[Dshield] Port question
tony.carothers at lifestreamtech.com
Thu Aug 16 22:15:14 GMT 2001
This sounds very similar to a COM+ Application, they typically use ports >
From: Jonathan G. Lampe [mailto:jonathan at stdnet.com]
Sent: Thursday, August 16, 2001 13:12
To: dshield at dshield.org
Subject: Re: [Dshield] Port question
This might be one of those old stimulus-response puzzles... ports 1033-1035
are in order and close to port 1024. The traffic you see might be the
result of something coming FROM your network, hitting a remote server which
(may/is) not able to return its packets into your network. (An abruptly
terminated connection initiated from within your network could EASILY cause
this kind of traffic.)
The BIG question in this case: What is the source port of these packets?
- Jonathan Lampe, Standard Networks, Inc, 608.227.6100, jonathan at stdnet.com
P.S. You didn't say what kind of router you have or whether the attempts
were TCP/UDP/etc, but I've seen Cisco's with the firewall feature set NOT
report "stimulus" outbound UDP packets which trigger offending "response"
P.P.S. Here's some basic info about the IP... (it's not a hardwired web
Manoa Innovation Center (NET-MIC) MIC 22.214.171.124 -
Digital Island, Inc. (NETBLK-MIC-DIGISLE-D) MIC-DIGISLE-D
Digital Island, Inc. (NETBLK-MIC-DIGISLE-D) 45 Fremont St, Suite 1200 San
Francisco, CA 94105 US Netname: MIC-DIGISLE-D Netblock: 126.96.36.199 -
188.8.131.52 Maintainer: DIIS Coordinator: Digital Island, Inc. 45
Fremont Street (NR-ORG-ARIN) netreg at digisle.net 415.228.4100Fax-
415.228.4141 Record last updated on 31-May-2000. Database last updated on
15-Aug-2001 23:05:40 EDT.
At 12:28 PM 8/16/2001, you wrote:
Lately I've been seeing repeated attempts to reach ports 1033, 1034 and 1035
on my router. They're all coming from 184.108.40.206. What kind of probe is
this? I can't find this port as signifying anything.
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
_______________________________________________ Dshield mailing list
Dshield at dshield.org To change your subscription options (or unsubscribe),
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list