RE: Traffic on UDP 1815

From: Sahr, Kenneth (ksahr@fiwc.navy.mil)
Date: 02/12/03

  • Next message: Mark E. Donaldson: "RE: Traffic on UDP 1815"
    Date: Wed, 12 Feb 2003 08:14:27 -0500
    From: "Sahr, Kenneth" <ksahr@fiwc.navy.mil>
    To: "Mark E. Donaldson" <markee@ridgecrest.ca.us>
    
    

    Actually, I was able to determine it's source late last night..It turns out that P2P software Kazaa was causing the connections to come back, I can't imagine what it uses UDP 1815 for, however, as I blocked all incoming queries to that port and was still able to search and download files..while doing so I saw many packets attempt to come in on the suspect port, but all were dropped by my firewall. Like I said, not sure why this traffic was occuring, but at least I know what was causing it.. Thanks everyone for your answers.

    KS

    -----Original Message-----
    From: Mark E. Donaldson [mailto:markee@ridgecrest.ca.us]
    Sent: Tuesday, February 11, 2003 11:51 PM
    To: Sahr, Kenneth; incidents@securityfocus.com
    Subject: RE: Traffic on UDP 1815

    It appears MMPFT is the acronym for "Multimedia Portables For Teachers".
    Not a heavily used service I would think. You say you these packets are
    coming to your home machine. Can we assume this is a dynamic IP connection
    and perhaps the packets are intended for the user assigned that IP from an
    earlier time? Unfortunately, UDP provides few clues and it is often hard to
    draw any conclusion unless full payload captures are available.

    -----Original Message-----
    From: Sahr, Kenneth [mailto:ksahr@fiwc.navy.mil]
    Sent: Tuesday, February 11, 2003 7:21 AM
    To: incidents@securityfocus.com
    Subject: Traffic on UDP 1815

    Hi all, longtime lurker, first time poster to this forum. I've been seeing
    a lot of traffic on my home Win2K pro machine lately from random IP's/high
    numbered source ports to UDP 1815, which is registered as "MMPFT"..this is
    all the information I can gather on it though..anybody have any insight into
    what this might be? I'm hoping someone's seen it before.. I also checked,
    there is no initial packets sent out from my machine to any of these source
    IP's..so I don't suspect any kind of callback, and I don't really expect any
    sort of intrusion at all..just curious as to what this service is..

    Thanks in advance for any replies

    K Sahr

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com



    Relevant Pages

    • Re: UPD better than TCP in streaming video/audio ?
      ... > UDP gains speed over TCP because it carries no information that would ... it doesn't even know that packets were lost. ... which is perfect for UDP. ... > Finally, there's the possibility of multicast data - for instance, a live ...
      (microsoft.public.win32.programmer.networks)
    • Re: Linux equivalent for ioctlsocket(FIONREAD) on datagram sockets
      ... Imagine that fast CPU sends a burst of UDP ... spirit of UDP standard should do in that particular case? ... blocking a clling thread until the NIC hardware ... reads one or more packets from socket's send buffer freeing up space ...
      (comp.os.linux.development.apps)
    • Re: NTP and Firewall help needed.
      ... >>port 123 for udp and tcp. ... The action here is applied for packets that fall off ... > - ACCEPT any and all traffic coming from the localhost interface ...
      (comp.os.linux.setup)
    • Re: Possible bug in .Net 2.0 udp sockets?
      ... You won't miss any UDP packets with a buffer that large! ... R> I called BeginReceiveFrom() several times on purpose, ... If you don't do that, indeed, UDP stack can drop packets. ... it stores it in the queue. ...
      (microsoft.public.dotnet.framework)
    • Re: UDP vs TCP
      ... I understand that UDP doesn't guarantee proper delivery of the message, that's why we have to add the CRC to the message to check if the message received is correct. ... TCP for instance will break up a large packet into smaller ... > into the packets and then the receiving app would have to read ...
      (microsoft.public.vb.enterprise)