[Dshield] Ports 27015, 55000, 6881, 7008 and 65534
eslerj at gmail.com
Thu Jan 5 17:33:57 GMT 2006
I would probably venture a guess that those people that are reporting
6881 and 27015 have bittorrent or halflife clients on their network,
and are just sending in their logs.
happens to me when i use bittorrent (for legal purposes of course!),
I have a high influx of 6881 in my firewall logs, thusly, submitted.
On Jan 5, 2006, at 11:35 AM, Jon R. Kibler wrote:
> A curiosity question... if you are reporting to DShield hits on any
> of the following ports:
> halflife 27015
> (unknown) 55000
> bittorrent 6881
> afs3-update 7008
> sbininitd 65534
> It would be real informative to everyone to know exactly what is
> going on. For the past couple of days, these ports have been among
> the top 10 ports (and for months, bittorrent has been in that
> group). However, unlike most ports where there are a large number
> of sources and and even larger number of targets, for these ports
> there are a modest number of sources and a trivial (< 50 most days)
> number of targets.
> So if you are among the couple of dozen sites reporting getting
> whacked on these ports, can you please answer these questions?
> Are these ports under attack -- DDoS?
> If not, why are you attracting so much bogus traffic to these ports?
> Intuition tells me that this must indicate some sort of attack...
> and I would like to know if I am right or not.
> Thanks for your reply!
> Jon Kibler
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.
> Learn about Intrusion Detection in Depth from the comfort of your
> own couch:
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://
More information about the list