[Dshield] Ports 27015, 55000, 6881, 7008 and 65534

Jon R. Kibler Jon.Kibler at aset.com
Thu Jan 5 16:35:18 GMT 2006


Greetings,

A curiosity question... if you are reporting to DShield hits on any of the following ports: 

	halflife        27015
	(unknown)       55000
	bittorrent      6881
	afs3-update     7008
	sbininitd       65534

It would be real informative to everyone to know exactly what is going on. For the past couple of days, these ports have been among the top 10 ports (and for months, bittorrent has been in that group). However, unlike most ports where there are a large number of sources and and even larger number of targets, for these ports there are a modest number of sources and a trivial (< 50 most days) number of targets. 

So if you are among the couple of dozen sites reporting getting whacked on these ports, can you please answer these questions?
	Are these ports under attack -- DDoS?
	If not, why are you attracting so much bogus traffic to these ports?

Intuition tells me that this must indicate some sort of attack... and I would like to know if I am right or not.

Thanks for your reply!

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list