The situation here is, traffic on the two ports exists continuously. The total load on our egree link sums up to around 3Gbps (max) and 1.6Gbps(min). If both of the traffic is from P2P application, what is it? rebust file transmission over UDP? thanks --- Vulnerability Management <vulnerability@messagelabs.com> wrote:
Hi Joe,
Joe Shen wrote:
Hi,
Using netflow based monitor tool, I noticed there is a lot of traffic on 8094/UDP and 4662/TCP( both exceed 1Gbps, and exist all the time)
What application use that port? Is there any P2P application use UDP as transportation protocol?
Yes - eDonkey - it's listed on Dshield's "most scanned ports":
http://dshield.org/port_report.php?port=4662
Nothing listed for 8094
http://dshield.org/port_report.php?port=8094
but they do show a big spike in scans of this port a couple of days ago. Perhaps one of the recent MS worms calls home on this port? UDP, though... odd!
\a
Andrew Simmons Messagelabs Security
thanks in advance.
Joe
-- "Only the paranoid survive." - Andy Grove (Intel)
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
__________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic