Port 1214 - Is It Used For A Specific Purpose?

From: Drew Tomlinson (drew@mykitchentable.net)
Date: 11/25/01 

From: "Drew Tomlinson" <drew@mykitchentable.net>
To: <freebsd-security@freebsd.org>
Date: Sun, 25 Nov 2001 07:08:33 -0800

I was looking over my firewall logs this morning and noticed that there
are many attempts to connect to TCP port 1214 from different addresses.
I've searched the web but found no specific mention of any standard
purpose for this port. I suppose this is some sort of scan but was just
wondering if anyone knows exactly what this is?

I included a snip of my log from two complete attempts. It's probably
more than is needed but I thought maybe someone might see a pattern that
I'm missing.

Thanks,

Drew

P.S. 192.168.10.2 is my outside interface to my firewall. I know it is
a private address but it's OK as my ADSL modem/router gets a public
address from my ISP via DHCP and performs NAT for the rest of my
machines.

> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1

> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Connection to TCP port 1197?
    ... > Does anyone know what TCP port 1197 is supposed to do? ... My firewall logs are ... hp-webadmin 1188/tcp HP Web Admin ...
    (comp.security.firewalls)
  • Re: Port 1214 - Is It Used For A Specific Purpose?
    ... came up when I did a little searching. ... >I was looking over my firewall logs this morning and noticed that there ... >are many attempts to connect to TCP port 1214 from different addresses. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Port 1214 - Is It Used For A Specific Purpose?
    ... > I was looking over my firewall logs this morning and noticed that there ... > are many attempts to connect to TCP port 1214 from different addresses. ... FreeBSD: The Power To Serve - http://www.FreeBSD.org ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Remote Desktop connecttion
    ... private ip address of the host computer and it times out on the connection... ... Al Jarvi (MS-MVP Windows Networking) ... Check the windows firewall or any other software firewall you may be running on the PC to make sure TCP Port 3389 is open. ... Again, when calling the home PC from a remote location like work, a friends house, etc use the *public IP* of the router. ...
    (microsoft.public.windowsxp.network_web)
  • Re: How to know which channel the client used
    ... I'd like to prevent access to some hosted object to only one TCP port. ... have a private one not be accessible outwards, ... > Hi Greg, ...
    (microsoft.public.dotnet.framework.remoting)
Quantcast