Greetings,

Destination port 6700 and 6688 are common napster ports. Any possible way
you were running a napster client?

-----Original Message-----
From: Spookah . [mailto:k_linerHOTMAIL.COM]
Sent: Tuesday, May 01, 2001 7:58 PM
To: INCIDENTSSECURITYFOCUS.COM
Subject: Strange Activity

While remotly connected to my home machine, I noticed alot of lag. I
executed a 'netstat -a' which showed me nothing out of the ordinary. But
when I started tcpdump I saw traffic which I could not account for.

Here is a snip of my tcpdump log..
Key: x.x.x.x = my ip

16:26:14.957566 24.109.6.174.6700 > x.x.x.x.63781: tcp 0 (DF)
16:26:14.958509 x.x.x.x.63781 > 24.109.6.174.6700: tcp 1460 (DF)
16:26:14.959240 x.x.x.x.63781 > 24.109.6.174.6700: tcp 588 (DF)
16:26:15.155428 24.109.6.174.6700 > x.x.x.x.63781: tcp 0 (DF)
16:26:15.156308 x.x.x.x.63781 > 24.109.6.174.6700: tcp 1460 (DF)
16:26:15.157046 x.x.x.x.63781 > 24.109.6.174.6700: tcp 588 (DF)
16:26:15.242682 172.150.125.247.6688 > x.x.x.x.63783: tcp 0 (DF)
16:26:15.286571 172.174.174.84.6700 > x.x.x.x.63780: tcp 0 (DF)
16:26:15.443723 172.150.125.247.6688 > x.x.x.x.63783: tcp 0 (DF)
16:26:15.448809 x.x.x.x.63783 > 172.150.125.247.6688: tcp 1360 (DF)
16:26:15.449510 x.x.x.x.63783 > 172.150.125.247.6688: tcp 688 (DF)
16:26:15.479993 172.174.174.84.6700 > x.x.x.x.63780: tcp 0 (DF)
16:26:15.485314 x.x.x.x.63780 > 172.174.174.84.6700: tcp 1360 (DF)

I was unable to capture any of the packets, and a nmap of my machine showed
no unusual ports open. Anyone have any ideas on what this could have been?

Thanks in advance,
Spookah
Network Technician
Linux Administrator
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]