at hollandco.com
Tue Oct 19 20:15:55 GMT 2004

We block outbound 8808 traffic and I've seen some odd hits in our firewall 
for port 8808.  I've not had an opportunity to examine the 
machine and I'm not seeing constant hammering, so I do not think this is 
an infection issue.

A little searching shows that it looks like it is from a PlanetLab node. 




which says:

>PlanetLab is a global network testbed in use by academic researchers at 
>universities and companies around the world. You may find more 
>about the project at
>I have copied the principal investigators of the research project that I 
>believe is supporting a service on TCP port 8808, and who can and will 
>provide you with additional details about their project. Their project is 

>almost certainly not a parasitic or viral distribution network. If you 
>provide them with more information about the offending traffic---source 
>addresses, ports, and times---they should be able to resolve your 
>or blacklist your site if that is appropriate.
>Please let us know at PlanetLab Operations if the matter is not resolved 
>your satisfaction.
>PlanetLab O

The odd thing is that it appears to return binary data.  A fully patched 
IE takes a long time to resolve it and eventually displays no html source 
but appears to show a 1x1 GIF on a blank page.  In Firefox, it renders 
much quicker, I also get a blank page and looking at the source seems to 
show binary data that FireFox has interpreted as a GIF. 

Likely this is just some type of web bug, but it did strike me as odd. 
Wondering if anyone else has seen it or knows anything about it.

I've written Mark at PlanetLab but thought I'd check in here too.

     Tim Rushing

More information about the list mailing list