[Dshield] PlanetLab port 8808
TRushing at hollandco.com
Tue Oct 19 20:15:55 GMT 2004
We block outbound 8808 traffic and I've seen some odd hits in our firewall
for 18.104.22.168 port 8808. I've not had an opportunity to examine the
machine and I'm not seeing constant hammering, so I do not think this is
an infection issue.
A little searching shows that it looks like it is from a PlanetLab node.
>PlanetLab is a global network testbed in use by academic researchers at
>universities and companies around the world. You may find more
>about the project at
>I have copied the principal investigators of the research project that I
>believe is supporting a service on TCP port 8808, and who can and will
>provide you with additional details about their project. Their project is
>almost certainly not a parasitic or viral distribution network. If you
>provide them with more information about the offending traffic---source
>addresses, ports, and times---they should be able to resolve your
>or blacklist your site if that is appropriate.
>Please let us know at PlanetLab Operations if the matter is not resolved
The odd thing is that it appears to return binary data. A fully patched
IE takes a long time to resolve it and eventually displays no html source
but appears to show a 1x1 GIF on a blank page. In Firefox, it renders
much quicker, I also get a blank page and looking at the source seems to
show binary data that FireFox has interpreted as a GIF.
Likely this is just some type of web bug, but it did strike me as odd.
Wondering if anyone else has seen it or knows anything about it.
I've written Mark at PlanetLab but thought I'd check in here too.
More information about the list