Ports 6346 and 1434 TCP and UDP

TheMSsForum.com: The Microsoft Software Forum

HI,

Is anyone else getting a lot of hits on 6346 and 1434 in both TCP and UDP ?

1434 is ms_sql-m but what use is 6346 for ?

Kevin
Top

Re: Ports 6346 and 1434 TCP and UDP by Tom

Tom
Sun Jul 31 12:27:42 CDT 2005

Port 6346 is typically associated with the p2p file sharing protocol
Gnutella. Probably the reason you're getting probed is because the previous
user of your current IP was hosting a Gnutella server. Gnutella clients tend
to cache server IP addresses for a long time so now they think YOU have the
content they want.

The best response to this behavior is either ignore it, or better yet, force
an IP address change until you get an IP that doesn't have a history
associated with it.

Tom
"!:?)" <No@Spam.Com> wrote in message
news:eGhqc8elFHA.3144@TK2MSFTNGP12.phx.gbl...
| HI,
|
| Is anyone else getting a lot of hits on 6346 and 1434 in both TCP and UDP
?
|
| 1434 is ms_sql-m but what use is 6346 for ?
|
| Kevin


Top

Re: Ports 6346 and 1434 TCP and UDP by No

No
Sun Jul 31 21:36:46 CDT 2005

Hi Tom,

That's right, I forgot about that.

I cleaned up my Firewall Rules and removed some Dead Wood Rules I
thought I didn't need.
Seems I should have kept that one so it didn't fill my Log.

Thanks for the help.

Kevin


Top

Re: Ports 6346 and 1434 TCP and UDP by No

No
Sun Jul 31 21:53:34 CDT 2005

Hi Tom.

I have another Question about other Ports that are hit often and as I
was sending the First Reply I got hit again that reminded me to ask.
Ports 80, 1434 and 1433.

Of course I also get the TCP and UDP on 1025-1030 I think are part of
Windows Messaging that I don't use and should sut off the Logging.

Rule "@ Default Hack Block HTTP Port 80 TCP" blocked (compaq,http).
Details:
Inbound TCP connection
Local address,service is (compaq,http)
Remote address,service is (172.158.167.56,2228)
Process name is "N/A"

Rule "@ Default Hack Block HTTP Port 80 TCP" blocked (compaq,http).
Details:
Inbound TCP connection
Local address,service is (compaq,http)
Remote address,service is (172.158.129.6,1743)
Process name is "N/A"

Rule "& Default Block ms_sql-m UDP Port 1434" blocked (compaq,ms_sql-m).
Details:
Inbound UDP packet
Local address,service is (compaq,ms_sql-m)
Remote address,service is (219.153.14.94,kpop)
Process name is "N/A"

Rule "# Default Trojan Block HelloBufferOverflowAttack TCP Port 1433"
blocked (compaq,ms-sql-s). Details:
Inbound TCP connection
Local address,service is (compaq,ms-sql-s)
Remote address,service is (221.186.124.70,53349)
Process name is "N/A"

Thanks Tom for your help.

Kevin

Top

Re: Ports 6346 and 1434 TCP and UDP by No

No
Sun Jul 31 22:10:29 CDT 2005


Hi Tom.

I forgot to add I have Netscape for an ISP and is owned by AOL but I
don't understand why I'm seeing so many hits on Port 80.

Even without any Browsers open.
(I use Netscape's Browser Netscape 7.2)

Many are AOL Users but just as many are not and have traced them to
China, Korea, Uk, AU, BR, US, and more.

I was seeing AOL Servers hitting me as well but I think Norm Miller
helped me find it may be connected to Windows Update.

Kevin

Top