NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2004-05

RE: Port 3889 Traffic

sk3tchsk3tch.net
Date: Mon May 10 2004 - 11:51:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could be BitTorrent...

http://dessent.net/btfaq/#ports

________________________________

From: Eric Ceradsky [mailto:eric.ceradskysbcglobal.net]
Sent: Fri 5/7/2004 6:01 PM
To: incidentssecurityfocus.com
Subject: Port 3889 Traffic

I've been seeing a lot of port 3889 traffic externally
lately but haven't been able to dig up any known
issues with that port.. Used to be one address and
overnight tis quickly spawned to several. Brazil, US,
UK, etc. Anyone have any ideas?

May 7 17:43:48 DROP <INPUT:DE 195.132.138.140 ->
X.X.X.X 4055:3889/tcp S ppp0
May 7 17:43:54 DROP <INPUT:DE 195.132.138.140 ->
X.X.X.X 4055:3889/tcp S ppp0
May 7 17:45:31 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2402:3889/tcp S ppp0
May 7 17:45:34 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2402:3889/tcp S ppp0
May 7 17:45:40 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2402:3889/tcp S ppp0
May 7 17:45:52 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2402:3889/tcp S ppp0
May 7 17:46:09 DROP <INPUT:DE 12.5.121.129 ->
X.X.X.X 3915:3889/tcp S ppp0
May 7 17:46:10 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2423:3889/tcp S ppp0
May 7 17:46:12 DROP <INPUT:DE 12.5.121.129 ->
X.X.X.X 3915:3889/tcp S ppp0
May 7 17:46:13 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2423:3889/tcp S ppp0
May 7 17:46:18 DROP <INPUT:DE 12.5.121.129 ->
X.X.X.X 3915:3889/tcp S ppp0
May 7 17:46:19 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2423:3889/tcp S ppp0
May 7 17:46:31 DROP <INPUT:DE 66.42.241.168 ->
X.X.X.X 2423:3889/tcp S ppp0
May 7 17:47:01 DROP <INPUT:DE 195.132.138.140 ->
X.X.X.X 4363:3889/tcp S ppp0
May 7 17:47:04 DROP <INPUT:DE 195.132.138.140 ->
X.X.X.X 4363:3889/tcp S ppp0
May 7 17:47:10 DROP <INPUT:DE 195.132.138.140 ->
X.X.X.X 4363:3889/tcp S ppp0

Thanks

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]