Neil Greenwood wrote: > On 28/03/07, alan c <[EMAIL PROTECTED]> wrote: >> I am mystified though about the service names (and associated ports) >> at the time. For example one was Gatecrasher (service name) and this >> was trying to go out on port 6969 and google indicates this is a >> (windows) trojan. > > Hi Alan, > > I can't answer your question about the blocked connections on the firewall. > > > Regarding the mystery service names: for something like BitTorrent or > FTP (yes I know you're not using it, but the same argument applies) > that opens multiple connections, the local port number that is opened > will quite probably flag up as something that is registered to a high > number. Service names are mainly for listening ports. > > It doesn't actually mean that you have a trojan - it's unlikely unless > you've managed to infect a Wine installation with one! > > You might be able to identify the connection more reliably using > something like Wireshark (formerly known as ethereal), which looks at > the traffic passing over the connection rather than just looking for > the port number. > > > Hopefully, I've put your mind at rest. If you're still confused, let > me know and I'll try to clear it up further.
thanks Neil. The fact that these are being blocked by the firewall is basically reassuring (!) I do not run wine, wanting to get a best distance from winworld. Service names being mainly listening ports - useful thanks. So I guess that for some reason, activity associated with ktorrent, which I see is getting connected very properly via its allocated port/s 6881 or 6882 it seems that something, maybe ktorrent, is causing outbound (attempts?) listening on some occasions. The blocked connections have various port numbers. a selection is: port service 13086 unknown 16545 unknown 30169 unknown 4550 unknown 32882 Sun-RPC Portmap 5866 unknown 512 exec 50505 Sockets de Troi 6969 Gatecrasher the final three look suspicious (from google responses), I have no idea about the others. Maybe if I could find the reasons I could patent it and M$ would buy the patent from me for a large sum?? :-) -- alan cocks Kubuntu user#10391 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
