[Dshield] Port 43919???

jayjwa jayjwa at atr2.ath.cx
Fri Jan 23 19:32:43 GMT 2004



On Thu, 22 Jan 2004, Crowley, C. wrote:

> What the dickens is hitting just ONE of my customers on port 43919, hundreds of
> packets all day and night, all like this (below). QRST is the IP of the
> customer.
>
> The only references I get when I Google on "port 43919" is where I asked about
> it at Broadband Reports! And didn't get any answers to speak of.
>
> 45 00 00 30 ** ** 40 00 ** 06 ** ** ** ** ** ** QQ RR SS TT ** ** AB 8F ** ** **
> ** 00 00 00 00 70 02 ** ** ** ** 00 00 02 04 05 64 01 01 04 02

I'll give you a reply, but unfortunately it doesn't explain much. Now
and again, I'll get a ton of packets sent to an odd port or a host
attempting to connect some place that isn't a known spot for even trojans.
I think everybody does, at some point, if they happen to be looking.
Today it was this port (see attachment) that was the "focal point".
Nothing in Google that was related. There could be many reasons that one
odd-ball port would be getting hit: a hung app on someone else's machine
may be caught in a loop, someone might not know what they were doing,
attempted to connect to a website and instead keeps bouncing of your
firewall, bored kids playing around with some toy or scritp they
downloaded from someplace, etc. As long as it stops after awhile and
there's nothing more involving the sending host, I usually put it out of
mind.

[jayjwa]RLF#37


-------------- next part --------------
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=14286 DF PROTO=TCP SPT=3691 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=13267 DF PROTO=TCP SPT=3872 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=44247 DF PROTO=TCP SPT=4041 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=14300 DF PROTO=TCP SPT=4192 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=16352 DF PROTO=TCP SPT=4344 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=45284 DF PROTO=TCP SPT=4515 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=47596 DF PROTO=TCP SPT=4825 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=47856 DF PROTO=TCP SPT=4972 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=45300 DF PROTO=TCP SPT=1159 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=57084 DF PROTO=TCP SPT=1467 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=7681 DF PROTO=TCP SPT=1586 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=35333 DF PROTO=TCP SPT=1749 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=42505 DF PROTO=TCP SPT=1910 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=7950 DF PROTO=TCP SPT=2076 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=35090 DF PROTO=TCP SPT=2230 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=62998 DF PROTO=TCP SPT=2398 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=46619 DF PROTO=TCP SPT=2555 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=38435 DF PROTO=TCP SPT=2885 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=20776 DF PROTO=TCP SPT=3055 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=40748 DF PROTO=TCP SPT=3221 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=13105 DF PROTO=TCP SPT=3394 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=31029 DF PROTO=TCP SPT=3557 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=41530 DF PROTO=TCP SPT=3756 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=51262 DF PROTO=TCP SPT=3910 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=835 DF PROTO=TCP SPT=4064 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=24647 DF PROTO=TCP SPT=4227 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=48971 DF PROTO=TCP SPT=4391 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=34895 DF PROTO=TCP SPT=4539 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=58195 DF PROTO=TCP SPT=4699 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=55639 DF PROTO=TCP SPT=4854 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=41051 DF PROTO=TCP SPT=1025 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=14945 DF PROTO=TCP SPT=1229 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=43877 DF PROTO=TCP SPT=1380 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=32874 DF PROTO=TCP SPT=1554 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=56686 DF PROTO=TCP SPT=1714 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=18547 DF PROTO=TCP SPT=1875 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=56439 DF PROTO=TCP SPT=2001 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=43386 DF PROTO=TCP SPT=2165 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=60538 DF PROTO=TCP SPT=2165 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=33915 DF PROTO=TCP SPT=2165 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=34428 DF PROTO=TCP SPT=2165 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=50813 DF PROTO=TCP SPT=2274 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=3710 DF PROTO=TCP SPT=2274 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=30590 DF PROTO=TCP SPT=2274 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=22399 DF PROTO=TCP SPT=2274 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=49539 DF PROTO=TCP SPT=2486 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=64643 DF PROTO=TCP SPT=2486 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=23684 DF PROTO=TCP SPT=2486 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 
Blocked hosts violation: IN=ppp0 OUT= MAC= SRC=142.204.87.71 DST=64.179.12.45 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=9605 DF PROTO=TCP SPT=2486 DPT=28201 WINDOW=8192 RES=0x00 SYN URGP=0 


More information about the list mailing list