[Dshield] Port 7730
dshield at yaps4u.net
Fri Feb 17 16:58:47 GMT 2006
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of
> Valdis.Kletnieks at vt.edu
> Sent: 17 February 2006 16:04
> To: General DShield Discussion List
> Subject: Re: [Dshield] Port 7730
> On Fri, 17 Feb 2006 14:29:19 GMT, Chris Wright said:
> > Does anyone know of any apps that use Port 7730?
> > I've googled it to death with no luck.
> When trying to shoot one of these, it *always* helps if you
> specify whether it's a TCP or UDP packet, and can get a
> packet trace that includes full packet headers and payload,
> even if it's only the first packet or two (most of these
> things will give up after a few packets when they don't
> receive the expected response). If it retransmits a packet,
> *that* can be helpful data as well - anybody who can't tell
> if the source system is likely a Windows or Unix box by the
> retransmit pattern of a TCP SYN packet needs to take the SANS
> Intrusion Detection class.. ;)
> For UDP, just use 'tcpdump' or 'ethereal' or similar tool to
> catch the first packet. For TCP, you'll also need to set up
> a 'netcat' listener so something answers the 3-packet
> handshake and you see the first data packet.
> UDP; tcpdump -w /tmp/capture udp port 7730
> TCP: nc -l 7730 > /dev/null; tcpdump -w /tmp/capture tcp port 7730
> Hopefully that info helps somebody...
In this case it was Kiwi that I noticed the syslog messages in from my
Netgear DG834GT, so the packets never actually made it onto my network.
The traffic was so high that it bordered on a DOS attack since I couldn't
access the web with any great speed.
Unfortuately, I assumed it was afterglow, because of the lack of reports on
Dshield, but was curious as to what app was causing it.
Usually, I will forward that port to my linux box and capture the traffic,
but this time I didn't think it was malicious enough to do that.
Apologies. I should have made it clearer that I was really after the app
causing the afterglow.
As it appears to be a Kazaa related app, perhaps the recent Brit Pop 2006
Awards has caused a demand for music in the past few days.
More information about the list