[unisog] Windows 2000 break-ins

Robert Dormer rdormer at pobox.upenn.edu
Fri Sep 6 16:38:31 GMT 2002

At 09:23 AM 9/6/2002 -0400, you wrote:
>A quick question reguarding XDCC traffic. What port(s) are typicaly used 
>for XDCC
>And we have noticed a sudden(rather large) jump in out incoming prot 80 
>traffic (top 10 users are using 40%+  of our resnets bandwidth. Does 
>anyone know of something new on port 80 that is a bandwidth hog(prehaps a 
>new P2P)

This sounds like plain old Gnutella.  Gnutella proper is just the search 
protocol.  File downloads that are initiated by
Gnutella are done using HTTP over port 80 (GET and RANGE requests).

Robert Dormer

Information Security - University of Pennsylvania
phone: (215) 573 - 4574
email: rdormer at isc.upenn.edu
security: security at isc.upenn.edu

More information about the unisog mailing list