[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-users] netbus/subseven traffic from mldonkey?
From: |
Robert |
Subject: |
[Mldonkey-users] netbus/subseven traffic from mldonkey? |
Date: |
Tue, 19 Nov 2002 18:54:29 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003 |
I decided to give mldonkey a little spin recently, and being the
paranoid type, was watching carefully for anything funny going on --
Caught some strange activity on the firewall and via netstat. Nothing
in Ethereal, however -- I'm guessing because it never went out on the
interface. Shame, I'd be curious to know what the transmission contained.
I got my binary from http://savannah.nongnu.org/download/mldonkey/stable/
I'm not a security expert. Can anyone suitably explain this?
Relevant Output from netstat -a -p -t -c:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 1 MY-ADDRESS:35447 211.101.179.254:1234 SYN_SENT 2307/mldonkey
Relevant Firewall Log Entries:
time:Nov 19 17:48:03 in: out:eth0 port:1234 source:MY-ADDRESS
dest:211.101.179.254 len:44 tos:0x00 protocol:tcp service:subseven
time:Nov 19 17:47:13 in: out:eth0 port:12345 source:MY-ADDRESS
dest:216.40.249.38 len:44 tos:0x00 protocol:tcp service:netbus
--
You are in a twisty maze of passageways, all alike.
- [Mldonkey-users] netbus/subseven traffic from mldonkey?,
Robert <=