Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: TCP/UDP Port Activity - Internet Security | DShield TCP/UDP Port Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp eDonkey2000 eDonkey2000 Server Default Port
[get complete service list]
User Comments
Submitted By Date
Comment
Ulrich Weber 2009-10-04 18:45:22
Meanwhile, port 4662 TCP has raised to the most probed one in my FW-Logs so that I've decided not to log it anymore because the log's getting too huge in a short time. The frequency of scans for port 4662 TCP seems to be strongly depending on the IP adress I got. I observed that ending the connection and establishing it again only a few seconds later getting a new IP will sometimes also end the scans. So I think these scans are coming from edonkey clients looking for a "died" server they knew before?
Rémi Denis-Courmont 2009-10-04 18:45:22
Stefan Esser found a remote "double free"-like vulnerability, which he reports to be remotely exploitable, on the following open-source eDonkey-compatible clients: eMule (Windows) and its ports to Unix platforms, xMule and Lmule. The original advisory may be found here: http://security.e-matters.de/advisories/022003.html
Chris Dickens 2004-01-15 23:03:48
The eMule software was recently featured in a television program known as The Screen Savers on TechTV. The increased activity might be attributed to a sudden influx of new users to this Peer-To-Peer network.
Johannes Ullrich 2003-01-28 19:00:13
This port is frequently used by P2P file sharing applications. If you are using a dynamic IP address, you are likely hit on this port by P2P afterglow. This afterglow is caused by prior use of your IP address for P2P file sharing, as the original P2P host has now disconnected, the peers it talked to still try to connect back.
Bob A. Schelfhout Aubertijn 2002-11-29 17:57:35
Kurt Seifried, explains on his page http://www.seifried.org/security/ports/4000/4662.html that Port 4662 is used by Edonkey2000. It is a peer to peer file sharing service similar to Kazaa or Napster. have seen probes for 4662 in my logs but in the EU it is not that common, to the best of my knowledge. Give Kurt credit for the details. ;-)
Add a comment
CVE Links
CVE # Description