-
January 2nd, 2006, 02:16 PM
#1
Really wiered. Really
Greeting's
I'm posting this tread in a hurry so forgive any typo's. But port 6881 (unassigned) has been attacked almost 600 time's in last 3 minute's and all IP are from 61-86 and 151-211 range I have never seen this i have called up 2 of my friends who manage a server they are also facing the same problem. I have checked the SANS internet thread level which is still yellow (they started the year off in that level) and symantec's Threatcon which is also yellow. Also most number of ports attacked at ISC shows 6881 is the default port used by Bittorrent.
Anyone having the same problem ?
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
January 2nd, 2006, 02:35 PM
#2
Hi there ByTeWrangler ,
No sign of it here, just the usual crap from within my ISP address block for the most part 86-128-xxx-xxx
Cheers
-
January 2nd, 2006, 02:46 PM
#3
...relax, ports 6881-6889 are bittorrent ports. Some PCs out there is looking for a download.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
January 2nd, 2006, 02:53 PM
#4
Have you used bittorrent from that box recently of has your IP address changed recently?
Usually this is the result of file sharing activity or your IP address changing to that which someone else recent;y used for filesharing.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 2nd, 2006, 04:32 PM
#5
Greeting's
Sorry guys i did not wish everyone of you A very happy, seccessfull and properous new year.
Coming back to the topic I have redgistered almost 8000 scans to that perticular post in last 35 minutes alone, I checked with my ISP but they have no clue. Almost everyone I know of here WAS having the same problem but they stopped sometime ago. I have never USED bittorrent. I dont know what to do I have already added a rule to my firewall (software based) to block that port but almost. the scans are just not stopping. My IP is the same from last 3 days and when I started this thread I asked for my IP to be changed but the problem continues.. Anyway Ill keep you guys updated....
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
January 2nd, 2006, 05:05 PM
#6
Hey Hey,
Are you on a connection shared through a router with other people??? Are one of them running Bit Torrent?
I have a machine on the DMZ of the router and a roommate was running BitTorrent... because the connections aren't established by him, the NAT doesn't know how to deal with them properly (or I should say deals with the properly but because of the setup you don't get the desired results)... as a result I get hammered by connection requests for port 6881... It's not uncommon to see.
Why don't you throw on a sniffer and post the results for us... with a packet to dissect we may be able to assist you further in proving or disproving the BitTorrent association.
Peace,
HT
-
January 2nd, 2006, 08:47 PM
#7
Greeting's
Well I went offline for more then 2 hours to check my computer both in normal and in safe mode for any malware. I have found nothing new except "Hacktool.Pwdump" which was first found by Ewido (I should have downloaded this earlier)in a file in my sisters received folder but I think she couldn't install it because I have changed her account's privileges to GUEST (now it strikes me, she was frustrated with the PC saying it just doesn't work. but any ways the fact that it was in received folders means someone sent her that file.)
Anyway besides that everything is fine. Scans have stopped as mysteriously as they started. Once again Happy new year to all and yes I have direct connection to the Internet.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|