While this is just supposition, 6347/tcp is just one up from 6346/tcp -
the default port for Gnutella.
Because of the formatting of your post, it's difficult to determine
exactly what's going on. But I'm going to take a stab and say that someone
is running gnutella inside your network and is attempting to share files
out to the 'net.
On Thu, 8 Jun 2000, Dante Mercurio wrote:
> BM_207_245_35_170207.245.35.170
> First Last Type Server Port Protocol Attempts
>
> 06/05/2000 12:49:23 06/05/2000 12:49:44 Denied Packet(s)
> X.X.X.111 6347 tcp 4
> icl192132121_icl_fiicl192132121.icl.fi
> First Last Type Server Port Protocol Attempts
>
> 06/05/2000 18:08:11 06/05/2000 18:08:32 Denied Packet(s)
> X.X.X.111 6347 tcp 4
>
>
> Excerpt from my log. I have received many attempts at this port, and from
> many different systems, all to one server. I have searched the well known
> port lists, and trojan port lists, and the web and can find no mention of
> this port. I would like to know what this port is servicing, and if
> possible, have the web site this info is on to add to my port lists to
> search before posting.
>
> --Dante
>
--
-Brian James Macke, CISSP bmacke_at_lucent.com
Network Systems Security Engineer Lucent Technologies
"In order to get that which you wish for, you must first get that which
builds it." -- Unknown
Received on Jun 10 2000
Intro
