port 6346

port 6346

Post by D. Stimit » Sun, 16 Sep 2001 06:49:34



Over the last month or so I've seen more attempts to access port 6346
tcp, and haven't found any attack data on why this port. The main
offender comes back day after day, even though I'm on a dynamic ip (the
entire /16 is completely blocked, it must be a methodical scan). What is
port 6346 as far as possible attacks?

The offending attackers are almost all from a .pl address. The main
offender is:
212.244.204.161
name = bgz-161-cisco.man.polbox.pl


 
 
 

port 6346

Post by Rudolf Polze » Sun, 16 Sep 2001 07:15:39



>  Over the last month or so I've seen more attempts to access port 6346
>  tcp, and haven't found any attack data on why this port. The main
>  offender comes back day after day, even though I'm on a dynamic ip (the
>  entire /16 is completely blocked, it must be a methodical scan). What is
>  port 6346 as far as possible attacks?

>  The offending attackers are almost all from a .pl address. The main
>  offender is:
>  212.244.204.161
>  name = bgz-161-cisco.man.polbox.pl

Just look at http://www.veryComputer.com/ (found by googling for
6346).

--
2.4.5 in drivers/net/sunhme.c(1049):
  Only Sun can take such nice parts and * up the programming interface
  like this.


 
 
 

port 6346

Post by Wojtek Walcz » Sun, 16 Sep 2001 08:35:46


Dnia Fri, 14 Sep 2001 15:49:34 -0600, D. Stimits napisa3(a):
Quote:>Over the last month or so I've seen more attempts to access port 6346
>tcp, and haven't found any attack data on why this port. The main
>offender comes back day after day, even though I'm on a dynamic ip (the
>entire /16 is completely blocked, it must be a methodical scan). What is
>port 6346 as far as possible attacks?

i can't help you here, because i have no idea how to explain
these attepts (have you tried catch packets with eg. snort ?),
but...

Quote:>The offending attackers are almost all from a .pl address. The main
>offender is:
>212.244.204.161
>name = bgz-161-cisco.man.polbox.pl

.pl is Poland, my native country ;)

good job, try to report probes to them (with logs etc.),
they should frighten attacker and he should stop his actions
(admins on polish news groups says it almost always works).
hth...

--
[ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ]
[ gminick (at) hacker.pl ][ ]gminick (at) interia.pl[ ]

 
 
 

port 6346

Post by D. Stimit » Sun, 16 Sep 2001 10:47:50




> >  Over the last month or so I've seen more attempts to access port 6346
> >  tcp, and haven't found any attack data on why this port. The main
> >  offender comes back day after day, even though I'm on a dynamic ip (the
> >  entire /16 is completely blocked, it must be a methodical scan). What is
> >  port 6346 as far as possible attacks?

> >  The offending attackers are almost all from a .pl address. The main
> >  offender is:
> >  212.244.204.161
> >  name = bgz-161-cisco.man.polbox.pl

> Just look at http://www.veryComputer.com/ (found by googling for
> 6346).

> --
> 2.4.5 in drivers/net/sunhme.c(1049):
>   Only Sun can take such nice parts and * up the programming interface
>   like this.


Yes, that explains it. I had forgotten about gnutella, though now I
remember it from prior posts.


 
 
 

1. A night of ipchains denying port 6346 (Gnutella?)

Hi,

Looking through my messages log file on my Linux box and I see ipchains
has been denying connections to my port 6346.  If this had been just one
or two attempts I wouldn't have thought anything of it, but there was
two hours worth at one minute intervals.  The source port address trying
a different port on every attempt (incremental).

It stopped only because BT Internet automatically cut you off after two
hours.

Is this worth looking into?

My IPChains firewall offers simple protection:
No incoming SYN (TCP only)
No access from the Internet to ports below 1024
And a few others to stop tricks such as ipspoofing etc.

Does this offer adequate protection?

BTW could I get pppd and ipchains to dump their logs into a different
log file as this really does bulk up the /var/log/messages log.

Regards

Tim

Please remove the *NOSPAM* from the e-mail address above if you wish to
reply via e-mail.

2. How to insert Carriage Return in a file ?

3. What's on port 6346?

4. Add CD to old 486

5. can opening up port 6346 for gnutella compromise my box?

6. MKLinux on Jazz?

7. A night of ipchains denying port 6346 (Gnutella)

8. Please Ignore This Test

9. Problem adding tty port using 128 Port Async Adapter with 16 port Async Node

10. port forward port 80 to port 8080

11. HELP Port Forwarding on Linux: Dest Port Known, Source Port High (1024-65535)

12. port port port ?

13. Where and how to install non-ported software (non-ported extensions to ports, actually)?