[ubuntu-uk] Ktorrent, firewall and blocked connections

alan c aeclist at candt.waitrose.com
Wed Mar 28 23:47:53 BST 2007 

Neil Greenwood wrote:
> On 28/03/07, alan c <aeclist at candt.waitrose.com> wrote:
>> I am mystified though about the service names (and associated ports)
>> at the time. For example one was Gatecrasher (service name) and this
>> was trying to go out on port 6969 and google indicates this is a
>> (windows) trojan.
> 
> Hi Alan,
> 
> I can't answer your question about the blocked connections on the firewall.
> 
> 
> Regarding the mystery service names: for something like BitTorrent or
> FTP (yes I know you're not using it, but the same argument applies)
> that opens multiple connections, the local port number that is opened
> will quite probably flag up as something that is registered to a high
> number. Service names are mainly for listening ports.
> 
> It doesn't actually mean that you have a trojan - it's unlikely unless
> you've managed to infect a Wine installation with one!
> 
> You might be able to identify the connection more reliably using
> something like Wireshark (formerly known as ethereal), which looks at
> the traffic passing over the connection rather than just looking for
> the port number.
> 
> 
> Hopefully, I've put your mind at rest. If you're still confused, let
> me know and I'll try to clear it up further.

thanks Neil. The fact that these are being blocked by the firewall is 
basically reassuring (!)
I do not run wine, wanting to get a best distance from winworld.

Service names being mainly listening ports - useful thanks. So I guess 
that for some reason, activity associated with ktorrent, which I see 
is getting connected very properly via its allocated port/s 6881 or 
6882 it seems that something, maybe ktorrent, is causing outbound 
(attempts?) listening on some occasions. The blocked connections have 
various port numbers.

a selection is:

port		service
13086		unknown
16545		unknown
30169		unknown
4550		unknown
32882		Sun-RPC Portmap
5866		unknown
512		 exec
50505		Sockets de Troi
6969		Gatecrasher

the final three look suspicious (from google responses), I have no 
idea about the others.

Maybe if I could find the reasons I could patent it and M$ would buy 
the patent from me for a large sum?? :-)
-- 
alan cocks
Kubuntu user#10391

More information about the ubuntu-uk mailing list