On 14 April 2010 21:40, Alex Scotton alex.scotton@gmail.com wrote:
Excuse my ignorance, but isn't 53622 the default port for bittorrent?
Google results for "53622 bittorrent port" return nothing of significance.
21:14:22.990731 IP dataman1.home.net.53662 > 229.185.249.62.customer.cdi.no.3625: UDP, length 33
21:14:22.990768 IP dataman1.home.net.53662 > c-71-192-110-50.hsd1.ma.comcast.net.16876: UDP, length 32
21:14:23.083431 IP 229.185.249.62.customer.cdi.no.3625 > dataman1.home.net.53662: UDP, length 18
21:14:23.135477 IP c-71-192-110-50.hsd1.ma.comcast.net.16876 > dataman1.home.net.53662: UDP, length 19
these all look like connections to residential broadband peeps.... so leads to the conclusion of bittorrent too
Or they could be zombie machines part of a botnet.
Can you decode the data in the packets? (perhaps use -X option for tcpdump)
Allegedly udp/tcp 3625 is "Volley", whatever that is.
http://www.sharkyforums.com/showthread.php?t=214101 suggests you are not alone, though that's a very old thread.
I think I might have hit one reference to Toredo (UDP tunnel broker) for one of the ports in your logs.
Good luck.
Srdjan