On Fri, Jun 28, 2002 at 05:56:40AM -0500, Bud Rogers wrote: > I got more than 27000 of these last night between 8:00 and 9:00, coming > from 1371 different source IP's, all to destination port 28001. What's > so interesting about that port? > > Jun 27 20:02:02 twocups kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= > MAC= SRC=64.228.91.172 DST=207.3.88.229 LEN=36 TOS=0x00 PREC=0x00 > TTL=116 ID=34319 PROTO=UDP SPT=2437 DPT=28001 LEN=16 There is a multiplayer networked video game that communicates on that port. I suspect that at some point somebody else had your IP address and ran a dedicated server that is entered in some database somewhere. The packets you saw were probably people running a client that tries to connect to a list of known databases to get a list of running games and stuff. Here's some more info about the game. http://www.codebear.com/cato/faq.htm I was able to find many pages mentioning port 28001 and UDP with a quick google search. The traffic was probably not malicious at all. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpzyYAmngCVc.pgp
Description: PGP signature