[Dshield] Port 43521 - P2P afterglow?

MaXX bs139412 at skynet.be
Sat Mar 18 17:56:20 GMT 2006


My firewall is  dropping 2000 to 3000 pkt/hour on port 43521/UDP, I've 
captured some packets and they only contain about 40-5Ob of "random looking" 
data. 

--DST_Port 43521--
Distinct sources 58
Distinct source port: 3197
UDP packets: 10738 
TCP packets: 648


Is that something to be scared of?
thanks, 
MaXX

PS: Its my home firewall (dynamic IP).

Random packet captured:
No.     Time        Source                Destination           Protocol Info
     35 9.492916    71.139.202.33         10.0.0.1              UDP      
Source port: 6881  Destination port: 43521

Frame 35 (104 bytes on wire, 96 bytes captured)
    Arrival Time: Mar 18, 2006 18:36:13.372231000
    Time delta from previous packet: 0.685723000 seconds
    Time since reference or first frame: 9.492916000 seconds
    Frame Number: 35
    Packet Length: 104 bytes
    Capture Length: 96 bytes
    Protocols in frame: eth:ip:udp:data
Ethernet II, Src: ThomsonT_bb:c3:ed (00:90:d0:bb:c3:ed), Dst: 
RealtekS_02:7e:b0 (00:e0:4c:02:7e:b0)
    Destination: RealtekS_02:7e:b0 (00:e0:4c:02:7e:b0)
    Source: ThomsonT_bb:c3:ed (00:90:d0:bb:c3:ed)
    Type: IP (0x0800)
Internet Protocol, Src: 71.139.202.33 (71.139.202.33), Dst: 10.0.0.1 
(10.0.0.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 90
    Identification: 0xb828 (47144)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 41
    Protocol: UDP (0x11)
    Header checksum: 0xbdbd [correct]
        Good: True
        Bad : False
    Source: 71.139.202.33 (71.139.202.33)
    Destination: 10.0.0.1 (10.0.0.1)
User Datagram Protocol, Src Port: 6881 (6881), Dst Port: 43521 (43521)
    Source port: 6881 (6881)
    Destination port: 43521 (43521)
    Length: 70
    Checksum: 0x2317
Data (54 bytes)

0000  f3 7c 98 56 b3 f3 aa 8e 00 00 04 04 03 16 8e b0   .|.V............
0010  0c 00 00 00 00 0c 04 47 8b ca 21 1a e1 36 57 e1   .......G..!..6W.
0020  74 00 00 01 0a 0e 6d b8 f3 14 ad aa 44 1b 0c 6d   t.....m.....D..m
0030  ba 90 99 9b c6 07                                 ......



More information about the list mailing list