port 6346 - Network

This is a discussion on port 6346 - Network ; Hello, Our firewall has been getting hamered yesterday and today with port 6346 trying to get in. We are blocking this port but I was just wondering if anyone could tell me if they know of any new virus or ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: port 6346

  1. port 6346

    Hello,

    Our firewall has been getting hamered yesterday and today with port 6346
    trying to get in. We are blocking this port but I was just wondering if
    anyone could tell me if they know of any new virus or other reason why this
    may be pounding us all of a sudden.

    Thanks.

    Tim



  2. Re: port 6346

    In the Usenet newsgroup alt.comp.networking.firewalls, in article
    <11bm19lqteuev1e@corp.supernews.com>, Tim wrote:

    >Our firewall has been getting hamered yesterday and today with port 6346
    >trying to get in.


    Yeah, it's pretty common. A search on google would have turned up the
    answer.

    >We are blocking this port but I was just wondering if anyone could tell
    >me if they know of any new virus or other reason why this may be pounding
    >us all of a sudden.


    http://www.iana.org/assignments/port-numbers

    Port numbers can be used for anything, not withstanding the IANA
    registration. The reason you find most DNS servers on port 53 is so
    that they can be found without trying the other 65535 ports on a given
    host. "Standard" services tend to be on port 1024 and below, because in
    a *nix system, these ports are not available to users. Ports above
    1024 are available to any user, meaning you don't need to be 'root' or
    'administrator' to start a service listening on a high port.

    While I've never heard of a malware writer contacting IANA and getting
    an assigned port number, there is no reason that a service on port FOO
    has to be application BAR. None the less, if you look at the web page
    above, you'd discover that port 6346 is normally used by Gnutella,
    BearShare, and LimeWire. Got some songs you want to share?

    Old guy

  3. Re: port 6346


    "Moe Trin" wrote in message
    news:slrndbpcfb.ff7.ibuprofin@compton.phx.az.us...
    > In the Usenet newsgroup alt.comp.networking.firewalls, in article
    > <11bm19lqteuev1e@corp.supernews.com>, Tim wrote:
    >
    > >Our firewall has been getting hamered yesterday and today with port 6346
    > >trying to get in.

    >
    > Yeah, it's pretty common. A search on google would have turned up the
    > answer.
    >
    > >We are blocking this port but I was just wondering if anyone could tell
    > >me if they know of any new virus or other reason why this may be pounding
    > >us all of a sudden.

    >
    > http://www.iana.org/assignments/port-numbers
    >
    > Port numbers can be used for anything, not withstanding the IANA
    > registration. The reason you find most DNS servers on port 53 is so
    > that they can be found without trying the other 65535 ports on a given
    > host. "Standard" services tend to be on port 1024 and below, because in
    > a *nix system, these ports are not available to users. Ports above
    > 1024 are available to any user, meaning you don't need to be 'root' or
    > 'administrator' to start a service listening on a high port.
    >
    > While I've never heard of a malware writer contacting IANA and getting
    > an assigned port number, there is no reason that a service on port FOO
    > has to be application BAR. None the less, if you look at the web page
    > above, you'd discover that port 6346 is normally used by Gnutella,
    > BearShare, and LimeWire. Got some songs you want to share?
    >
    > Old guy


    He probably has a user inside using the app and hence the incoming
    connections to the outside IP on those ports.

    -Russ.



+ Reply to Thread