FW: [Dshield] Activity on port 3110, mostly udp with occasional tcp

Ed Truitt ed.truitt at etee2k.net
Thu Jun 12 23:31:12 GMT 2003

I haven't seen any of this traffic.  However, if you are still getting
it, why not put up a sniffer and capture some packets?

I did find something on Google - an administrators guide that indicates
this may be related to some form of remote-control software tied in with
NetMeeting (possibly NM's own remote desktop control feature?)

On Thu, 2003-06-12 at 16:22, Brad Morgan wrote:
> I'd guess from the lack of response that I'm the only one on this list
> that's being hit by this traffic.  
> I've searched with Google and scanned a couple of anti-virus sites but I can
> find nothing that might help me identify what is causing this traffic.
> Can anyone on this list provide me with some pointers on where to look for
> more information?
> Thanks,
> Brad Morgan
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of Brad Morgan
> Sent: Tuesday, June 10, 2003 4:12 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] Activity on port 3110, mostly udp with occasional tcp
> I'm seeing a massive amount of attempts to UDP port 3110 (occasionally its
> TCP traffic).  My daily activity has been around 500 packets per day but
> over the last 3 full days I've seen 1000, 1200, and 1700 packets the
> difference all being this 3110 traffic.
> All I've been able to find about this port is the common name of sim-control
> with a service description of simulator control port.
> The Internet Storm Center (graph attached) shows a corresponding spike on
> this port but I haven't found any additional information about what this
> might be?  Anyone here have any information?
> Regards,
> Brad Morgan
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list