Neil Greenwood wrote:
> On 28/03/07, alan c
> <aeclist-MURppvFVPpEgIZxP67a6fdBPR1lH4CV8@xxxxxxxxxxxxxxxx> wrote:
>> I am mystified though about the service names (and associated ports)
>> at the time. For example one was Gatecrasher (service name) and this
>> was trying to go out on port 6969 and google indicates this is a
>> (windows) trojan.
>
> Hi Alan,
>
> I can't answer your question about the blocked connections on the firewall.
>
>
> Regarding the mystery service names: for something like BitTorrent or
> FTP (yes I know you're not using it, but the same argument applies)
> that opens multiple connections, the local port number that is opened
> will quite probably flag up as something that is registered to a high
> number. Service names are mainly for listening ports.
>
> It doesn't actually mean that you have a trojan - it's unlikely unless
> you've managed to infect a Wine installation with one!
>
> You might be able to identify the connection more reliably using
> something like Wireshark (formerly known as ethereal), which looks at
> the traffic passing over the connection rather than just looking for
> the port number.
>
>
> Hopefully, I've put your mind at rest. If you're still confused, let
> me know and I'll try to clear it up further.
thanks Neil. The fact that these are being blocked by the firewall is
basically reassuring (!)
I do not run wine, wanting to get a best distance from winworld.
Service names being mainly listening ports - useful thanks. So I guess
that for some reason, activity associated with ktorrent, which I see
is getting connected very properly via its allocated port/s 6881 or
6882 it seems that something, maybe ktorrent, is causing outbound
(attempts?) listening on some occasions. The blocked connections have
various port numbers.
a selection is:
port service
13086 unknown
16545 unknown
30169 unknown
4550 unknown
32882 Sun-RPC Portmap
5866 unknown
512 exec
50505 Sockets de Troi
6969 Gatecrasher
the final three look suspicious (from google responses), I have no
idea about the others.
Maybe if I could find the reasons I could patent it and M$ would buy
the patent from me for a large sum?? :-)
--
alan cocks
Kubuntu user#10391
|
