Re: Port 6346 scans ?

To: "Eric G. Miller" <egm2@jps.net>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: Port 6346 scans ?
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
Date: Tue, 24 Jul 2001 00:21:13 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.33.0107240019250.25571-100000@tux.creighton.edu>
In-reply-to: <[🔎] 20010723215706.B849@calico.local>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A long time ago, in a galaxy far, far way, someone said...

> I have a large supply of connection attempts to port 6346?  Anybody have
> a clue about these? DOS attack (several per second)?  Or some other
> 'sploit?  I couldn't find any reference to this port via CERT.
>
> (seems whomever has given up for now...)

TCP port 6346 is used by the Gnutella person-to-person file sharing
software.  The most likely reasons why you're getting these connections
would be:
 * Someone who once had your IP number ran Gnutella
 * Someone mistyped an IP number in their Gnutella client

Whether you want to call it a DoS attack is up to you :)

- -- 
- ----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine

iD4DBQE7XQXV/ZTSZFDeHPwRAgD4AJdBVdbrVLQV2hJAPOSCr2KwHQcqAJ9/2E4S
NWD7Lt4TAbx3lskmq6fa+Q==
=hbgQ
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Port 6346 scans ?
  - From: "Eric G. Miller" <egm2@jps.net>

References:
- Port 6346 scans ?
  - From: "Eric G. Miller" <egm2@jps.net>

Prev by Date: Re: killing dead cdrecord processes
Next by Date: Re: TOT Re: Optimizing potato
Previous by thread: Port 6346 scans ?
Next by thread: Re: Port 6346 scans ?
Index(es):
- Date
- Thread