Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.

Photo
- - - - -

What in blazes are these ports?


This topic has been archived. This means that you cannot reply to this topic.
7 replies to this topic

#1 of 8 OFFLINE   John_Berger

John_Berger

    Screenwriter



  • 2,489 posts
  • Join Date: Nov 01 2001

Posted May 12 2003 - 04:54 PM

I've been searching the Internet, but I have no idea what these are for. Apparently, they're not common TCP/IP ports.

The other day when the storm came through, the power dropped and my system rebooted. When it did, it got a different DHCP address and my firewall started registering hundreds of hits against port 4667. I searched through the Internet, both web and newsgroups, and found nothing to explain what this port is.

I've also been getting hits against ports 17300 and 6429.

My firewall software doesn't report whether these are TCP or UDP, but I'm curious as hell about what these ports are for, most especially 4667.

Does anyone have any idea?

#2 of 8 OFFLINE   Kevin P

Kevin P

    Screenwriter



  • 1,444 posts
  • Join Date: Jan 18 1999

Posted May 13 2003 - 03:04 AM

No clue on 4667 or 6429, as I've never been scanned on those ports. 4662 is eDonkey (a P2P similar to Kazaa), which is about as close to 4667 as I can find. What firewall are you running? Most of them will tell you if it's TCP or UDP. If there's a protocol number being reported, TCP is 6, and UDP is 17. Also, if these are TCP packets, is the SYN flag set?

TCP 17300 is a scan for a trojan known as "Kuang2" or "Kuang2 The Virus". PCs that are infected with a certain virus (called Kuang2 or W32.Weird) will have this port open, and hackers can upload updated versions of the trojan which allow greater access. I've been getting 40-50 scans on this port daily.

Another common trojan port scan you'll see is TCP 27374, this one is called SubSeven. TCP 445 is a port used for file sharing on Win2K and XP, a lot of worms will scan on this port. TCP 1433 and UDP 1434 are scanned by infected SQL Server boxes, by the Spida or Slammer worms. Port 80 scans are commonly CodeRed.F or Nimda.

KJP

#3 of 8 OFFLINE   John_Berger

John_Berger

    Screenwriter



  • 2,489 posts
  • Join Date: Nov 01 2001

Posted May 13 2003 - 05:32 AM

I'm using a LinkSys router that is sending firewall data to my PC which is running LinkLogger. It unfortunately doesn't give TCP/UDP statistics or SYN flags. I guess that I should set up an SMTP tool on my Sun Blade 100. A nice web-based SMTP monitoring and compilation tool would be sweet, but I haven't gotten around to looking for one yet.

It's been a while since I've gotten scanned for SubSeven, but I'm getting 445, 1433, and 1434 hits just about every 15 minutes if not less.

This is just more proof why I firmly believe that it you have broadband and you don't have a hardware firewall, you fully deserve to be hacked.

#4 of 8 OFFLINE   Ted Lee

Ted Lee

    Lead Actor



  • 8,399 posts
  • Join Date: May 08 2001

Posted May 13 2003 - 08:19 AM

i have NO CLUE john, but just thought i'd say "howdy!" Posted Image
 

#5 of 8 OFFLINE   John_Berger

John_Berger

    Screenwriter



  • 2,489 posts
  • Join Date: Nov 01 2001

Posted May 14 2003 - 03:44 AM

After a long absence, I'm back, much to the dismay of many, I'm sure, but that's their loss. :P)

#6 of 8 OFFLINE   Chad Ellinger

Chad Ellinger

    Second Unit



  • 270 posts
  • Join Date: Jun 18 2000

Posted May 14 2003 - 07:09 AM

4667: Dwyco Video Conferencing or Voice-On-Net (http://www.jlathamsi...uspectPorts.htm)

#7 of 8 OFFLINE   John_Berger

John_Berger

    Screenwriter



  • 2,489 posts
  • Join Date: Nov 01 2001

Posted May 14 2003 - 01:41 PM

That is possible. It looks like Dwyco uses random ports between 1024 and 5000 for file transfers. Unfortunately, a hell of a lot of other programs use random port assignments as well.

This is one mystery that might never be solved. Oh, well.

Hardware firewalls rule. Posted Image

#8 of 8 OFFLINE   Jeff Peake

Jeff Peake

    Supporting Actor



  • 505 posts
  • Join Date: Jul 12 1998

Posted May 15 2003 - 04:51 PM

EDIT: didnt read the reply above that answered this question already.