[Dshield] port 28082?

John Hardin johnh at aproposretail.com
Thu Oct 9 15:43:23 GMT 2003


On Thu, 2003-10-09 at 08:19, Mark Warner wrote:
> I have noticed 10 machines on my network, 5 apples OSX, 5 pcs W2K, all 
> connecting to an outside machine.  The traffic the firewall is reporting on 
> is all outgoing every machine using a different source port and all the 
> same dest. port 28082.
> I cant seem to find anything on port 28082 or its use.

> Oct  8 10:56:43 seq.neb.com gfw: [ID 702911 kern.info] securityalert: tcp 
> if=eri0 from 172.16.1.72:51791 to 63.211.178.99 on unserved port 28082

If it was UDP I would definitely say some sort of game, as 280xx is
plausible for the common port ranges used by several games (Axis and
Allies, perhaps?). It might be those people are all playing a game on
the same server.

The fact that it's TCP makes gaming less likely, but not impossible.

See if you can identify the machines, and see if a game is installed.



--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 27 days until Matrix Revolutions




More information about the list mailing list