[Dshield] port 28082?

Mark Warner warner at neb.com
Thu Oct 9 15:19:12 GMT 2003


I have noticed 10 machines on my network, 5 apples OSX, 5 pcs W2K, all 
connecting to an outside machine.  The traffic the firewall is reporting on 
is all outgoing every machine using a different source port and all the 
same dest. port 28082.
I cant seem to find anything on port 28082 or its use.
the traceroute on the outside machine comes back as: unknown at level3.net
i have contacted abuse at level3 and only have recieved an auto response.
Here is the activity.  Any ideas?

Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri0 from 172.16.1.72:51791 to 63.211.178.99 on unserved port 28082
Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri0 from 172.16.1.72:51792 to 63.211.178.99 on unserved port 28082
Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri0 from 172.16.1.72:51793 to 63.211.178.99 on unserved port 28082
Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri0 from 172.16.1.72:51794 to 63.211.178.99 on unserved port 28082
Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
if=eri0 from 172.16.1.72:51795 to 63.211.178.99 on unserved port 28082
Mark Warner
TelCom/Network Manager
New England BioLabs Inc.
32 Tozer Rd
Beverly MA
01915
978.927.5054 Ext. 407 Office
978.921.1350 Fax
warner at neb.com



More information about the list mailing list