peteoutside at yahoo.com
Tue May 17 15:09:14 GMT 2005
Let me just add that this is a perfect reason why the Ports & Protocols Wiki is a great idea! :)
John, be sure to head over to http://en.wikibooks.org/wiki/Networking:Ports_and_Protocols
with your packet-capture results :)
John Gordon <jwg at sinewave.com> wrote:
OK, newbie here way in over his head....
GOAL: find out what the heck rfx-lm is and, more
importantly, what is does with port 1497.
(Joined this list to try find this out.)
I ran a packet monitor on a client's PCs after they
complained about lan traffic even with no obvious open apps.
1497 is in heavy use. Worry about evil using port 1497 even
though PCs show clean even scanning for rootkits. Thought
maybe 1497 traffic was related to a Maxtor network hd, but
Maxtor support only listed another port they use (4301 or
thereabouts) for firewall pinhole purposes. Packet
monitor's destination IPs for packet 1497 is another PCs in
Google, clusty.com, wikipedia et al. basically describe port
1497 this way:
rfx-lm 1497 tcp rfx-lm
rfx-lm 1497 udp rfx-lm
And I searched high, low and sideways for "rfx-lm" and "rfx"
and only found circular descriptions with port 1497 (e.g.,
"rfx-lm uses port 1497" and "1497 is used by rfx-lm").
Drove me batty, these Alice-in-Wonderland TLA Descriptions!
("ATD," btw, and the longer "AIW TLA Descriptions.") There's
too much AIW out there.
Microsoft.com's KB lists RFX
as "Record Field Exchange"
with lots of blather about it's use in C++ without
mentioning port 1497 (or at least I couldn't find it).
"Visual C++ Concepts: Adding Functionality
Record Field Exchange: How RFX Works
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Use Yahoo! to plan a weekend, have fun online & more. Check it out!
More information about the list